System Security Virus

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

System Security Virus

Post by floodjlc on 2nd July 2009, 5:07 am

I am hoping somebody can help. I have a virus (system security) that I cannot remove. I can no longer get online with my laptop or open any programs. I have followed the instructions on how to remove it with malwarebytes anti malware and it does not work, it is still there after I complete everything and restart the computer. Any help would be great.

floodjlc
Novice
Novice

Posts Posts : 49
Joined Joined : 2009-07-02
OS OS : windows xp
Points Points : 27215
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security Virus

Post by Belahzur on 2nd July 2009, 9:34 am

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System Security Virus

Post by floodjlc on 2nd July 2009, 5:53 pm

Well I ended up getting rid of the virus but now I have a new problem. When I had the virus I could not get online at all. No matter what. I could not even open any windows or anything. The virus is gone so I can open windows and what not but I cant get online now. I looked at my drivers and they are all messed up. The modem driver, network adapters, and sound, video, game controllers are all damaged. I do not know how to fix them......especially since I do not have the recovery disk and I cant go online with the comp. Any sugesstions?

floodjlc
Novice
Novice

Posts Posts : 49
Joined Joined : 2009-07-02
OS OS : windows xp
Points Points : 27215
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security Virus

Post by Origin on 2nd July 2009, 5:56 pm

The virus is probably still there, are you able to run HijackThis?


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security Virus

Post by floodjlc on 2nd July 2009, 5:59 pm

No cause I cant go online to download it.

floodjlc
Novice
Novice

Posts Posts : 49
Joined Joined : 2009-07-02
OS OS : windows xp
Points Points : 27215
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security Virus

Post by floodjlc on 2nd July 2009, 6:00 pm

My modem driver is messed up.

floodjlc
Novice
Novice

Posts Posts : 49
Joined Joined : 2009-07-02
OS OS : windows xp
Points Points : 27215
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security Virus

Post by Origin on 2nd July 2009, 6:01 pm

I see, are you able to download anything from another computer to transfer it to the infected one?


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security Virus

Post by floodjlc on 2nd July 2009, 6:03 pm

Yea I could do that...did not think of that. Would it work if I downloaded it to a external drive? And if I uninstalled the driver could I reinstall it without a disk? Sorry if its a dumb question, I am not that good with computers.

floodjlc
Novice
Novice

Posts Posts : 49
Joined Joined : 2009-07-02
OS OS : windows xp
Points Points : 27215
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security Virus

Post by Origin on 2nd July 2009, 6:07 pm

Yes you can, you can reinstall it without a disk if you have the driver itself. Please download HijackThis from your non infected computer and transfer it to the infected one.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security Virus

Post by floodjlc on 2nd July 2009, 7:11 pm

Ok, I got back online....downloaded the program recommended. And anytime I open it instantly closes.

floodjlc
Novice
Novice

Posts Posts : 49
Joined Joined : 2009-07-02
OS OS : windows xp
Points Points : 27215
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security Virus

Post by Origin on 2nd July 2009, 7:15 pm

can you rename HijackThis to something like flowers.exe and then see if it runs?


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security Virus

Post by floodjlc on 2nd July 2009, 7:25 pm

Does not work....I renamed the desktop installer and it did the same thing.

floodjlc
Novice
Novice

Posts Posts : 49
Joined Joined : 2009-07-02
OS OS : windows xp
Points Points : 27215
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security Virus

Post by Origin on 2nd July 2009, 7:31 pm

I see, please do the following:

Please download Ice Sword from [You must be registered and logged in to see this link.]

  1. Download the zip to your desktop and extract it.
  2. Open the Ice Sword folder and then launch IceSword.exe.
  3. Then look in the left hand bottom of the program and press "Registry"
  4. When the registry list opens, drag the line between the two windows so you can see which registry hive you need.
  5. Next, open the HKEY_LOCAL_MACHINE, and navigate to the following key:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\fake-key


  6. Once you find that key, right click the key and press "Delete"
  7. Okay the prompt and close IceSword.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security Virus

Post by floodjlc on 2nd July 2009, 7:46 pm

When I open up the windows folder there is no fake-key.....all I have under windows is CurrentVersion, help, HTML Help, ITStorage, Shell

floodjlc
Novice
Novice

Posts Posts : 49
Joined Joined : 2009-07-02
OS OS : windows xp
Points Points : 27215
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security Virus

Post by Origin on 2nd July 2009, 7:49 pm

I see, instead of that registry key, please check this one:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security Virus

Post by floodjlc on 2nd July 2009, 7:51 pm

Under Run the folder listed is OptionalComponents....in that is IMAIL, MAPI and MSFS.....what do I do or delete from here?

floodjlc
Novice
Novice

Posts Posts : 49
Joined Joined : 2009-07-02
OS OS : windows xp
Points Points : 27215
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security Virus

Post by Origin on 2nd July 2009, 7:56 pm

If you do not see any random number ending with .exe do NOT delete anything, we need to try a different approach:

Please download MGTools from here:

[You must be registered and logged in to see this link.]

Once downloaded, follow the instructions on this page:

[You must be registered and logged in to see this link.]

Once you have fully installed MGTools, there will be a folder created in your C:\ drive, should be C:\MGTools, go to that folder and look for a file called Analyze.exe, that file should be HijackThis, Now do a system scan and save a log file, once you have the log, post all the contents of the log back here.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security Virus

Post by floodjlc on 2nd July 2009, 7:59 pm

I cant open the first link....it says....Error 403! /chaslang/files/MGtools.exe Forbidden!

floodjlc
Novice
Novice

Posts Posts : 49
Joined Joined : 2009-07-02
OS OS : windows xp
Points Points : 27215
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security Virus

Post by Belahzur on 2nd July 2009, 8:06 pm

There's a referal check on MG, so use the second link to the thread and download via the link there.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System Security Virus

Post by Origin on 2nd July 2009, 8:08 pm

Or you can download it from here Cheesy Grin (sparkly

[You must be registered and logged in to see this link.]


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security Virus

Post by floodjlc on 2nd July 2009, 8:20 pm

Ok I was able to open that link.....I have to leave for work now so I will have to follow the instructions and all of that tomorrow. Thanks for your help and I will post again when I finished with the next steps.....thanks again for all your help.

floodjlc
Novice
Novice

Posts Posts : 49
Joined Joined : 2009-07-02
OS OS : windows xp
Points Points : 27215
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security Virus

Post by floodjlc on 3rd July 2009, 6:22 am

I followed all the instructions and now when I open analyze.exe it opens for a second then disapears on me.

floodjlc
Novice
Novice

Posts Posts : 49
Joined Joined : 2009-07-02
OS OS : windows xp
Points Points : 27215
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security Virus

Post by Belahzur on 3rd July 2009, 3:45 pm

Hello.
Rename the file from Analyze.exe to winlogon.exe and see if it will run.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System Security Virus

Post by floodjlc on 3rd July 2009, 10:30 pm

Here is the log file.....also on a side note I can only start my comp. in safe mode...windows will not start otherwise.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:25:57 PM, on 7/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\MGtools\winlogon.exe
C:\WINDOWS\fonts\services.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = [You must be registered and logged in to see this link.]
F3 - REG:win.ini: load=C:\WINDOWS\system32\msjcm.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\msrflpxe.exe
O2 - BHO: C:\WINDOWS\system32\gsf83iujid.dll - {D76AB2A1-00F3-42BD-F434-00BBC39C8953} - C:\WINDOWS\system32\gsf83iujid.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [exec] C:\WINDOWS\system32\mssvg.exe
O4 - HKUS\S-1-5-19\..\Run: [butumidepi] Rundll32.exe "C:\WINDOWS\system32\peyumupo.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [butumidepi] Rundll32.exe "C:\WINDOWS\system32\peyumupo.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Google Search - [You must be registered and logged in to see this link.] Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - [You must be registered and logged in to see this link.] Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - [You must be registered and logged in to see this link.] Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - [You must be registered and logged in to see this link.] Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - [You must be registered and logged in to see this link.] Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - [You must be registered and logged in to see this link.] Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - [You must be registered and logged in to see this link.]
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\DOCUME~1\KARAHU~1\LOCALS~1\Temp\6906000126mxx.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: bcefbffcac - C:\WINDOWS\system32\bcefbffcac.dll
O22 - SharedTaskScheduler: rtasgvfu76ew8ndkfno94 - {D76AB2A1-00F3-42BD-F434-00BBC39C8953} - C:\WINDOWS\system32\gsf83iujid.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: lich - Unknown owner - C:\WINDOWS\system32\lich.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9390 bytes

floodjlc
Novice
Novice

Posts Posts : 49
Joined Joined : 2009-07-02
OS OS : windows xp
Points Points : 27215
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security Virus

Post by Belahzur on 4th July 2009, 2:10 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    F3 - REG:win.ini: load=C:\WINDOWS\system32\msjcm.exe
    F3 - REG:win.ini: run=C:\WINDOWS\system32\msrflpxe.exe
    O2 - BHO: C:\WINDOWS\system32\gsf83iujid.dll - {D76AB2A1-00F3-42BD-F434-00BBC39C8953} - C:\WINDOWS\system32\gsf83iujid.dll (file missing)
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Policies\Explorer\Run: [exec] C:\WINDOWS\system32\mssvg.exe
    O4 - HKUS\S-1-5-19\..\Run: [butumidepi] Rundll32.exe "C:\WINDOWS\system32\peyumupo.dll",s (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [butumidepi] Rundll32.exe "C:\WINDOWS\system32\peyumupo.dll",s (User 'NETWORK SERVICE')
    O20 - AppInit_DLLs: C:\DOCUME~1\KARAHU~1\LOCALS~1\Temp\6906000126mxx.dll
    O20 - Winlogon Notify: bcefbffcac - C:\WINDOWS\system32\bcefbffcac.dll
    O22 - SharedTaskScheduler: rtasgvfu76ew8ndkfno94 - {D76AB2A1-00F3-42BD-F434-00BBC39C8953} - C:\WINDOWS\system32\gsf83iujid.dll (file missing)
    O23 - Service: lich - Unknown owner - C:\WINDOWS\system32\lich.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System Security Virus

Post by floodjlc on 4th July 2009, 10:14 pm

Some of those things that I am supposed to check have changed slightly... example....
F3 - REG:win.ini: load=C:\WINDOWS\system32\msjcm.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\msrflpxe.exe

is now showing

F3 - REG:win.ini: load=C:\WINDOWS\system32\msjwler.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\msjula.exe

There are also a few others......Do I check these and fix those? I have not done anything yet and will not do so until you let me know as to not create a new problem.

floodjlc
Novice
Novice

Posts Posts : 49
Joined Joined : 2009-07-02
OS OS : windows xp
Points Points : 27215
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security Virus

Post by Belahzur on 4th July 2009, 10:47 pm

Okay, fix the changed items, doesn't matter what they called, they need to go.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System Security Virus

Post by floodjlc on 4th July 2009, 11:17 pm

Ok I downloaded the MBAM and when I open it up to install it I choose English then it instantly closes on me.

floodjlc
Novice
Novice

Posts Posts : 49
Joined Joined : 2009-07-02
OS OS : windows xp
Points Points : 27215
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security Virus

Post by floodjlc on 4th July 2009, 11:46 pm

I already have it installed I just realized already.....When I open that up even and try to update it it says it will close and install the latest version. As soon as it starts to install it closes.

floodjlc
Novice
Novice

Posts Posts : 49
Joined Joined : 2009-07-02
OS OS : windows xp
Points Points : 27215
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security Virus

Post by Belahzur on 5th July 2009, 7:15 pm

Hello.


  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System Security Virus

Post by floodjlc on 5th July 2009, 10:56 pm

I cant disable anything....it wont let me. I even tried totally uninstalling AVG and it wont let me. I dont think it is even running. I will follow the rest of the steps and post the log

floodjlc
Novice
Novice

Posts Posts : 49
Joined Joined : 2009-07-02
OS OS : windows xp
Points Points : 27215
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security Virus

Post by floodjlc on 5th July 2009, 11:02 pm

AVG is running it said. How can I turn it off. I can only start my comp in safe mode, it is not showing in the task bar.

floodjlc
Novice
Novice

Posts Posts : 49
Joined Joined : 2009-07-02
OS OS : windows xp
Points Points : 27215
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security Virus

Post by Belahzur on 6th July 2009, 2:03 pm

Okay, just run Combofix as normal anyway, even if it says AVG is active.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System Security Virus

Post by floodjlc on 6th July 2009, 5:51 pm

I will need to post it in a few post the log is too big
.

floodjlc
Novice
Novice

Posts Posts : 49
Joined Joined : 2009-07-02
OS OS : windows xp
Points Points : 27215
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security Virus

Post by floodjlc on 6th July 2009, 5:52 pm

ComboFix 09-07-05.04 - Administrator 07/06/2009 13:24.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.808 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall Plus *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\-2067553298
c:\documents and settings\All Users\Application Data\18887184
c:\documents and settings\All Users\Application Data\18887184\18887184
c:\documents and settings\All Users\Application Data\18887184\18887184.exe
c:\documents and settings\Kara Hudon\Application Data\wiaserva.log
c:\documents and settings\Kara Hudon\Application Data\wiaservg.log
C:\dvl.dll
C:\dvs.dll
c:\windows\010112010146118114.dat
c:\windows\kb913800.exe
c:\windows\ld11.exe
c:\windows\system32\6to4v32.dll
c:\windows\system32\abc2
c:\windows\system32\bcefbffcac.dll
c:\windows\system32\certstore.dat
c:\windows\system32\drivers\hjgruimqlrsvpt.sys
c:\windows\system32\ex1
c:\windows\system32\hjgruialbabybj.dll
c:\windows\system32\hjgruihymsddyy.dat
c:\windows\system32\hjgruivxgulrwl.dat
c:\windows\system32\hjgruixiqhxngf.dll
c:\windows\system32\ineWc01
c:\windows\system32\ipd1
c:\windows\system32\mscesh.exe
c:\windows\system32\mscfo.exe
c:\windows\system32\mschs.exe
c:\windows\system32\mscijaz.exe
c:\windows\system32\mscjmijv.exe
c:\windows\system32\msclosdv.exe
c:\windows\system32\msclts.exe
c:\windows\system32\mscmjke.exe
c:\windows\system32\mscmrxr.exe
c:\windows\system32\mscnd.exe
c:\windows\system32\mscnuysa.exe
c:\windows\system32\mscpez.exe
c:\windows\system32\mscpoeps.exe
c:\windows\system32\msctesm.exe
c:\windows\system32\mscuq.exe
c:\windows\system32\mscxa.exe
c:\windows\system32\mscxd.exe
c:\windows\system32\msczwf.exe
c:\windows\system32\msdbg.exe
c:\windows\system32\msdbheq.exe
c:\windows\system32\msdcuoh.exe
c:\windows\system32\msdcuqh.exe
c:\windows\system32\msddi.exe
c:\windows\system32\msddkp.exe
c:\windows\system32\msdebwej.exe
c:\windows\system32\msdfa.exe
c:\windows\system32\msdfbyyc.exe
c:\windows\system32\msdglkc.exe
c:\windows\system32\msdgw.exe
c:\windows\system32\msdhl.exe
c:\windows\system32\msdhpcsb.exe
c:\windows\system32\msdhvaj.exe
c:\windows\system32\msdjbk.exe
c:\windows\system32\msdjefzt.exe
c:\windows\system32\msdkraax.exe
c:\windows\system32\msdlbf.exe
c:\windows\system32\msdlgo.exe
c:\windows\system32\msdowvf.exe
c:\windows\system32\msdpygw.exe
c:\windows\system32\msdqalr.exe
c:\windows\system32\msdsshqm.exe
c:\windows\system32\msdtufxr.exe
c:\windows\system32\msdvirt.exe
c:\windows\system32\msdvkzrx.exe
c:\windows\system32\msdvq.exe
c:\windows\system32\msdvumml.exe
c:\windows\system32\msdwob.exe
c:\windows\system32\msdyn.exe
c:\windows\system32\msdynp.exe
c:\windows\system32\msdznhsk.exe
c:\windows\system32\mseajytk.exe
c:\windows\system32\msebquuq.exe
c:\windows\system32\msecj.exe
c:\windows\system32\mseflqpu.exe
c:\windows\system32\msefywp.exe
c:\windows\system32\msegnq.exe
c:\windows\system32\msegq.exe
c:\windows\system32\msehc.exe
c:\windows\system32\msehdrx.exe
c:\windows\system32\mseitsk.exe
c:\windows\system32\mseizk.exe
c:\windows\system32\msekf.exe
c:\windows\system32\mseknmoq.exe
c:\windows\system32\msemh.exe
c:\windows\system32\mseobkv.exe
c:\windows\system32\mseotpr.exe
c:\windows\system32\msepe.exe
c:\windows\system32\mseqxw.exe
c:\windows\system32\msewtz.exe
c:\windows\system32\msewuc.exe
c:\windows\system32\msewuvno.exe
c:\windows\system32\msexyhf.exe
c:\windows\system32\mseye.exe
c:\windows\system32\mseyf.exe
c:\windows\system32\msezck.exe
c:\windows\system32\msezxtfg.exe
c:\windows\system32\msfainy.exe
c:\windows\system32\msfaisfr.exe
c:\windows\system32\msfal.exe
c:\windows\system32\msfao.exe
c:\windows\system32\msfazmn.exe
c:\windows\system32\msfdahqg.exe
c:\windows\system32\msfejzc.exe
c:\windows\system32\msffje.exe
c:\windows\system32\msfgdo.exe
c:\windows\system32\msfgiv.exe
c:\windows\system32\msfha.exe
c:\windows\system32\msfhji.exe
c:\windows\system32\msfiqth.exe
c:\windows\system32\msfiwvz.exe
c:\windows\system32\msfjaph.exe
c:\windows\system32\msfkcd.exe
c:\windows\system32\msfkdi.exe
c:\windows\system32\msfky.exe
c:\windows\system32\msflvhbj.exe
c:\windows\system32\msfnqqft.exe
c:\windows\system32\msfpevug.exe
c:\windows\system32\msfpfn.exe
c:\windows\system32\msfpg.exe
c:\windows\system32\msfpswqk.exe
c:\windows\system32\msfqqgc.exe
c:\windows\system32\msfqtaf.exe
c:\windows\system32\msfqu.exe
c:\windows\system32\msfqvx.exe
c:\windows\system32\msfqxd.exe
c:\windows\system32\msfrt.exe
c:\windows\system32\msfsob.exe
c:\windows\system32\msfteqv.exe
c:\windows\system32\msftkh.exe
c:\windows\system32\msfvq.exe
c:\windows\system32\msfvtpg.exe
c:\windows\system32\msfvvxg.exe
c:\windows\system32\msfwkce.exe
c:\windows\system32\msfwn.exe
c:\windows\system32\msfxcfu.exe
c:\windows\system32\msfxjb.exe
c:\windows\system32\msfxjw.exe
c:\windows\system32\msfyqz.exe
c:\windows\system32\msfyvcfq.exe
c:\windows\system32\msfzutqz.exe
c:\windows\system32\msfzwpt.exe
c:\windows\system32\msgbcbv.exe
c:\windows\system32\msgcu.exe
c:\windows\system32\msgehhkf.exe
c:\windows\system32\msgeizl.exe
c:\windows\system32\msgfpo.exe
c:\windows\system32\msgfwz.exe
c:\windows\system32\msggxvg.exe
c:\windows\system32\msghk.exe
c:\windows\system32\msgiu.exe
c:\windows\system32\msgkkwib.exe
c:\windows\system32\msgkxut.exe
c:\windows\system32\msglw.exe
c:\windows\system32\msgml.exe
c:\windows\system32\msgmuiyf.exe
c:\windows\system32\msgnbd.exe
c:\windows\system32\msgpkhui.exe
c:\windows\system32\msgqltno.exe
c:\windows\system32\msgqrmcd.exe
c:\windows\system32\msgsb.exe
c:\windows\system32\msgsfsf.exe
c:\windows\system32\msgtq.exe
c:\windows\system32\msgttxcq.exe
c:\windows\system32\msgusatx.exe
c:\windows\system32\msgwgi.exe
c:\windows\system32\msgwn.exe
c:\windows\system32\msgxh.exe
c:\windows\system32\msgylhw.exe
c:\windows\system32\msgyog.exe
c:\windows\system32\msgzxjfc.exe
c:\windows\system32\mshagjf.exe
c:\windows\system32\mshbpy.exe
c:\windows\system32\mshcg.exe
c:\windows\system32\mshdicsi.exe
c:\windows\system32\mshentb.exe
c:\windows\system32\mshfiii.exe
c:\windows\system32\mshfokc.exe
c:\windows\system32\mshigqrc.exe
c:\windows\system32\mshizick.exe
c:\windows\system32\mshkac.exe
c:\windows\system32\mshltka.exe
c:\windows\system32\mshnd.exe
c:\windows\system32\mshnkcgq.exe
c:\windows\system32\mshoird.exe
c:\windows\system32\mshok.exe
c:\windows\system32\mshqe.exe
c:\windows\system32\mshrjy.exe
c:\windows\system32\mshsuaz.exe
c:\windows\system32\mshudhh.exe
c:\windows\system32\mshui.exe
c:\windows\system32\mshuiejt.exe
c:\windows\system32\mshutcyu.exe
c:\windows\system32\mshutet.exe
c:\windows\system32\mshvbi.exe
c:\windows\system32\mshvj.exe
c:\windows\system32\mshvnb.exe
c:\windows\system32\mshvrblg.exe
c:\windows\system32\mshwhs.exe
c:\windows\system32\mshzeu.exe
c:\windows\system32\mshzx.exe
c:\windows\system32\msiacs.exe
c:\windows\system32\msica.exe
c:\windows\system32\msicl.exe
c:\windows\system32\msidbgtj.exe
c:\windows\system32\msidrr.exe
c:\windows\system32\msieokyf.exe
c:\windows\system32\msiewso.exe
c:\windows\system32\msifdmdn.exe
c:\windows\system32\msigm.exe
c:\windows\system32\msigz.exe
c:\windows\system32\msigzbyb.exe
c:\windows\system32\msihajn.exe
c:\windows\system32\msihe.exe
c:\windows\system32\msihmmwb.exe
c:\windows\system32\msihwltq.exe
c:\windows\system32\msijg.exe
c:\windows\system32\msilbzw.exe
c:\windows\system32\msildk.exe
c:\windows\system32\msilks.exe
c:\windows\system32\msilnlb.exe
c:\windows\system32\msima.exe
c:\windows\system32\msimllws.exe
c:\windows\system32\msimrk.exe
c:\windows\system32\msindy.exe
c:\windows\system32\msinpta.exe
c:\windows\system32\msipa.exe
c:\windows\system32\msipbwy.exe
c:\windows\system32\msipxgkm.exe
c:\windows\system32\msiqaxak.exe
c:\windows\system32\msiqb.exe
c:\windows\system32\msiqjw.exe
c:\windows\system32\msire.exe
c:\windows\system32\msirpoh.exe
c:\windows\system32\msirt.exe
c:\windows\system32\msiso.exe
c:\windows\system32\msiurcs.exe
c:\windows\system32\msivp.exe
c:\windows\system32\msivqz.exe
c:\windows\system32\msiwhcy.exe
c:\windows\system32\msiwjxyu.exe
c:\windows\system32\msixmcq.exe
c:\windows\system32\msiybm.exe
c:\windows\system32\msjaedeu.exe
c:\windows\system32\msjaivt.exe
c:\windows\system32\msjbbp.exe
c:\windows\system32\msjccrhr.exe
c:\windows\system32\msjcljog.exe
c:\windows\system32\msjcm.exe
c:\windows\system32\msjcq.exe
c:\windows\system32\msjczlld.exe
c:\windows\system32\msjdn.exe
c:\windows\system32\msjek.exe
c:\windows\system32\msjeore.exe
c:\windows\system32\msjepahn.exe
c:\windows\system32\msjfrna.exe
c:\windows\system32\msjhbed.exe
c:\windows\system32\msjhgnz.exe
c:\windows\system32\msjhn.exe
c:\windows\system32\msjixlqn.exe
c:\windows\system32\msjjd.exe
c:\windows\system32\msjjtn.exe
c:\windows\system32\msjkun.exe
c:\windows\system32\msjlmjqj.exe
c:\windows\system32\msjmhe.exe
c:\windows\system32\msjmia.exe
c:\windows\system32\msjmrp.exe
c:\windows\system32\msjnzx.exe
c:\windows\system32\msjqhv.exe
c:\windows\system32\msjql.exe
c:\windows\system32\msjrd.exe
c:\windows\system32\msjrmkff.exe
c:\windows\system32\msjrqhxt.exe
c:\windows\system32\msjsgok.exe
c:\windows\system32\msjszwem.exe
c:\windows\system32\msjtci.exe
c:\windows\system32\msjtqyg.exe

floodjlc
Novice
Novice

Posts Posts : 49
Joined Joined : 2009-07-02
OS OS : windows xp
Points Points : 27215
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security Virus

Post by floodjlc on 6th July 2009, 5:52 pm

c:\windows\system32\msjucas.exe
c:\windows\system32\msjula.exe
c:\windows\system32\msjwgkd.exe
c:\windows\system32\msjwh.exe
c:\windows\system32\msjwler.exe
c:\windows\system32\msjybfwg.exe
c:\windows\system32\msjyokxn.exe
c:\windows\system32\msjyopcg.exe
c:\windows\system32\msjys.exe
c:\windows\system32\msjyv.exe
c:\windows\system32\msjzwt.exe
c:\windows\system32\mskaiccs.exe
c:\windows\system32\mskamjo.exe
c:\windows\system32\mskamz.exe
c:\windows\system32\mskbfh.exe
c:\windows\system32\mskbsfy.exe
c:\windows\system32\mskcfbx.exe
c:\windows\system32\mskcgkrg.exe
c:\windows\system32\mskctva.exe
c:\windows\system32\mskfd.exe
c:\windows\system32\mskfy.exe
c:\windows\system32\mskgmdbw.exe
c:\windows\system32\mskgv.exe
c:\windows\system32\mskiexa.exe
c:\windows\system32\mskimb.exe
c:\windows\system32\mskjsev.exe
c:\windows\system32\msklfqv.exe
c:\windows\system32\mskmbc.exe
c:\windows\system32\mskmctnw.exe
c:\windows\system32\mskmmkv.exe
c:\windows\system32\mskmy.exe
c:\windows\system32\msknutq.exe
c:\windows\system32\mskpkl.exe
c:\windows\system32\mskqkx.exe
c:\windows\system32\mskrf.exe
c:\windows\system32\mskrugow.exe
c:\windows\system32\mskrulm.exe
c:\windows\system32\mskrxt.exe
c:\windows\system32\msksakt.exe
c:\windows\system32\mskttiba.exe
c:\windows\system32\mskwb.exe
c:\windows\system32\mskwpwsf.exe
c:\windows\system32\mskwuy.exe
c:\windows\system32\mskylcma.exe
c:\windows\system32\mskys.exe
c:\windows\system32\mskznkah.exe
c:\windows\system32\mslagdc.exe
c:\windows\system32\mslaj.exe
c:\windows\system32\mslbi.exe
c:\windows\system32\mslejlfi.exe
c:\windows\system32\mslgxnvn.exe
c:\windows\system32\mslhwt.exe
c:\windows\system32\mslhzs.exe
c:\windows\system32\mslhzwdv.exe
c:\windows\system32\msliw.exe
c:\windows\system32\msljuxnh.exe
c:\windows\system32\mslkjrc.exe
c:\windows\system32\msllki.exe
c:\windows\system32\msllkyj.exe
c:\windows\system32\msllyuma.exe
c:\windows\system32\mslmrzm.exe
c:\windows\system32\mslpk.exe
c:\windows\system32\mslqvkf.exe
c:\windows\system32\mslrgt.exe
c:\windows\system32\mslrmnd.exe
c:\windows\system32\mslrqw.exe
c:\windows\system32\mslta.exe
c:\windows\system32\msltn.exe
c:\windows\system32\msltrolw.exe
c:\windows\system32\mslus.exe
c:\windows\system32\mslut.exe
c:\windows\system32\msluy.exe
c:\windows\system32\mslvpom.exe
c:\windows\system32\mslwi.exe
c:\windows\system32\mslwm.exe
c:\windows\system32\mslwomql.exe
c:\windows\system32\mslydhw.exe
c:\windows\system32\mslyuym.exe
c:\windows\system32\mslzdyt.exe
c:\windows\system32\mslzi.exe
c:\windows\system32\mslzl.exe
c:\windows\system32\mslzwi.exe
c:\windows\system32\msmajhkj.exe
c:\windows\system32\msmbeya.exe
c:\windows\system32\msmcr.exe
c:\windows\system32\msmehxa.exe
c:\windows\system32\msmfm.exe
c:\windows\system32\msmfn.exe
c:\windows\system32\msmfyt.exe
c:\windows\system32\msmgluq.exe
c:\windows\system32\msmgswr.exe
c:\windows\system32\msmhqs.exe
c:\windows\system32\msmhsnpb.exe
c:\windows\system32\msmjz.exe
c:\windows\system32\msmlrlv.exe
c:\windows\system32\msmocmuj.exe
c:\windows\system32\msmoefgn.exe
c:\windows\system32\msmpsmyq.exe
c:\windows\system32\msmpws.exe
c:\windows\system32\msmun.exe
c:\windows\system32\msmuno.exe
c:\windows\system32\msmuo.exe
c:\windows\system32\msmutrnm.exe
c:\windows\system32\msmvghg.exe
c:\windows\system32\msmvinq.exe
c:\windows\system32\msmvobq.exe
c:\windows\system32\msmvz.exe
c:\windows\system32\msmyv.exe
c:\windows\system32\msnaj.exe
c:\windows\system32\msnak.exe
c:\windows\system32\msnatoae.exe
c:\windows\system32\msnbp.exe
c:\windows\system32\msncbycj.exe
c:\windows\system32\msndb.exe
c:\windows\system32\msnduhh.exe
c:\windows\system32\msnev.exe
c:\windows\system32\msngnblm.exe
c:\windows\system32\msngvmj.exe
c:\windows\system32\msnhfmmi.exe
c:\windows\system32\msnhov.exe
c:\windows\system32\msniqwfv.exe
c:\windows\system32\msnirke.exe
c:\windows\system32\msniuwgr.exe
c:\windows\system32\msnjmgvu.exe
c:\windows\system32\msnkgzxy.exe
c:\windows\system32\msnlapm.exe
c:\windows\system32\msnlcq.exe
c:\windows\system32\msnljhh.exe
c:\windows\system32\msnmkm.exe
c:\windows\system32\msnnror.exe
c:\windows\system32\msnpj.exe
c:\windows\system32\msnpoc.exe
c:\windows\system32\msnptpy.exe
c:\windows\system32\msnpwn.exe
c:\windows\system32\msnqduj.exe
c:\windows\system32\msnqffxd.exe
c:\windows\system32\msnsebjh.exe
c:\windows\system32\msnuebb.exe
c:\windows\system32\msnui.exe
c:\windows\system32\msnvt.exe
c:\windows\system32\msnwgfs.exe
c:\windows\system32\msnwnh.exe
c:\windows\system32\msnxr.exe
c:\windows\system32\msnzxa.exe
c:\windows\system32\msogc.exe
c:\windows\system32\msogea.exe
c:\windows\system32\msogmc.exe
c:\windows\system32\msogx.exe
c:\windows\system32\msohgsi.exe
c:\windows\system32\msohpaw.exe
c:\windows\system32\msokd.exe
c:\windows\system32\msolnc.exe
c:\windows\system32\msolyr.exe
c:\windows\system32\msomzaz.exe
c:\windows\system32\msonlf.exe
c:\windows\system32\msonmq.exe
c:\windows\system32\msooie.exe
c:\windows\system32\msopbjh.exe
c:\windows\system32\msorhw.exe
c:\windows\system32\msosggko.exe
c:\windows\system32\msosj.exe
c:\windows\system32\msota.exe
c:\windows\system32\msotpoe.exe
c:\windows\system32\msouilp.exe
c:\windows\system32\msoulxu.exe
c:\windows\system32\msour.exe
c:\windows\system32\msowlvju.exe
c:\windows\system32\msowwv.exe
c:\windows\system32\msoxx.exe
c:\windows\system32\msozp.exe
c:\windows\system32\mspabvcz.exe
c:\windows\system32\mspauio.exe
c:\windows\system32\mspbg.exe
c:\windows\system32\mspbr.exe
c:\windows\system32\mspbw.exe
c:\windows\system32\mspehaib.exe
c:\windows\system32\mspffyg.exe
c:\windows\system32\mspfq.exe
c:\windows\system32\mspfvk.exe
c:\windows\system32\mspfzn.exe
c:\windows\system32\msphgy.exe
c:\windows\system32\msphu.exe
c:\windows\system32\mspid.exe
c:\windows\system32\mspiqiyr.exe
c:\windows\system32\mspja.exe
c:\windows\system32\mspjcl.exe
c:\windows\system32\mspjidkk.exe
c:\windows\system32\mspjuw.exe
c:\windows\system32\mspkdk.exe
c:\windows\system32\msplis.exe
c:\windows\system32\msplqt.exe
c:\windows\system32\mspne.exe
c:\windows\system32\mspniu.exe
c:\windows\system32\mspoupkp.exe
c:\windows\system32\mspppp.exe
c:\windows\system32\mspprrbd.exe
c:\windows\system32\mspqo.exe
c:\windows\system32\mspskr.exe
c:\windows\system32\mspum.exe
c:\windows\system32\mspvraek.exe
c:\windows\system32\mspwb.exe
c:\windows\system32\mspwyng.exe
c:\windows\system32\mspxuq.exe
c:\windows\system32\mspyhkey.exe
c:\windows\system32\mspyva.exe
c:\windows\system32\msqaadpz.exe
c:\windows\system32\msqaeg.exe
c:\windows\system32\msqak.exe
c:\windows\system32\msqaqqt.exe
c:\windows\system32\msqatg.exe
c:\windows\system32\msqbhp.exe
c:\windows\system32\msqcctw.exe
c:\windows\system32\msqdc.exe
c:\windows\system32\msqfa.exe
c:\windows\system32\msqfta.exe
c:\windows\system32\msqggn.exe
c:\windows\system32\msqgyz.exe
c:\windows\system32\msqijgbj.exe
c:\windows\system32\msqloov.exe

floodjlc
Novice
Novice

Posts Posts : 49
Joined Joined : 2009-07-02
OS OS : windows xp
Points Points : 27215
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security Virus

Post by floodjlc on 6th July 2009, 5:53 pm

c:\windows\system32\msqmrg.exe
c:\windows\system32\msqohkc.exe
c:\windows\system32\msqoq.exe
c:\windows\system32\msqpkwi.exe
c:\windows\system32\msqqnjig.exe
c:\windows\system32\msqqob.exe
c:\windows\system32\msqrjc.exe
c:\windows\system32\msqrys.exe
c:\windows\system32\msqseue.exe
c:\windows\system32\msqsey.exe
c:\windows\system32\msqskdji.exe
c:\windows\system32\msqsnrm.exe
c:\windows\system32\msqsnyl.exe
c:\windows\system32\msqsvn.exe
c:\windows\system32\msqvubc.exe
c:\windows\system32\msraufxh.exe
c:\windows\system32\msravn.exe
c:\windows\system32\msrbh.exe
c:\windows\system32\msrbi.exe
c:\windows\system32\msrbnsai.exe
c:\windows\system32\msrdsc.exe
c:\windows\system32\msrflpxe.exe
c:\windows\system32\msrgqm.exe
c:\windows\system32\msrhm.exe
c:\windows\system32\msrhpg.exe
c:\windows\system32\msrjzx.exe
c:\windows\system32\msrkr.exe
c:\windows\system32\msrmxyzv.exe
c:\windows\system32\msrndqvl.exe
c:\windows\system32\msrnjia.exe
c:\windows\system32\msroigsm.exe
c:\windows\system32\msromg.exe
c:\windows\system32\msrqia.exe
c:\windows\system32\msrrcph.exe
c:\windows\system32\msrrmor.exe
c:\windows\system32\msrtndp.exe
c:\windows\system32\msruxjq.exe
c:\windows\system32\msrvq.exe
c:\windows\system32\msrvrhzr.exe
c:\windows\system32\msrwy.exe
c:\windows\system32\msrxb.exe
c:\windows\system32\msrxbwk.exe
c:\windows\system32\msrybo.exe
c:\windows\system32\msrybz.exe
c:\windows\system32\msryou.exe
c:\windows\system32\msryyakj.exe
c:\windows\system32\msrzrl.exe
c:\windows\system32\msrzw.exe
c:\windows\system32\mssbwncb.exe
c:\windows\system32\mssbzgk.exe
c:\windows\system32\mssdaa.exe
c:\windows\system32\mssdniij.exe
c:\windows\system32\mssfgh.exe
c:\windows\system32\mukmil.dll
c:\windows\system32\oc9
c:\windows\system32\pcmstub.sys
c:\windows\system32\shel9
c:\windows\system32\tpsaxyd.exe
c:\windows\system32\wbem\proquota.exe
c:\windows\system32\wiawow32.sys
c:\windows\system32\yyadd.ini
c:\windows\system32\yyadd.ini2

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_hjgruifvkibaiq
-------\Legacy_6TO4
-------\Legacy_DRV
-------\Legacy_PCMSTUB
-------\Service_6to4
-------\Service_drv
-------\Service_pcmstub


((((((((((((((((((((((((( Files Created from 2009-06-06 to 2009-07-06 )))))))))))))))))))))))))))))))
.

2009-07-04 23:42 . 2009-07-04 23:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-07-03 06:10 . 2009-07-03 06:10 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AVG Security Toolbar
2009-07-03 06:10 . 2009-07-03 06:10 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-07-03 05:46 . 2009-07-03 05:46 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-07-02 20:35 . 2009-07-02 20:35 -------- d-----w- c:\windows\ie8updates
2009-07-02 20:15 . 2009-07-03 06:10 112910 ----a-w- C:\MGlogs.zip
2009-07-02 20:14 . 2009-07-04 23:05 -------- d-----w- C:\MGtools
2009-07-02 19:12 . 2009-07-02 19:12 0 ----a-w- c:\windows\system32\lich.dat
2009-07-02 19:05 . 2009-07-02 19:05 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-07-02 19:00 . 2009-07-02 19:00 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-07-02 18:57 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-07-02 18:57 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-02 15:55 . 2009-07-02 15:55 -------- d-sh--w- c:\documents and settings\Kara Hudon\IECompatCache
2009-07-02 15:54 . 2009-07-02 15:54 -------- d-sh--w- c:\documents and settings\Kara Hudon\PrivacIE
2009-07-02 15:47 . 2009-07-02 15:47 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-02 15:46 . 2009-07-02 15:46 -------- d-sh--w- c:\documents and settings\Kara Hudon\IETldCache
2009-07-02 15:32 . 2009-07-02 15:33 -------- dc-h--w- c:\windows\ie8
2009-07-02 00:18 . 2009-07-02 00:18 122080 ----a-w- C:\cfrm.exe
2009-07-02 00:04 . 2009-07-02 00:04 127488 ---h--w- c:\windows\system32\mswnccgz.exe
2009-07-02 00:01 . 2009-07-02 00:01 86016 ----a-w- c:\windows\system32\lich.exe
2009-07-02 00:00 . 2009-07-02 00:00 -------- d-----w- c:\program files\drv
2009-07-02 00:00 . 2009-07-02 00:00 28672 ----a-w- C:\fdvjfx.exe
2009-06-25 16:21 . 2009-06-25 16:21 -------- d-----w- c:\documents and settings\Kara Hudon\Local Settings\Application Data\AVG Security Toolbar
2009-06-25 16:09 . 2009-06-25 16:08 832144 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\AVGToolbarInstall.exe
2009-06-25 16:09 . 2009-06-25 16:09 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-06-25 16:09 . 2009-06-25 16:09 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-06 04:55 . 2009-07-02 00:34 4 ---h--w- c:\windows\Fonts\mlog
2009-07-04 23:46 . 2009-03-20 16:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-04 23:46 . 2009-03-20 16:26 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-02 18:31 . 2008-06-12 18:31 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-07-02 05:28 . 2009-07-02 06:03 1952 ----a-w- c:\windows\system32\drivers\kmixer.sys
2009-06-25 16:08 . 2008-06-12 18:31 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-25 16:08 . 2008-06-12 18:31 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-25 16:08 . 2008-06-12 18:31 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-17 15:27 . 2009-03-20 16:25 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-22 03:01 . 2006-06-13 01:27 -------- d-----w- c:\documents and settings\Kara Hudon\Application Data\AdobeUM
2009-05-20 16:23 . 2008-06-12 18:31 -------- d-----w- c:\documents and settings\Kara Hudon\Application Data\AVGTOOLBAR
2009-05-20 16:22 . 2009-05-20 16:22 -------- d-----w- c:\documents and settings\Kara Hudon\Application Data\Red Kawa
2009-05-20 16:21 . 2009-05-20 16:21 -------- d-----w- c:\program files\AviSynth 2.5
2009-05-20 16:21 . 2009-05-20 16:21 -------- d-----w- c:\program files\Red Kawa
2009-05-20 16:20 . 2007-01-29 05:15 -------- d-----w- c:\documents and settings\Kara Hudon\Application Data\Vso
2009-05-19 02:26 . 2006-06-09 21:47 -------- d-----w- c:\documents and settings\Kara Hudon\Application Data\Apple Computer
2009-05-19 02:13 . 2009-05-19 02:12 -------- d-----w- c:\program files\iTunes
2009-05-19 02:13 . 2009-05-19 02:12 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-19 02:12 . 2009-05-19 02:12 -------- d-----w- c:\program files\iPod
2009-05-19 02:11 . 2009-05-19 02:11 -------- d-----w- c:\program files\Bonjour
2009-05-19 02:10 . 2009-05-19 02:10 -------- d-----w- c:\program files\QuickTime
2009-05-19 02:05 . 2009-05-19 02:05 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-05-13 05:15 . 2004-08-10 11:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-08 01:00 . 2008-06-12 18:31 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-07 15:32 . 2004-08-10 11:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-17 12:26 . 2004-08-10 11:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-10 11:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2008-08-29 01:06 . 2006-12-18 01:31 56 --sh--r- c:\windows\system32\1442C91D9C.sys
2008-10-05 14:43 . 2006-06-09 20:39 88 --sh--r- c:\windows\system32\9C1DC94214.sys
2008-10-05 14:43 . 2006-06-09 20:39 6580 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

floodjlc
Novice
Novice

Posts Posts : 49
Joined Joined : 2009-07-02
OS OS : windows xp
Points Points : 27215
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security Virus

Post by floodjlc on 6th July 2009, 5:54 pm

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 700416]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 602182]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2006-05-22 694272]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-11-16 397312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-6-5 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-25 16:08 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=c:\windows\pss\Kodak software updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1149888426\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1149888426\\ee\\aim6.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
"c:\\Program Files\\Viewpoint\\Common\\ViewpointService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\fonts\\services.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/12/2008 2:31 PM 327688]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/12/2008 2:31 PM 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [8/29/2008 12:37 PM 906520]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/3/2008 2:45 PM 298776]
S1 drvdrv;drvdrv;\??\c:\program files\drv\drv.sys --> c:\program files\drv\drv.sys [?]
S2 xbmhki;xbmhki;c:\windows\system32\drivers\fnvbf.sys --> c:\windows\system32\drivers\fnvbf.sys [?]
S3 PCD5SRVC{FBEA8B78-1B22F121-05040000};PCD5SRVC{FBEA8B78-1B22F121-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms [12/5/2007 4:47 PM 20640]
S4 lich;lich;c:\windows\system32\lich.exe [7/1/2009 8:01 PM 86016]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/17/2007 3:18 PM 24652]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
drv REG_MULTI_SZ drv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - "F:\Install FreeAgent Tools.exe" /run

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 21:57]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-A00F68AE37.exe - c:\docume~1\KARAHU~1\LOCALS~1\Temp\_A00F68AE37.exe
HKCU-Run-hsf7husjnfg98gi498aejhiugjkdg4 - c:\docume~1\KARAHU~1\LOCALS~1\Temp\hnrnad.exe
HKCU-Run-LowRiskFileTypes - c:\windows\sysguard.exe
HKCU-Run-Windows System Recover! - c:\docume~1\KARAHU~1\LOCALS~1\Temp\login.exe
HKCU-Run-Aim6 - (no file)


.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
FF - ProfilePath - c:\documents and settings\Kara Hudon\Application Data\Mozilla\Firefox\Profiles\9d9q2bal.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava14.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-07-06 13:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\7d8e9e7cdef90eef8fbb287e74086fa9.sys 39936 bytes executable
c:\windows\system32\_7d8e9e7cdef90eef8fbb287e74086fa9.sys_.vir 39936 bytes executable

scan completed successfully
hidden files: 2

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\7d8e9e7cdef90eef8fbb287e74086fa9]
"ImagePath"="system32\7d8e9e7cdef90eef8fbb287e74086fa9.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PCD5SRVC{FBEA8B78-1B22F121-05040000}]
"ImagePath"="\??\c:\progra~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Adobe\Premiere\7.0\DefaultPreset]
@DACL=(02 0000)
@="c:\\Program Files\\Adobe\\Premiere Pro\\Settings\\DV - NTSC\\Standard 48kHz.prpreset"

[HKEY_LOCAL_MACHINE\software\Adobe\Premiere\7.0\Help]
@DACL=(02 0000)
"AdobeMediaEncoder"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\1_0_0_0.html"
"Contents"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\1_0_0_0.html"
"ExportToDVD"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\1_13_2_0.html"
"HowToUse"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\0_0_0_0.html"
"Keyboard"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\1_4_15_0.html"
"Search"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\search.html"
"Support"="http://www.adobe.com/support/products/premiere.html"

[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\0*! 2*]
"Path"="c:\\Documents and Settings\\Kara Hudon\\Application Data\\Intel\\Wireless\\"

[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\È* 2*]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1464)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\a-squared Free\a2service.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\dllhost.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
.
**************************************************************************
.
Completion time: 2009-07-06 13:45 - machine was rebooted [Kara Hudon]
ComboFix-quarantined-files.txt 2009-07-06 17:45

Pre-Run: 24,108,789,760 bytes free
Post-Run: 22,857,265,152 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

836 --- E O F --- 2009-07-02 20:35

floodjlc
Novice
Novice

Posts Posts : 49
Joined Joined : 2009-07-02
OS OS : windows xp
Points Points : 27215
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security Virus

Post by Belahzur on 6th July 2009, 6:04 pm

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

File::
C:\MGlogs.zip
c:\windows\system32\lich.dat
C:\cfrm.exe
c:\windows\system32\mswnccgz.exe
c:\windows\system32\lich.exe
C:\fdvjfx.exe

Folder::
c:\program files\drv
C:\MGtools

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\fonts\\services.exe"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
"drv"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
[-HKEY_LOCAL_MACHINE\System\ControlSet004\Services\7d8e9e7cdef90eef8fbb287e74086fa9]

Driver::
drvdrv
xbmhki
lich

ROOTKIT::
c:\windows\system32\7d8e9e7cdef90eef8fbb287e74086fa9.sys
c:\windows\system32\_7d8e9e7cdef90eef8fbb287e74086fa9.sys_.vir

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System Security Virus

Post by floodjlc on 6th July 2009, 7:09 pm

I accidently closed the report....where do I find it?

floodjlc
Novice
Novice

Posts Posts : 49
Joined Joined : 2009-07-02
OS OS : windows xp
Points Points : 27215
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security Virus

Post by Belahzur on 6th July 2009, 7:26 pm

C:\Combofix.txt


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System Security Virus

Post by floodjlc on 6th July 2009, 7:40 pm

ComboFix 09-07-05.04 - Kara Hudon 07/06/2009 14:51.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.470 [GMT -4:00]
Running from: c:\documents and settings\Kara Hudon\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Kara Hudon\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall Plus *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"C:\cfrm.exe"
"C:\fdvjfx.exe"
"C:\MGlogs.zip"
"c:\windows\system32\lich.dat"
"c:\windows\system32\lich.exe"
"c:\windows\system32\mswnccgz.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\cfrm.exe
C:\fdvjfx.exe
C:\MGlogs.zip
C:\MGtools
c:\mgtools\backups\backup-20090704-190542-115
c:\mgtools\backups\backup-20090704-190542-218
c:\mgtools\backups\backup-20090704-190542-580
c:\mgtools\backups\backup-20090704-190542-633
c:\mgtools\backups\backup-20090704-190542-634
c:\mgtools\backups\backup-20090704-190542-720
c:\mgtools\backups\backup-20090704-190542-752
c:\mgtools\backups\backup-20090704-190542-875
c:\mgtools\backups\backup-20090704-190542-880
c:\mgtools\backups\backup-20090704-190542-887
c:\mgtools\backups\backup-20090704-190542-929
c:\mgtools\backups\backup-20090704-190542-940
c:\mgtools\chodefix.bat
c:\mgtools\config.reg
c:\mgtools\DisableUAC.reg
c:\mgtools\EnableUAC.reg
c:\mgtools\ffdata.txt
c:\mgtools\filelog.txt
c:\mgtools\FindOVL.bat
c:\mgtools\FixBagle.bat
c:\mgtools\fixBagle.reg
c:\mgtools\FixCF.bat
c:\mgtools\fixCF.reg
c:\mgtools\fixChode.reg
c:\mgtools\FixFA.bat
c:\mgtools\fixFA.reg
c:\mgtools\flowers.log
c:\mgtools\GetDetails.exe
c:\mgtools\GetLogs.Bat
c:\mgtools\GetRunKey.bat
c:\mgtools\GetUnKey.txt
c:\mgtools\GetUnKeys.bat
c:\mgtools\grep.exe
c:\mgtools\GRK64.bat
c:\mgtools\hide.reg
c:\mgtools\history.txt
c:\mgtools\HTAfind.bat
c:\mgtools\IEFIX.reg
c:\mgtools\locate.com
c:\mgtools\ltime.exe
c:\mgtools\MGclean.bat
c:\mgtools\newfiles.txt
c:\mgtools\procdll.txt
c:\mgtools\Process.exe
c:\mgtools\ProcessDll.exe
c:\mgtools\Regfix.bat
c:\mgtools\runkeys.txt
c:\mgtools\RunMB.bat
c:\mgtools\sed.exe
c:\mgtools\ShowNew.bat
c:\mgtools\SN64.bat
c:\mgtools\swreg.exe
c:\mgtools\swwhoami.exe
c:\mgtools\sysinfo.txt
c:\mgtools\sysrest.txt
c:\mgtools\unhide.reg
c:\mgtools\UserInfo.bat
c:\mgtools\UserInfo.txt
c:\mgtools\vfind.exe
c:\mgtools\VunFind.bat
c:\mgtools\winfiles.txt
c:\mgtools\winlogon.exe
c:\mgtools\zip.exe
c:\program files\drv
c:\program files\drv\drv.dll
c:\windows\system32\lich.dat
c:\windows\system32\lich.exe
c:\windows\system32\msshjha.exe
c:\windows\system32\msshonf.exe
c:\windows\system32\msshv.exe
c:\windows\system32\mssiiii.exe
c:\windows\system32\mssizgn.exe
c:\windows\system32\msskmmw.exe
c:\windows\system32\msskta.exe
c:\windows\system32\msslt.exe
c:\windows\system32\mssmcfyz.exe
c:\windows\system32\mssnkfyk.exe
c:\windows\system32\mssnmxi.exe
c:\windows\system32\mssnqa.exe
c:\windows\system32\mssnuu.exe
c:\windows\system32\mssolc.exe
c:\windows\system32\mssoyqe.exe
c:\windows\system32\msspencs.exe
c:\windows\system32\msspm.exe
c:\windows\system32\msspt.exe
c:\windows\system32\msspufq.exe
c:\windows\system32\mssqocfq.exe
c:\windows\system32\mssqsrf.exe
c:\windows\system32\mssrwj.exe
c:\windows\system32\mssshmb.exe
c:\windows\system32\mssstb.exe
c:\windows\system32\msstqwff.exe
c:\windows\system32\mssvg.exe
c:\windows\system32\msswyvwv.exe
c:\windows\system32\msswz.exe
c:\windows\system32\mssyhw.exe
c:\windows\system32\msszbuii.exe
c:\windows\system32\mssznsn.exe
c:\windows\system32\mstalgsy.exe
c:\windows\system32\mstara.exe
c:\windows\system32\mstax.exe
c:\windows\system32\mstda.exe
c:\windows\system32\mstdjee.exe
c:\windows\system32\mstdn.exe
c:\windows\system32\mstdphc.exe
c:\windows\system32\mstebpf.exe
c:\windows\system32\mstfdi.exe
c:\windows\system32\mstjphb.exe
c:\windows\system32\mstjtobb.exe
c:\windows\system32\mstlrhy.exe
c:\windows\system32\mstlswu.exe
c:\windows\system32\mstmf.exe
c:\windows\system32\mstmgg.exe
c:\windows\system32\mstmroe.exe
c:\windows\system32\mstnpb.exe
c:\windows\system32\mstnpbr.exe
c:\windows\system32\mstphaih.exe
c:\windows\system32\mstplig.exe
c:\windows\system32\mstpzt.exe
c:\windows\system32\mstqb.exe
c:\windows\system32\mstqiii.exe
c:\windows\system32\mstqmmgl.exe
c:\windows\system32\mstrvxrj.exe
c:\windows\system32\mstrwtaa.exe
c:\windows\system32\mstsryp.exe
c:\windows\system32\mstvog.exe
c:\windows\system32\mstwrhb.exe
c:\windows\system32\mstzyqx.exe
c:\windows\system32\msubpi.exe
c:\windows\system32\msudbu.exe
c:\windows\system32\msudcozb.exe
c:\windows\system32\msueaxr.exe
c:\windows\system32\msuemxsj.exe
c:\windows\system32\msufi.exe
c:\windows\system32\msuhiyf.exe
c:\windows\system32\msuhzvfr.exe
c:\windows\system32\msuittkc.exe
c:\windows\system32\msuiuzv.exe
c:\windows\system32\msumyblk.exe
c:\windows\system32\msuneldz.exe
c:\windows\system32\msunmv.exe
c:\windows\system32\msuovcx.exe
c:\windows\system32\msupye.exe
c:\windows\system32\msurowds.exe
c:\windows\system32\msusbjc.exe
c:\windows\system32\msutszrh.exe
c:\windows\system32\msuuo.exe
c:\windows\system32\msuup.exe
c:\windows\system32\msuvcdq.exe
c:\windows\system32\msuvipnt.exe
c:\windows\system32\msuvzbt.exe
c:\windows\system32\msuwgy.exe
c:\windows\system32\msuyc.exe
c:\windows\system32\msuykpp.exe
c:\windows\system32\msvakv.exe
c:\windows\system32\msvblxq.exe
c:\windows\system32\msvcqkl.exe
c:\windows\system32\msvdijv.exe
c:\windows\system32\msvdkqtz.exe
c:\windows\system32\msvdrgxp.exe
c:\windows\system32\msvealip.exe
c:\windows\system32\msveg.exe
c:\windows\system32\msvek.exe
c:\windows\system32\msvezvgi.exe
c:\windows\system32\msvhe.exe
c:\windows\system32\msvik.exe
c:\windows\system32\msvjtje.exe
c:\windows\system32\msvkqv.exe
c:\windows\system32\msvln.exe
c:\windows\system32\msvnh.exe
c:\windows\system32\msvos.exe
c:\windows\system32\msvpg.exe
c:\windows\system32\msvqqzo.exe
c:\windows\system32\msvrrhc.exe
c:\windows\system32\msvrs.exe
c:\windows\system32\msvspigl.exe
c:\windows\system32\msvsvuqv.exe

floodjlc
Novice
Novice

Posts Posts : 49
Joined Joined : 2009-07-02
OS OS : windows xp
Points Points : 27215
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security Virus

Post by floodjlc on 6th July 2009, 7:40 pm

c:\windows\system32\msvsy.exe
c:\windows\system32\msvuoct.exe
c:\windows\system32\msvwcafu.exe
c:\windows\system32\msvyb.exe
c:\windows\system32\msvydudn.exe
c:\windows\system32\msvyls.exe
c:\windows\system32\msvynp.exe
c:\windows\system32\msvzhcw.exe
c:\windows\system32\mswagwsd.exe
c:\windows\system32\mswbl.exe
c:\windows\system32\mswbs.exe
c:\windows\system32\mswcipw.exe
c:\windows\system32\mswcsz.exe
c:\windows\system32\mswdsx.exe
c:\windows\system32\mswfrozl.exe
c:\windows\system32\mswgdgow.exe
c:\windows\system32\mswgur.exe
c:\windows\system32\mswher.exe
c:\windows\system32\mswheti.exe
c:\windows\system32\mswhkboi.exe
c:\windows\system32\mswir.exe
c:\windows\system32\mswiz.exe
c:\windows\system32\mswlbc.exe
c:\windows\system32\mswleaz.exe
c:\windows\system32\mswlfqks.exe
c:\windows\system32\mswltyp.exe
c:\windows\system32\mswmdf.exe
c:\windows\system32\mswmvcs.exe
c:\windows\system32\mswnccgz.exe
c:\windows\system32\mswnraw.exe
c:\windows\system32\mswpf.exe
c:\windows\system32\mswpyvj.exe
c:\windows\system32\mswpzdz.exe
c:\windows\system32\mswqvy.exe
c:\windows\system32\mswrls.exe
c:\windows\system32\mswsraav.exe
c:\windows\system32\mswtd.exe
c:\windows\system32\mswtli.exe
c:\windows\system32\mswtqx.exe
c:\windows\system32\mswubbaa.exe
c:\windows\system32\mswuymws.exe
c:\windows\system32\mswuz.exe
c:\windows\system32\mswvsldl.exe
c:\windows\system32\mswwb.exe
c:\windows\system32\mswwnoa.exe
c:\windows\system32\mswxckx.exe
c:\windows\system32\mswxgq.exe
c:\windows\system32\mswxml.exe
c:\windows\system32\mswyhbdu.exe
c:\windows\system32\mswzbhee.exe
c:\windows\system32\msxajwt.exe
c:\windows\system32\msxcdk.exe
c:\windows\system32\msxcsik.exe
c:\windows\system32\msxdnjne.exe
c:\windows\system32\msxfi.exe
c:\windows\system32\msxilpqb.exe
c:\windows\system32\msxivjk.exe
c:\windows\system32\msxjia.exe
c:\windows\system32\msxjjwxe.exe
c:\windows\system32\msxlkbbb.exe
c:\windows\system32\msxlzzsy.exe
c:\windows\system32\msxoio.exe
c:\windows\system32\msxpxp.exe
c:\windows\system32\msxqnnwg.exe
c:\windows\system32\msxuhfkj.exe

floodjlc
Novice
Novice

Posts Posts : 49
Joined Joined : 2009-07-02
OS OS : windows xp
Points Points : 27215
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security Virus

Post by floodjlc on 6th July 2009, 7:41 pm

c:\windows\system32\msxvvvl.exe
c:\windows\system32\msxzkak.exe
c:\windows\system32\msyafdfa.exe
c:\windows\system32\msyan.exe
c:\windows\system32\msyau.exe
c:\windows\system32\msybqx.exe
c:\windows\system32\msycdl.exe
c:\windows\system32\msycik.exe
c:\windows\system32\msycizlk.exe
c:\windows\system32\msydbo.exe
c:\windows\system32\msydmse.exe
c:\windows\system32\msydnww.exe
c:\windows\system32\msydwyfs.exe
c:\windows\system32\msyecg.exe
c:\windows\system32\msyfbz.exe
c:\windows\system32\msygja.exe
c:\windows\system32\msygo.exe
c:\windows\system32\msyhbni.exe
c:\windows\system32\msyhetw.exe
c:\windows\system32\msyhzhhw.exe
c:\windows\system32\msykpxi.exe
c:\windows\system32\msyle.exe
c:\windows\system32\msymfkgo.exe
c:\windows\system32\msymg.exe
c:\windows\system32\msynpna.exe
c:\windows\system32\msynwq.exe
c:\windows\system32\msyoobc.exe
c:\windows\system32\msyoozr.exe
c:\windows\system32\msyouj.exe
c:\windows\system32\msyqtwlh.exe
c:\windows\system32\msyraexn.exe
c:\windows\system32\msyrbq.exe
c:\windows\system32\msyssn.exe
c:\windows\system32\msytj.exe
c:\windows\system32\msytr.exe
c:\windows\system32\msyuf.exe
c:\windows\system32\msyvb.exe
c:\windows\system32\msyyk.exe
c:\windows\system32\mszay.exe
c:\windows\system32\mszdn.exe
c:\windows\system32\mszeo.exe
c:\windows\system32\mszes.exe
c:\windows\system32\mszfpmlm.exe
c:\windows\system32\mszfpvwq.exe
c:\windows\system32\mszfz.exe
c:\windows\system32\mszgt.exe
c:\windows\system32\mszhdic.exe
c:\windows\system32\mszhjog.exe
c:\windows\system32\mszjwcd.exe
c:\windows\system32\mszkelwg.exe
c:\windows\system32\mszld.exe
c:\windows\system32\mszlqpr.exe
c:\windows\system32\mszlrg.exe
c:\windows\system32\mszlyv.exe
c:\windows\system32\msznlulq.exe
c:\windows\system32\msznx.exe
c:\windows\system32\msznxi.exe
c:\windows\system32\mszpe.exe
c:\windows\system32\mszrugb.exe
c:\windows\system32\mszrxoy.exe
c:\windows\system32\mszsk.exe
c:\windows\system32\msztds.exe
c:\windows\system32\mszvo.exe
c:\windows\system32\mszwj.exe
c:\windows\system32\mszyfye.exe
c:\windows\system32\mszyvz.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DRVDRV
-------\Legacy_LICH
-------\Legacy_XBMHKI
-------\Service_drvdrv
-------\Service_lich
-------\Service_xbmhki
-------\Service_7d8e9e7cdef90eef8fbb287e74086fa9


((((((((((((((((((((((((( Files Created from 2009-06-06 to 2009-07-06 )))))))))))))))))))))))))))))))
.

2009-07-06 18:35 . 2009-07-06 18:35 -------- d-sh--w- C:\found.000
2009-07-06 17:34 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-07-04 23:42 . 2009-07-04 23:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-07-03 06:10 . 2009-07-03 06:10 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AVG Security Toolbar
2009-07-03 06:10 . 2009-07-03 06:10 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-07-03 05:46 . 2009-07-03 05:46 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-07-02 20:35 . 2009-07-02 20:35 -------- d-----w- c:\windows\ie8updates
2009-07-02 19:05 . 2009-07-02 19:05 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-07-02 19:00 . 2009-07-02 19:00 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-07-02 18:57 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-07-02 18:57 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-02 15:55 . 2009-07-02 15:55 -------- d-sh--w- c:\documents and settings\Kara Hudon\IECompatCache
2009-07-02 15:54 . 2009-07-02 15:54 -------- d-sh--w- c:\documents and settings\Kara Hudon\PrivacIE
2009-07-02 15:47 . 2009-07-02 15:47 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-02 15:46 . 2009-07-02 15:46 -------- d-sh--w- c:\documents and settings\Kara Hudon\IETldCache
2009-07-02 15:32 . 2009-07-02 15:33 -------- dc-h--w- c:\windows\ie8
2009-06-25 16:21 . 2009-06-25 16:21 -------- d-----w- c:\documents and settings\Kara Hudon\Local Settings\Application Data\AVG Security Toolbar
2009-06-25 16:09 . 2009-06-25 16:08 832144 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\AVGToolbarInstall.exe
2009-06-25 16:09 . 2009-06-25 16:09 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-06-25 16:09 . 2009-06-25 16:09 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR

floodjlc
Novice
Novice

Posts Posts : 49
Joined Joined : 2009-07-02
OS OS : windows xp
Points Points : 27215
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security Virus

Post by floodjlc on 6th July 2009, 7:41 pm

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-06 04:55 . 2009-07-02 00:34 4 ---h--w- c:\windows\Fonts\mlog
2009-07-04 23:46 . 2009-03-20 16:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-04 23:46 . 2009-03-20 16:26 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-02 18:31 . 2008-06-12 18:31 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-07-02 05:28 . 2009-07-02 06:03 1952 ----a-w- c:\windows\system32\drivers\kmixer.sys
2009-06-25 16:08 . 2008-06-12 18:31 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-25 16:08 . 2008-06-12 18:31 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-25 16:08 . 2008-06-12 18:31 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-17 15:27 . 2009-03-20 16:25 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-22 03:01 . 2006-06-13 01:27 -------- d-----w- c:\documents and settings\Kara Hudon\Application Data\AdobeUM
2009-05-20 16:23 . 2008-06-12 18:31 -------- d-----w- c:\documents and settings\Kara Hudon\Application Data\AVGTOOLBAR
2009-05-20 16:22 . 2009-05-20 16:22 -------- d-----w- c:\documents and settings\Kara Hudon\Application Data\Red Kawa
2009-05-20 16:21 . 2009-05-20 16:21 -------- d-----w- c:\program files\AviSynth 2.5
2009-05-20 16:21 . 2009-05-20 16:21 -------- d-----w- c:\program files\Red Kawa
2009-05-20 16:20 . 2007-01-29 05:15 -------- d-----w- c:\documents and settings\Kara Hudon\Application Data\Vso
2009-05-19 02:26 . 2006-06-09 21:47 -------- d-----w- c:\documents and settings\Kara Hudon\Application Data\Apple Computer
2009-05-19 02:13 . 2009-05-19 02:12 -------- d-----w- c:\program files\iTunes
2009-05-19 02:13 . 2009-05-19 02:12 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-19 02:12 . 2009-05-19 02:12 -------- d-----w- c:\program files\iPod
2009-05-19 02:11 . 2009-05-19 02:11 -------- d-----w- c:\program files\Bonjour
2009-05-19 02:10 . 2009-05-19 02:10 -------- d-----w- c:\program files\QuickTime
2009-05-19 02:05 . 2009-05-19 02:05 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-05-13 05:15 . 2004-08-10 11:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-08 01:00 . 2008-06-12 18:31 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-07 15:32 . 2004-08-10 11:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-17 12:26 . 2004-08-10 11:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-10 11:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2008-08-29 01:06 . 2006-12-18 01:31 56 --sh--r- c:\windows\system32\1442C91D9C.sys
2008-10-05 14:43 . 2006-06-09 20:39 88 --sh--r- c:\windows\system32\9C1DC94214.sys
2008-10-05 14:43 . 2006-06-09 20:39 6580 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 700416]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 602182]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2006-05-22 694272]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-11-16 397312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-6-5 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-25 16:08 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=c:\windows\pss\Kodak software updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1149888426\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1149888426\\ee\\aim6.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
"c:\\Program Files\\Viewpoint\\Common\\ViewpointService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/12/2008 2:31 PM 327688]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/12/2008 2:31 PM 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [8/29/2008 12:37 PM 906520]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/3/2008 2:45 PM 298776]
S3 PCD5SRVC{FBEA8B78-1B22F121-05040000};PCD5SRVC{FBEA8B78-1B22F121-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms [12/5/2007 4:47 PM 20640]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/17/2007 3:18 PM 24652]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 21:57]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
FF - ProfilePath - c:\documents and settings\Kara Hudon\Application Data\Mozilla\Firefox\Profiles\9d9q2bal.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava14.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-07-06 15:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PCD5SRVC{FBEA8B78-1B22F121-05040000}]
"ImagePath"="\??\c:\progra~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Adobe\Premiere\7.0\DefaultPreset]
@DACL=(02 0000)
@="c:\\Program Files\\Adobe\\Premiere Pro\\Settings\\DV - NTSC\\Standard 48kHz.prpreset"

[HKEY_LOCAL_MACHINE\software\Adobe\Premiere\7.0\Help]
@DACL=(02 0000)
"AdobeMediaEncoder"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\1_0_0_0.html"
"Contents"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\1_0_0_0.html"
"ExportToDVD"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\1_13_2_0.html"
"HowToUse"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\0_0_0_0.html"
"Keyboard"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\1_4_15_0.html"
"Search"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\search.html"
"Support"="http://www.adobe.com/support/products/premiere.html"

[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\0*! 2*]
"Path"="c:\\Documents and Settings\\Kara Hudon\\Application Data\\Intel\\Wireless\\"

[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\È* 2*]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1236)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\a-squared Free\a2service.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\igfxsrvc.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-07-06 15:07 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-06 19:07
ComboFix2.txt 2009-07-06 17:45

Pre-Run: 22,847,897,600 bytes free
Post-Run: 22,800,965,632 bytes free

562 --- E O F --- 2009-07-02 20:35

floodjlc
Novice
Novice

Posts Posts : 49
Joined Joined : 2009-07-02
OS OS : windows xp
Points Points : 27215
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security Virus

Post by Belahzur on 6th July 2009, 8:04 pm

Hello.

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System Security Virus

Post by floodjlc on 6th July 2009, 9:19 pm

Ad-Aware SE Personal
Adobe Acrobat - Reader 6.0.2 Update
Adobe After Effects 6.0
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Photoshop 7.0
Adobe Premiere Pro
Adobe Reader 6.0.1
Adobe Shockwave Player
AIM 6
AOL Uninstaller (Choose which Products to Remove)
AOLIcon
Apple Mobile Device Support
Apple Software Update
a-squared Free 4.0
AudibleManager
Avery Wizard 3.1
AVG Free 8.5
AviSynth 2.5
Bonjour
Broadcom Management Programs
CardRd81
CCleaner (remove only)
CCScore
CleanUp!
Conexant HDA D110 MDC V.92 Modem
Corel Paint Shop Pro X
Corel Photo Album 6
CR2
Creative MediaSource 5
Creative Removable Disk Manager
Creative System Information
Creative ZEN Vision W
Critical Update for Windows Media Player 11 (KB959772)
Dell Digital Jukebox Driver
Dell Game Console
Dell Laser Printer 1110 Software Uninstall
Dell Support Center (Support Software)
DellConnect
DellSupport
Digital Content Portal
Digital Line Detect
DivX Content Uploader
DivX Web Player
Documentation & Support Launcher
DVD43 v3.9.0
EducateU
ELIcon
ESPNMotion
ESSBrwr
ESSCDBK
ESScore
ESSCT
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
ESSTUTOR
ESSvpaht
ESSvpot
GemMaster Mystic
HijackThis 2.0.2
HLPIndex
HLPPDOCK
HLPRFO
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Keylight (1.0v3) for Adobe After Effects
Kodak EasyShare software
KSU
Learn2 Player (Uninstall Only)
Malwarebytes' Anti-Malware
mCore
MCU
mDriver
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
mIWA
mLogView
mMHouse
Modem Helper
Mozilla Firefox (3.0.11)
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
Musicmatch for Windows Media Player
Musicmatch® Jukebox
mWlsSafe
mWMI
mXML
mZConfig
NetWaiting

floodjlc
Novice
Novice

Posts Posts : 49
Joined Joined : 2009-07-02
OS OS : windows xp
Points Points : 27215
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security Virus

Post by floodjlc on 6th July 2009, 9:19 pm

Notifier
OTtBP
OTtBPSDK
Otto
Polar Bowler
PowerDVD 5.7
QuickSet
QuickTime
RealPlayer Basic
Rhapsody Player Engine
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
SFR
SHASTA
SKIN0001
SKINXSDK
Sonic DLA
Sonic Encoders
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Spybot - Search & Destroy
Synaptics Pointing Device Driver
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update Rollup 2 for Windows XP Media Center Edition 2005
V CAST Music with Rhapsody
Veoh Player
Videora iPod Converter 4.07
Viewpoint Manager (Remove Only)
Viewpoint Media Player
VPRINTOL
WebCyberCoach 3.2 Dell
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
WIRELESS
WordPerfect Office 12
ZENcast Organizer

floodjlc
Novice
Novice

Posts Posts : 49
Joined Joined : 2009-07-02
OS OS : windows xp
Points Points : 27215
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security Virus

Post by Origin on 6th July 2009, 9:29 pm

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

  • Java 2 Runtime Environment, SE v1.4.2_03
  • Viewpoint Manager (Remove Only)
  • Viewpoint Media Player


Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security Virus

Post by floodjlc on 6th July 2009, 9:54 pm

Malwarebytes' Anti-Malware 1.38
Database version: 2297
Windows 5.1.2600 Service Pack 3

7/6/2009 5:53:43 PM
mbam-log-2009-07-06 (17-53-43).txt

Scan type: Quick Scan
Objects scanned: 97058
Time elapsed: 8 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\mmkl.kl.1 (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\Fonts\logcde.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
c:\WINDOWS\Fonts\windef.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
c:\WINDOWS\Fonts\services.exe (Worm.Archive) -> Quarantined and deleted successfully.

floodjlc
Novice
Novice

Posts Posts : 49
Joined Joined : 2009-07-02
OS OS : windows xp
Points Points : 27215
# Likes # Likes : 0

View user profile

Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum