System Security Virus

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Re: System Security Virus

Post by floodjlc on Sat Jul 04, 2009 10:14 pm

Some of those things that I am supposed to check have changed slightly... example....
F3 - REG:win.ini: load=C:\WINDOWS\system32\msjcm.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\msrflpxe.exe

is now showing

F3 - REG:win.ini: load=C:\WINDOWS\system32\msjwler.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\msjula.exe

There are also a few others......Do I check these and fix those? I have not done anything yet and will not do so until you let me know as to not create a new problem.

floodjlc
Novice
Novice

Status :
Online
Offline

Posts : 49
Joined : 2009-07-02
OS : windows xp

View user profile

Back to top Go down

Re: System Security Virus

Post by Belahzur on Sat Jul 04, 2009 10:47 pm

Okay, fix the changed items, doesn't matter what they called, they need to go.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: System Security Virus

Post by floodjlc on Sat Jul 04, 2009 11:17 pm

Ok I downloaded the MBAM and when I open it up to install it I choose English then it instantly closes on me.

floodjlc
Novice
Novice

Status :
Online
Offline

Posts : 49
Joined : 2009-07-02
OS : windows xp

View user profile

Back to top Go down

Re: System Security Virus

Post by floodjlc on Sat Jul 04, 2009 11:46 pm

I already have it installed I just realized already.....When I open that up even and try to update it it says it will close and install the latest version. As soon as it starts to install it closes.

floodjlc
Novice
Novice

Status :
Online
Offline

Posts : 49
Joined : 2009-07-02
OS : windows xp

View user profile

Back to top Go down

Re: System Security Virus

Post by Belahzur on Sun Jul 05, 2009 7:15 pm

Hello.


  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: System Security Virus

Post by floodjlc on Sun Jul 05, 2009 10:56 pm

I cant disable anything....it wont let me. I even tried totally uninstalling AVG and it wont let me. I dont think it is even running. I will follow the rest of the steps and post the log

floodjlc
Novice
Novice

Status :
Online
Offline

Posts : 49
Joined : 2009-07-02
OS : windows xp

View user profile

Back to top Go down

Re: System Security Virus

Post by floodjlc on Sun Jul 05, 2009 11:02 pm

AVG is running it said. How can I turn it off. I can only start my comp in safe mode, it is not showing in the task bar.

floodjlc
Novice
Novice

Status :
Online
Offline

Posts : 49
Joined : 2009-07-02
OS : windows xp

View user profile

Back to top Go down

Re: System Security Virus

Post by Belahzur on Mon Jul 06, 2009 2:03 pm

Okay, just run Combofix as normal anyway, even if it says AVG is active.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: System Security Virus

Post by floodjlc on Mon Jul 06, 2009 5:51 pm

I will need to post it in a few post the log is too big
.

floodjlc
Novice
Novice

Status :
Online
Offline

Posts : 49
Joined : 2009-07-02
OS : windows xp

View user profile

Back to top Go down

Re: System Security Virus

Post by floodjlc on Mon Jul 06, 2009 5:52 pm

ComboFix 09-07-05.04 - Administrator 07/06/2009 13:24.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.808 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall Plus *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\-2067553298
c:\documents and settings\All Users\Application Data\18887184
c:\documents and settings\All Users\Application Data\18887184\18887184
c:\documents and settings\All Users\Application Data\18887184\18887184.exe
c:\documents and settings\Kara Hudon\Application Data\wiaserva.log
c:\documents and settings\Kara Hudon\Application Data\wiaservg.log
C:\dvl.dll
C:\dvs.dll
c:\windows\010112010146118114.dat
c:\windows\kb913800.exe
c:\windows\ld11.exe
c:\windows\system32\6to4v32.dll
c:\windows\system32\abc2
c:\windows\system32\bcefbffcac.dll
c:\windows\system32\certstore.dat
c:\windows\system32\drivers\hjgruimqlrsvpt.sys
c:\windows\system32\ex1
c:\windows\system32\hjgruialbabybj.dll
c:\windows\system32\hjgruihymsddyy.dat
c:\windows\system32\hjgruivxgulrwl.dat
c:\windows\system32\hjgruixiqhxngf.dll
c:\windows\system32\ineWc01
c:\windows\system32\ipd1
c:\windows\system32\mscesh.exe
c:\windows\system32\mscfo.exe
c:\windows\system32\mschs.exe
c:\windows\system32\mscijaz.exe
c:\windows\system32\mscjmijv.exe
c:\windows\system32\msclosdv.exe
c:\windows\system32\msclts.exe
c:\windows\system32\mscmjke.exe
c:\windows\system32\mscmrxr.exe
c:\windows\system32\mscnd.exe
c:\windows\system32\mscnuysa.exe
c:\windows\system32\mscpez.exe
c:\windows\system32\mscpoeps.exe
c:\windows\system32\msctesm.exe
c:\windows\system32\mscuq.exe
c:\windows\system32\mscxa.exe
c:\windows\system32\mscxd.exe
c:\windows\system32\msczwf.exe
c:\windows\system32\msdbg.exe
c:\windows\system32\msdbheq.exe
c:\windows\system32\msdcuoh.exe
c:\windows\system32\msdcuqh.exe
c:\windows\system32\msddi.exe
c:\windows\system32\msddkp.exe
c:\windows\system32\msdebwej.exe
c:\windows\system32\msdfa.exe
c:\windows\system32\msdfbyyc.exe
c:\windows\system32\msdglkc.exe
c:\windows\system32\msdgw.exe
c:\windows\system32\msdhl.exe
c:\windows\system32\msdhpcsb.exe
c:\windows\system32\msdhvaj.exe
c:\windows\system32\msdjbk.exe
c:\windows\system32\msdjefzt.exe
c:\windows\system32\msdkraax.exe
c:\windows\system32\msdlbf.exe
c:\windows\system32\msdlgo.exe
c:\windows\system32\msdowvf.exe
c:\windows\system32\msdpygw.exe
c:\windows\system32\msdqalr.exe
c:\windows\system32\msdsshqm.exe
c:\windows\system32\msdtufxr.exe
c:\windows\system32\msdvirt.exe
c:\windows\system32\msdvkzrx.exe
c:\windows\system32\msdvq.exe
c:\windows\system32\msdvumml.exe
c:\windows\system32\msdwob.exe
c:\windows\system32\msdyn.exe
c:\windows\system32\msdynp.exe
c:\windows\system32\msdznhsk.exe
c:\windows\system32\mseajytk.exe
c:\windows\system32\msebquuq.exe
c:\windows\system32\msecj.exe
c:\windows\system32\mseflqpu.exe
c:\windows\system32\msefywp.exe
c:\windows\system32\msegnq.exe
c:\windows\system32\msegq.exe
c:\windows\system32\msehc.exe
c:\windows\system32\msehdrx.exe
c:\windows\system32\mseitsk.exe
c:\windows\system32\mseizk.exe
c:\windows\system32\msekf.exe
c:\windows\system32\mseknmoq.exe
c:\windows\system32\msemh.exe
c:\windows\system32\mseobkv.exe
c:\windows\system32\mseotpr.exe
c:\windows\system32\msepe.exe
c:\windows\system32\mseqxw.exe
c:\windows\system32\msewtz.exe
c:\windows\system32\msewuc.exe
c:\windows\system32\msewuvno.exe
c:\windows\system32\msexyhf.exe
c:\windows\system32\mseye.exe
c:\windows\system32\mseyf.exe
c:\windows\system32\msezck.exe
c:\windows\system32\msezxtfg.exe
c:\windows\system32\msfainy.exe
c:\windows\system32\msfaisfr.exe
c:\windows\system32\msfal.exe
c:\windows\system32\msfao.exe
c:\windows\system32\msfazmn.exe
c:\windows\system32\msfdahqg.exe
c:\windows\system32\msfejzc.exe
c:\windows\system32\msffje.exe
c:\windows\system32\msfgdo.exe
c:\windows\system32\msfgiv.exe
c:\windows\system32\msfha.exe
c:\windows\system32\msfhji.exe
c:\windows\system32\msfiqth.exe
c:\windows\system32\msfiwvz.exe
c:\windows\system32\msfjaph.exe
c:\windows\system32\msfkcd.exe
c:\windows\system32\msfkdi.exe
c:\windows\system32\msfky.exe
c:\windows\system32\msflvhbj.exe
c:\windows\system32\msfnqqft.exe
c:\windows\system32\msfpevug.exe
c:\windows\system32\msfpfn.exe
c:\windows\system32\msfpg.exe
c:\windows\system32\msfpswqk.exe
c:\windows\system32\msfqqgc.exe
c:\windows\system32\msfqtaf.exe
c:\windows\system32\msfqu.exe
c:\windows\system32\msfqvx.exe
c:\windows\system32\msfqxd.exe
c:\windows\system32\msfrt.exe
c:\windows\system32\msfsob.exe
c:\windows\system32\msfteqv.exe
c:\windows\system32\msftkh.exe
c:\windows\system32\msfvq.exe
c:\windows\system32\msfvtpg.exe
c:\windows\system32\msfvvxg.exe
c:\windows\system32\msfwkce.exe
c:\windows\system32\msfwn.exe
c:\windows\system32\msfxcfu.exe
c:\windows\system32\msfxjb.exe
c:\windows\system32\msfxjw.exe
c:\windows\system32\msfyqz.exe
c:\windows\system32\msfyvcfq.exe
c:\windows\system32\msfzutqz.exe
c:\windows\system32\msfzwpt.exe
c:\windows\system32\msgbcbv.exe
c:\windows\system32\msgcu.exe
c:\windows\system32\msgehhkf.exe
c:\windows\system32\msgeizl.exe
c:\windows\system32\msgfpo.exe
c:\windows\system32\msgfwz.exe
c:\windows\system32\msggxvg.exe
c:\windows\system32\msghk.exe
c:\windows\system32\msgiu.exe
c:\windows\system32\msgkkwib.exe
c:\windows\system32\msgkxut.exe
c:\windows\system32\msglw.exe
c:\windows\system32\msgml.exe
c:\windows\system32\msgmuiyf.exe
c:\windows\system32\msgnbd.exe
c:\windows\system32\msgpkhui.exe
c:\windows\system32\msgqltno.exe
c:\windows\system32\msgqrmcd.exe
c:\windows\system32\msgsb.exe
c:\windows\system32\msgsfsf.exe
c:\windows\system32\msgtq.exe
c:\windows\system32\msgttxcq.exe
c:\windows\system32\msgusatx.exe
c:\windows\system32\msgwgi.exe
c:\windows\system32\msgwn.exe
c:\windows\system32\msgxh.exe
c:\windows\system32\msgylhw.exe
c:\windows\system32\msgyog.exe
c:\windows\system32\msgzxjfc.exe
c:\windows\system32\mshagjf.exe
c:\windows\system32\mshbpy.exe
c:\windows\system32\mshcg.exe
c:\windows\system32\mshdicsi.exe
c:\windows\system32\mshentb.exe
c:\windows\system32\mshfiii.exe
c:\windows\system32\mshfokc.exe
c:\windows\system32\mshigqrc.exe
c:\windows\system32\mshizick.exe
c:\windows\system32\mshkac.exe
c:\windows\system32\mshltka.exe
c:\windows\system32\mshnd.exe
c:\windows\system32\mshnkcgq.exe
c:\windows\system32\mshoird.exe
c:\windows\system32\mshok.exe
c:\windows\system32\mshqe.exe
c:\windows\system32\mshrjy.exe
c:\windows\system32\mshsuaz.exe
c:\windows\system32\mshudhh.exe
c:\windows\system32\mshui.exe
c:\windows\system32\mshuiejt.exe
c:\windows\system32\mshutcyu.exe
c:\windows\system32\mshutet.exe
c:\windows\system32\mshvbi.exe
c:\windows\system32\mshvj.exe
c:\windows\system32\mshvnb.exe
c:\windows\system32\mshvrblg.exe
c:\windows\system32\mshwhs.exe
c:\windows\system32\mshzeu.exe
c:\windows\system32\mshzx.exe
c:\windows\system32\msiacs.exe
c:\windows\system32\msica.exe
c:\windows\system32\msicl.exe
c:\windows\system32\msidbgtj.exe
c:\windows\system32\msidrr.exe
c:\windows\system32\msieokyf.exe
c:\windows\system32\msiewso.exe
c:\windows\system32\msifdmdn.exe
c:\windows\system32\msigm.exe
c:\windows\system32\msigz.exe
c:\windows\system32\msigzbyb.exe
c:\windows\system32\msihajn.exe
c:\windows\system32\msihe.exe
c:\windows\system32\msihmmwb.exe
c:\windows\system32\msihwltq.exe
c:\windows\system32\msijg.exe
c:\windows\system32\msilbzw.exe
c:\windows\system32\msildk.exe
c:\windows\system32\msilks.exe
c:\windows\system32\msilnlb.exe
c:\windows\system32\msima.exe
c:\windows\system32\msimllws.exe
c:\windows\system32\msimrk.exe
c:\windows\system32\msindy.exe
c:\windows\system32\msinpta.exe
c:\windows\system32\msipa.exe
c:\windows\system32\msipbwy.exe
c:\windows\system32\msipxgkm.exe
c:\windows\system32\msiqaxak.exe
c:\windows\system32\msiqb.exe
c:\windows\system32\msiqjw.exe
c:\windows\system32\msire.exe
c:\windows\system32\msirpoh.exe
c:\windows\system32\msirt.exe
c:\windows\system32\msiso.exe
c:\windows\system32\msiurcs.exe
c:\windows\system32\msivp.exe
c:\windows\system32\msivqz.exe
c:\windows\system32\msiwhcy.exe
c:\windows\system32\msiwjxyu.exe
c:\windows\system32\msixmcq.exe
c:\windows\system32\msiybm.exe
c:\windows\system32\msjaedeu.exe
c:\windows\system32\msjaivt.exe
c:\windows\system32\msjbbp.exe
c:\windows\system32\msjccrhr.exe
c:\windows\system32\msjcljog.exe
c:\windows\system32\msjcm.exe
c:\windows\system32\msjcq.exe
c:\windows\system32\msjczlld.exe
c:\windows\system32\msjdn.exe
c:\windows\system32\msjek.exe
c:\windows\system32\msjeore.exe
c:\windows\system32\msjepahn.exe
c:\windows\system32\msjfrna.exe
c:\windows\system32\msjhbed.exe
c:\windows\system32\msjhgnz.exe
c:\windows\system32\msjhn.exe
c:\windows\system32\msjixlqn.exe
c:\windows\system32\msjjd.exe
c:\windows\system32\msjjtn.exe
c:\windows\system32\msjkun.exe
c:\windows\system32\msjlmjqj.exe
c:\windows\system32\msjmhe.exe
c:\windows\system32\msjmia.exe
c:\windows\system32\msjmrp.exe
c:\windows\system32\msjnzx.exe
c:\windows\system32\msjqhv.exe
c:\windows\system32\msjql.exe
c:\windows\system32\msjrd.exe
c:\windows\system32\msjrmkff.exe
c:\windows\system32\msjrqhxt.exe
c:\windows\system32\msjsgok.exe
c:\windows\system32\msjszwem.exe
c:\windows\system32\msjtci.exe
c:\windows\system32\msjtqyg.exe

floodjlc
Novice
Novice

Status :
Online
Offline

Posts : 49
Joined : 2009-07-02
OS : windows xp

View user profile

Back to top Go down

Re: System Security Virus

Post by floodjlc on Mon Jul 06, 2009 5:52 pm

c:\windows\system32\msjucas.exe
c:\windows\system32\msjula.exe
c:\windows\system32\msjwgkd.exe
c:\windows\system32\msjwh.exe
c:\windows\system32\msjwler.exe
c:\windows\system32\msjybfwg.exe
c:\windows\system32\msjyokxn.exe
c:\windows\system32\msjyopcg.exe
c:\windows\system32\msjys.exe
c:\windows\system32\msjyv.exe
c:\windows\system32\msjzwt.exe
c:\windows\system32\mskaiccs.exe
c:\windows\system32\mskamjo.exe
c:\windows\system32\mskamz.exe
c:\windows\system32\mskbfh.exe
c:\windows\system32\mskbsfy.exe
c:\windows\system32\mskcfbx.exe
c:\windows\system32\mskcgkrg.exe
c:\windows\system32\mskctva.exe
c:\windows\system32\mskfd.exe
c:\windows\system32\mskfy.exe
c:\windows\system32\mskgmdbw.exe
c:\windows\system32\mskgv.exe
c:\windows\system32\mskiexa.exe
c:\windows\system32\mskimb.exe
c:\windows\system32\mskjsev.exe
c:\windows\system32\msklfqv.exe
c:\windows\system32\mskmbc.exe
c:\windows\system32\mskmctnw.exe
c:\windows\system32\mskmmkv.exe
c:\windows\system32\mskmy.exe
c:\windows\system32\msknutq.exe
c:\windows\system32\mskpkl.exe
c:\windows\system32\mskqkx.exe
c:\windows\system32\mskrf.exe
c:\windows\system32\mskrugow.exe
c:\windows\system32\mskrulm.exe
c:\windows\system32\mskrxt.exe
c:\windows\system32\msksakt.exe
c:\windows\system32\mskttiba.exe
c:\windows\system32\mskwb.exe
c:\windows\system32\mskwpwsf.exe
c:\windows\system32\mskwuy.exe
c:\windows\system32\mskylcma.exe
c:\windows\system32\mskys.exe
c:\windows\system32\mskznkah.exe
c:\windows\system32\mslagdc.exe
c:\windows\system32\mslaj.exe
c:\windows\system32\mslbi.exe
c:\windows\system32\mslejlfi.exe
c:\windows\system32\mslgxnvn.exe
c:\windows\system32\mslhwt.exe
c:\windows\system32\mslhzs.exe
c:\windows\system32\mslhzwdv.exe
c:\windows\system32\msliw.exe
c:\windows\system32\msljuxnh.exe
c:\windows\system32\mslkjrc.exe
c:\windows\system32\msllki.exe
c:\windows\system32\msllkyj.exe
c:\windows\system32\msllyuma.exe
c:\windows\system32\mslmrzm.exe
c:\windows\system32\mslpk.exe
c:\windows\system32\mslqvkf.exe
c:\windows\system32\mslrgt.exe
c:\windows\system32\mslrmnd.exe
c:\windows\system32\mslrqw.exe
c:\windows\system32\mslta.exe
c:\windows\system32\msltn.exe
c:\windows\system32\msltrolw.exe
c:\windows\system32\mslus.exe
c:\windows\system32\mslut.exe
c:\windows\system32\msluy.exe
c:\windows\system32\mslvpom.exe
c:\windows\system32\mslwi.exe
c:\windows\system32\mslwm.exe
c:\windows\system32\mslwomql.exe
c:\windows\system32\mslydhw.exe
c:\windows\system32\mslyuym.exe
c:\windows\system32\mslzdyt.exe
c:\windows\system32\mslzi.exe
c:\windows\system32\mslzl.exe
c:\windows\system32\mslzwi.exe
c:\windows\system32\msmajhkj.exe
c:\windows\system32\msmbeya.exe
c:\windows\system32\msmcr.exe
c:\windows\system32\msmehxa.exe
c:\windows\system32\msmfm.exe
c:\windows\system32\msmfn.exe
c:\windows\system32\msmfyt.exe
c:\windows\system32\msmgluq.exe
c:\windows\system32\msmgswr.exe
c:\windows\system32\msmhqs.exe
c:\windows\system32\msmhsnpb.exe
c:\windows\system32\msmjz.exe
c:\windows\system32\msmlrlv.exe
c:\windows\system32\msmocmuj.exe
c:\windows\system32\msmoefgn.exe
c:\windows\system32\msmpsmyq.exe
c:\windows\system32\msmpws.exe
c:\windows\system32\msmun.exe
c:\windows\system32\msmuno.exe
c:\windows\system32\msmuo.exe
c:\windows\system32\msmutrnm.exe
c:\windows\system32\msmvghg.exe
c:\windows\system32\msmvinq.exe
c:\windows\system32\msmvobq.exe
c:\windows\system32\msmvz.exe
c:\windows\system32\msmyv.exe
c:\windows\system32\msnaj.exe
c:\windows\system32\msnak.exe
c:\windows\system32\msnatoae.exe
c:\windows\system32\msnbp.exe
c:\windows\system32\msncbycj.exe
c:\windows\system32\msndb.exe
c:\windows\system32\msnduhh.exe
c:\windows\system32\msnev.exe
c:\windows\system32\msngnblm.exe
c:\windows\system32\msngvmj.exe
c:\windows\system32\msnhfmmi.exe
c:\windows\system32\msnhov.exe
c:\windows\system32\msniqwfv.exe
c:\windows\system32\msnirke.exe
c:\windows\system32\msniuwgr.exe
c:\windows\system32\msnjmgvu.exe
c:\windows\system32\msnkgzxy.exe
c:\windows\system32\msnlapm.exe
c:\windows\system32\msnlcq.exe
c:\windows\system32\msnljhh.exe
c:\windows\system32\msnmkm.exe
c:\windows\system32\msnnror.exe
c:\windows\system32\msnpj.exe
c:\windows\system32\msnpoc.exe
c:\windows\system32\msnptpy.exe
c:\windows\system32\msnpwn.exe
c:\windows\system32\msnqduj.exe
c:\windows\system32\msnqffxd.exe
c:\windows\system32\msnsebjh.exe
c:\windows\system32\msnuebb.exe
c:\windows\system32\msnui.exe
c:\windows\system32\msnvt.exe
c:\windows\system32\msnwgfs.exe
c:\windows\system32\msnwnh.exe
c:\windows\system32\msnxr.exe
c:\windows\system32\msnzxa.exe
c:\windows\system32\msogc.exe
c:\windows\system32\msogea.exe
c:\windows\system32\msogmc.exe
c:\windows\system32\msogx.exe
c:\windows\system32\msohgsi.exe
c:\windows\system32\msohpaw.exe
c:\windows\system32\msokd.exe
c:\windows\system32\msolnc.exe
c:\windows\system32\msolyr.exe
c:\windows\system32\msomzaz.exe
c:\windows\system32\msonlf.exe
c:\windows\system32\msonmq.exe
c:\windows\system32\msooie.exe
c:\windows\system32\msopbjh.exe
c:\windows\system32\msorhw.exe
c:\windows\system32\msosggko.exe
c:\windows\system32\msosj.exe
c:\windows\system32\msota.exe
c:\windows\system32\msotpoe.exe
c:\windows\system32\msouilp.exe
c:\windows\system32\msoulxu.exe
c:\windows\system32\msour.exe
c:\windows\system32\msowlvju.exe
c:\windows\system32\msowwv.exe
c:\windows\system32\msoxx.exe
c:\windows\system32\msozp.exe
c:\windows\system32\mspabvcz.exe
c:\windows\system32\mspauio.exe
c:\windows\system32\mspbg.exe
c:\windows\system32\mspbr.exe
c:\windows\system32\mspbw.exe
c:\windows\system32\mspehaib.exe
c:\windows\system32\mspffyg.exe
c:\windows\system32\mspfq.exe
c:\windows\system32\mspfvk.exe
c:\windows\system32\mspfzn.exe
c:\windows\system32\msphgy.exe
c:\windows\system32\msphu.exe
c:\windows\system32\mspid.exe
c:\windows\system32\mspiqiyr.exe
c:\windows\system32\mspja.exe
c:\windows\system32\mspjcl.exe
c:\windows\system32\mspjidkk.exe
c:\windows\system32\mspjuw.exe
c:\windows\system32\mspkdk.exe
c:\windows\system32\msplis.exe
c:\windows\system32\msplqt.exe
c:\windows\system32\mspne.exe
c:\windows\system32\mspniu.exe
c:\windows\system32\mspoupkp.exe
c:\windows\system32\mspppp.exe
c:\windows\system32\mspprrbd.exe
c:\windows\system32\mspqo.exe
c:\windows\system32\mspskr.exe
c:\windows\system32\mspum.exe
c:\windows\system32\mspvraek.exe
c:\windows\system32\mspwb.exe
c:\windows\system32\mspwyng.exe
c:\windows\system32\mspxuq.exe
c:\windows\system32\mspyhkey.exe
c:\windows\system32\mspyva.exe
c:\windows\system32\msqaadpz.exe
c:\windows\system32\msqaeg.exe
c:\windows\system32\msqak.exe
c:\windows\system32\msqaqqt.exe
c:\windows\system32\msqatg.exe
c:\windows\system32\msqbhp.exe
c:\windows\system32\msqcctw.exe
c:\windows\system32\msqdc.exe
c:\windows\system32\msqfa.exe
c:\windows\system32\msqfta.exe
c:\windows\system32\msqggn.exe
c:\windows\system32\msqgyz.exe
c:\windows\system32\msqijgbj.exe
c:\windows\system32\msqloov.exe

floodjlc
Novice
Novice

Status :
Online
Offline

Posts : 49
Joined : 2009-07-02
OS : windows xp

View user profile

Back to top Go down

Re: System Security Virus

Post by floodjlc on Mon Jul 06, 2009 5:53 pm

c:\windows\system32\msqmrg.exe
c:\windows\system32\msqohkc.exe
c:\windows\system32\msqoq.exe
c:\windows\system32\msqpkwi.exe
c:\windows\system32\msqqnjig.exe
c:\windows\system32\msqqob.exe
c:\windows\system32\msqrjc.exe
c:\windows\system32\msqrys.exe
c:\windows\system32\msqseue.exe
c:\windows\system32\msqsey.exe
c:\windows\system32\msqskdji.exe
c:\windows\system32\msqsnrm.exe
c:\windows\system32\msqsnyl.exe
c:\windows\system32\msqsvn.exe
c:\windows\system32\msqvubc.exe
c:\windows\system32\msraufxh.exe
c:\windows\system32\msravn.exe
c:\windows\system32\msrbh.exe
c:\windows\system32\msrbi.exe
c:\windows\system32\msrbnsai.exe
c:\windows\system32\msrdsc.exe
c:\windows\system32\msrflpxe.exe
c:\windows\system32\msrgqm.exe
c:\windows\system32\msrhm.exe
c:\windows\system32\msrhpg.exe
c:\windows\system32\msrjzx.exe
c:\windows\system32\msrkr.exe
c:\windows\system32\msrmxyzv.exe
c:\windows\system32\msrndqvl.exe
c:\windows\system32\msrnjia.exe
c:\windows\system32\msroigsm.exe
c:\windows\system32\msromg.exe
c:\windows\system32\msrqia.exe
c:\windows\system32\msrrcph.exe
c:\windows\system32\msrrmor.exe
c:\windows\system32\msrtndp.exe
c:\windows\system32\msruxjq.exe
c:\windows\system32\msrvq.exe
c:\windows\system32\msrvrhzr.exe
c:\windows\system32\msrwy.exe
c:\windows\system32\msrxb.exe
c:\windows\system32\msrxbwk.exe
c:\windows\system32\msrybo.exe
c:\windows\system32\msrybz.exe
c:\windows\system32\msryou.exe
c:\windows\system32\msryyakj.exe
c:\windows\system32\msrzrl.exe
c:\windows\system32\msrzw.exe
c:\windows\system32\mssbwncb.exe
c:\windows\system32\mssbzgk.exe
c:\windows\system32\mssdaa.exe
c:\windows\system32\mssdniij.exe
c:\windows\system32\mssfgh.exe
c:\windows\system32\mukmil.dll
c:\windows\system32\oc9
c:\windows\system32\pcmstub.sys
c:\windows\system32\shel9
c:\windows\system32\tpsaxyd.exe
c:\windows\system32\wbem\proquota.exe
c:\windows\system32\wiawow32.sys
c:\windows\system32\yyadd.ini
c:\windows\system32\yyadd.ini2

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_hjgruifvkibaiq
-------\Legacy_6TO4
-------\Legacy_DRV
-------\Legacy_PCMSTUB
-------\Service_6to4
-------\Service_drv
-------\Service_pcmstub


((((((((((((((((((((((((( Files Created from 2009-06-06 to 2009-07-06 )))))))))))))))))))))))))))))))
.

2009-07-04 23:42 . 2009-07-04 23:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-07-03 06:10 . 2009-07-03 06:10 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AVG Security Toolbar
2009-07-03 06:10 . 2009-07-03 06:10 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-07-03 05:46 . 2009-07-03 05:46 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-07-02 20:35 . 2009-07-02 20:35 -------- d-----w- c:\windows\ie8updates
2009-07-02 20:15 . 2009-07-03 06:10 112910 ----a-w- C:\MGlogs.zip
2009-07-02 20:14 . 2009-07-04 23:05 -------- d-----w- C:\MGtools
2009-07-02 19:12 . 2009-07-02 19:12 0 ----a-w- c:\windows\system32\lich.dat
2009-07-02 19:05 . 2009-07-02 19:05 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-07-02 19:00 . 2009-07-02 19:00 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-07-02 18:57 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-07-02 18:57 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-02 15:55 . 2009-07-02 15:55 -------- d-sh--w- c:\documents and settings\Kara Hudon\IECompatCache
2009-07-02 15:54 . 2009-07-02 15:54 -------- d-sh--w- c:\documents and settings\Kara Hudon\PrivacIE
2009-07-02 15:47 . 2009-07-02 15:47 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-02 15:46 . 2009-07-02 15:46 -------- d-sh--w- c:\documents and settings\Kara Hudon\IETldCache
2009-07-02 15:32 . 2009-07-02 15:33 -------- dc-h--w- c:\windows\ie8
2009-07-02 00:18 . 2009-07-02 00:18 122080 ----a-w- C:\cfrm.exe
2009-07-02 00:04 . 2009-07-02 00:04 127488 ---h--w- c:\windows\system32\mswnccgz.exe
2009-07-02 00:01 . 2009-07-02 00:01 86016 ----a-w- c:\windows\system32\lich.exe
2009-07-02 00:00 . 2009-07-02 00:00 -------- d-----w- c:\program files\drv
2009-07-02 00:00 . 2009-07-02 00:00 28672 ----a-w- C:\fdvjfx.exe
2009-06-25 16:21 . 2009-06-25 16:21 -------- d-----w- c:\documents and settings\Kara Hudon\Local Settings\Application Data\AVG Security Toolbar
2009-06-25 16:09 . 2009-06-25 16:08 832144 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\AVGToolbarInstall.exe
2009-06-25 16:09 . 2009-06-25 16:09 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-06-25 16:09 . 2009-06-25 16:09 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-06 04:55 . 2009-07-02 00:34 4 ---h--w- c:\windows\Fonts\mlog
2009-07-04 23:46 . 2009-03-20 16:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-04 23:46 . 2009-03-20 16:26 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-02 18:31 . 2008-06-12 18:31 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-07-02 05:28 . 2009-07-02 06:03 1952 ----a-w- c:\windows\system32\drivers\kmixer.sys
2009-06-25 16:08 . 2008-06-12 18:31 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-25 16:08 . 2008-06-12 18:31 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-25 16:08 . 2008-06-12 18:31 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-17 15:27 . 2009-03-20 16:25 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-22 03:01 . 2006-06-13 01:27 -------- d-----w- c:\documents and settings\Kara Hudon\Application Data\AdobeUM
2009-05-20 16:23 . 2008-06-12 18:31 -------- d-----w- c:\documents and settings\Kara Hudon\Application Data\AVGTOOLBAR
2009-05-20 16:22 . 2009-05-20 16:22 -------- d-----w- c:\documents and settings\Kara Hudon\Application Data\Red Kawa
2009-05-20 16:21 . 2009-05-20 16:21 -------- d-----w- c:\program files\AviSynth 2.5
2009-05-20 16:21 . 2009-05-20 16:21 -------- d-----w- c:\program files\Red Kawa
2009-05-20 16:20 . 2007-01-29 05:15 -------- d-----w- c:\documents and settings\Kara Hudon\Application Data\Vso
2009-05-19 02:26 . 2006-06-09 21:47 -------- d-----w- c:\documents and settings\Kara Hudon\Application Data\Apple Computer
2009-05-19 02:13 . 2009-05-19 02:12 -------- d-----w- c:\program files\iTunes
2009-05-19 02:13 . 2009-05-19 02:12 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-19 02:12 . 2009-05-19 02:12 -------- d-----w- c:\program files\iPod
2009-05-19 02:11 . 2009-05-19 02:11 -------- d-----w- c:\program files\Bonjour
2009-05-19 02:10 . 2009-05-19 02:10 -------- d-----w- c:\program files\QuickTime
2009-05-19 02:05 . 2009-05-19 02:05 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-05-13 05:15 . 2004-08-10 11:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-08 01:00 . 2008-06-12 18:31 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-07 15:32 . 2004-08-10 11:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-17 12:26 . 2004-08-10 11:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-10 11:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2008-08-29 01:06 . 2006-12-18 01:31 56 --sh--r- c:\windows\system32\1442C91D9C.sys
2008-10-05 14:43 . 2006-06-09 20:39 88 --sh--r- c:\windows\system32\9C1DC94214.sys
2008-10-05 14:43 . 2006-06-09 20:39 6580 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

floodjlc
Novice
Novice

Status :
Online
Offline

Posts : 49
Joined : 2009-07-02
OS : windows xp

View user profile

Back to top Go down

Re: System Security Virus

Post by floodjlc on Mon Jul 06, 2009 5:54 pm

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 700416]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 602182]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2006-05-22 694272]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-11-16 397312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-6-5 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-25 16:08 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=c:\windows\pss\Kodak software updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1149888426\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1149888426\\ee\\aim6.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
"c:\\Program Files\\Viewpoint\\Common\\ViewpointService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\fonts\\services.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/12/2008 2:31 PM 327688]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/12/2008 2:31 PM 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [8/29/2008 12:37 PM 906520]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/3/2008 2:45 PM 298776]
S1 drvdrv;drvdrv;\??\c:\program files\drv\drv.sys --> c:\program files\drv\drv.sys [?]
S2 xbmhki;xbmhki;c:\windows\system32\drivers\fnvbf.sys --> c:\windows\system32\drivers\fnvbf.sys [?]
S3 PCD5SRVC{FBEA8B78-1B22F121-05040000};PCD5SRVC{FBEA8B78-1B22F121-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms [12/5/2007 4:47 PM 20640]
S4 lich;lich;c:\windows\system32\lich.exe [7/1/2009 8:01 PM 86016]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/17/2007 3:18 PM 24652]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
drv REG_MULTI_SZ drv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - "F:\Install FreeAgent Tools.exe" /run

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 21:57]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-A00F68AE37.exe - c:\docume~1\KARAHU~1\LOCALS~1\Temp\_A00F68AE37.exe
HKCU-Run-hsf7husjnfg98gi498aejhiugjkdg4 - c:\docume~1\KARAHU~1\LOCALS~1\Temp\hnrnad.exe
HKCU-Run-LowRiskFileTypes - c:\windows\sysguard.exe
HKCU-Run-Windows System Recover! - c:\docume~1\KARAHU~1\LOCALS~1\Temp\login.exe
HKCU-Run-Aim6 - (no file)


.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
FF - ProfilePath - c:\documents and settings\Kara Hudon\Application Data\Mozilla\Firefox\Profiles\9d9q2bal.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava14.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-07-06 13:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\7d8e9e7cdef90eef8fbb287e74086fa9.sys 39936 bytes executable
c:\windows\system32\_7d8e9e7cdef90eef8fbb287e74086fa9.sys_.vir 39936 bytes executable

scan completed successfully
hidden files: 2

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\7d8e9e7cdef90eef8fbb287e74086fa9]
"ImagePath"="system32\7d8e9e7cdef90eef8fbb287e74086fa9.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PCD5SRVC{FBEA8B78-1B22F121-05040000}]
"ImagePath"="\??\c:\progra~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Adobe\Premiere\7.0\DefaultPreset]
@DACL=(02 0000)
@="c:\\Program Files\\Adobe\\Premiere Pro\\Settings\\DV - NTSC\\Standard 48kHz.prpreset"

[HKEY_LOCAL_MACHINE\software\Adobe\Premiere\7.0\Help]
@DACL=(02 0000)
"AdobeMediaEncoder"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\1_0_0_0.html"
"Contents"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\1_0_0_0.html"
"ExportToDVD"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\1_13_2_0.html"
"HowToUse"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\0_0_0_0.html"
"Keyboard"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\1_4_15_0.html"
"Search"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\search.html"
"Support"="http://www.adobe.com/support/products/premiere.html"

[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\0*! 2*]
"Path"="c:\\Documents and Settings\\Kara Hudon\\Application Data\\Intel\\Wireless\\"

[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\* 2*]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1464)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\a-squared Free\a2service.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\dllhost.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
.
**************************************************************************
.
Completion time: 2009-07-06 13:45 - machine was rebooted [Kara Hudon]
ComboFix-quarantined-files.txt 2009-07-06 17:45

Pre-Run: 24,108,789,760 bytes free
Post-Run: 22,857,265,152 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

836 --- E O F --- 2009-07-02 20:35

floodjlc
Novice
Novice

Status :
Online
Offline

Posts : 49
Joined : 2009-07-02
OS : windows xp

View user profile

Back to top Go down

Re: System Security Virus

Post by Belahzur on Mon Jul 06, 2009 6:04 pm

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

File::
C:\MGlogs.zip
c:\windows\system32\lich.dat
C:\cfrm.exe
c:\windows\system32\mswnccgz.exe
c:\windows\system32\lich.exe
C:\fdvjfx.exe

Folder::
c:\program files\drv
C:\MGtools

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\fonts\\services.exe"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
"drv"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
[-HKEY_LOCAL_MACHINE\System\ControlSet004\Services\7d8e9e7cdef90eef8fbb287e74086fa9]

Driver::
drvdrv
xbmhki
lich

ROOTKIT::
c:\windows\system32\7d8e9e7cdef90eef8fbb287e74086fa9.sys
c:\windows\system32\_7d8e9e7cdef90eef8fbb287e74086fa9.sys_.vir

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: System Security Virus

Post by floodjlc on Mon Jul 06, 2009 7:09 pm

I accidently closed the report....where do I find it?

floodjlc
Novice
Novice

Status :
Online
Offline

Posts : 49
Joined : 2009-07-02
OS : windows xp

View user profile

Back to top Go down

Re: System Security Virus

Post by Belahzur on Mon Jul 06, 2009 7:26 pm

C:\Combofix.txt


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: System Security Virus

Post by floodjlc on Mon Jul 06, 2009 7:40 pm

ComboFix 09-07-05.04 - Kara Hudon 07/06/2009 14:51.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.470 [GMT -4:00]
Running from: c:\documents and settings\Kara Hudon\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Kara Hudon\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall Plus *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"C:\cfrm.exe"
"C:\fdvjfx.exe"
"C:\MGlogs.zip"
"c:\windows\system32\lich.dat"
"c:\windows\system32\lich.exe"
"c:\windows\system32\mswnccgz.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\cfrm.exe
C:\fdvjfx.exe
C:\MGlogs.zip
C:\MGtools
c:\mgtools\backups\backup-20090704-190542-115
c:\mgtools\backups\backup-20090704-190542-218
c:\mgtools\backups\backup-20090704-190542-580
c:\mgtools\backups\backup-20090704-190542-633
c:\mgtools\backups\backup-20090704-190542-634
c:\mgtools\backups\backup-20090704-190542-720
c:\mgtools\backups\backup-20090704-190542-752
c:\mgtools\backups\backup-20090704-190542-875
c:\mgtools\backups\backup-20090704-190542-880
c:\mgtools\backups\backup-20090704-190542-887
c:\mgtools\backups\backup-20090704-190542-929
c:\mgtools\backups\backup-20090704-190542-940
c:\mgtools\chodefix.bat
c:\mgtools\config.reg
c:\mgtools\DisableUAC.reg
c:\mgtools\EnableUAC.reg
c:\mgtools\ffdata.txt
c:\mgtools\filelog.txt
c:\mgtools\FindOVL.bat
c:\mgtools\FixBagle.bat
c:\mgtools\fixBagle.reg
c:\mgtools\FixCF.bat
c:\mgtools\fixCF.reg
c:\mgtools\fixChode.reg
c:\mgtools\FixFA.bat
c:\mgtools\fixFA.reg
c:\mgtools\flowers.log
c:\mgtools\GetDetails.exe
c:\mgtools\GetLogs.Bat
c:\mgtools\GetRunKey.bat
c:\mgtools\GetUnKey.txt
c:\mgtools\GetUnKeys.bat
c:\mgtools\grep.exe
c:\mgtools\GRK64.bat
c:\mgtools\hide.reg
c:\mgtools\history.txt
c:\mgtools\HTAfind.bat
c:\mgtools\IEFIX.reg
c:\mgtools\locate.com
c:\mgtools\ltime.exe
c:\mgtools\MGclean.bat
c:\mgtools\newfiles.txt
c:\mgtools\procdll.txt
c:\mgtools\Process.exe
c:\mgtools\ProcessDll.exe
c:\mgtools\Regfix.bat
c:\mgtools\runkeys.txt
c:\mgtools\RunMB.bat
c:\mgtools\sed.exe
c:\mgtools\ShowNew.bat
c:\mgtools\SN64.bat
c:\mgtools\swreg.exe
c:\mgtools\swwhoami.exe
c:\mgtools\sysinfo.txt
c:\mgtools\sysrest.txt
c:\mgtools\unhide.reg
c:\mgtools\UserInfo.bat
c:\mgtools\UserInfo.txt
c:\mgtools\vfind.exe
c:\mgtools\VunFind.bat
c:\mgtools\winfiles.txt
c:\mgtools\winlogon.exe
c:\mgtools\zip.exe
c:\program files\drv
c:\program files\drv\drv.dll
c:\windows\system32\lich.dat
c:\windows\system32\lich.exe
c:\windows\system32\msshjha.exe
c:\windows\system32\msshonf.exe
c:\windows\system32\msshv.exe
c:\windows\system32\mssiiii.exe
c:\windows\system32\mssizgn.exe
c:\windows\system32\msskmmw.exe
c:\windows\system32\msskta.exe
c:\windows\system32\msslt.exe
c:\windows\system32\mssmcfyz.exe
c:\windows\system32\mssnkfyk.exe
c:\windows\system32\mssnmxi.exe
c:\windows\system32\mssnqa.exe
c:\windows\system32\mssnuu.exe
c:\windows\system32\mssolc.exe
c:\windows\system32\mssoyqe.exe
c:\windows\system32\msspencs.exe
c:\windows\system32\msspm.exe
c:\windows\system32\msspt.exe
c:\windows\system32\msspufq.exe
c:\windows\system32\mssqocfq.exe
c:\windows\system32\mssqsrf.exe
c:\windows\system32\mssrwj.exe
c:\windows\system32\mssshmb.exe
c:\windows\system32\mssstb.exe
c:\windows\system32\msstqwff.exe
c:\windows\system32\mssvg.exe
c:\windows\system32\msswyvwv.exe
c:\windows\system32\msswz.exe
c:\windows\system32\mssyhw.exe
c:\windows\system32\msszbuii.exe
c:\windows\system32\mssznsn.exe
c:\windows\system32\mstalgsy.exe
c:\windows\system32\mstara.exe
c:\windows\system32\mstax.exe
c:\windows\system32\mstda.exe
c:\windows\system32\mstdjee.exe
c:\windows\system32\mstdn.exe
c:\windows\system32\mstdphc.exe
c:\windows\system32\mstebpf.exe
c:\windows\system32\mstfdi.exe
c:\windows\system32\mstjphb.exe
c:\windows\system32\mstjtobb.exe
c:\windows\system32\mstlrhy.exe
c:\windows\system32\mstlswu.exe
c:\windows\system32\mstmf.exe
c:\windows\system32\mstmgg.exe
c:\windows\system32\mstmroe.exe
c:\windows\system32\mstnpb.exe
c:\windows\system32\mstnpbr.exe
c:\windows\system32\mstphaih.exe
c:\windows\system32\mstplig.exe
c:\windows\system32\mstpzt.exe
c:\windows\system32\mstqb.exe
c:\windows\system32\mstqiii.exe
c:\windows\system32\mstqmmgl.exe
c:\windows\system32\mstrvxrj.exe
c:\windows\system32\mstrwtaa.exe
c:\windows\system32\mstsryp.exe
c:\windows\system32\mstvog.exe
c:\windows\system32\mstwrhb.exe
c:\windows\system32\mstzyqx.exe
c:\windows\system32\msubpi.exe
c:\windows\system32\msudbu.exe
c:\windows\system32\msudcozb.exe
c:\windows\system32\msueaxr.exe
c:\windows\system32\msuemxsj.exe
c:\windows\system32\msufi.exe
c:\windows\system32\msuhiyf.exe
c:\windows\system32\msuhzvfr.exe
c:\windows\system32\msuittkc.exe
c:\windows\system32\msuiuzv.exe
c:\windows\system32\msumyblk.exe
c:\windows\system32\msuneldz.exe
c:\windows\system32\msunmv.exe
c:\windows\system32\msuovcx.exe
c:\windows\system32\msupye.exe
c:\windows\system32\msurowds.exe
c:\windows\system32\msusbjc.exe
c:\windows\system32\msutszrh.exe
c:\windows\system32\msuuo.exe
c:\windows\system32\msuup.exe
c:\windows\system32\msuvcdq.exe
c:\windows\system32\msuvipnt.exe
c:\windows\system32\msuvzbt.exe
c:\windows\system32\msuwgy.exe
c:\windows\system32\msuyc.exe
c:\windows\system32\msuykpp.exe
c:\windows\system32\msvakv.exe
c:\windows\system32\msvblxq.exe
c:\windows\system32\msvcqkl.exe
c:\windows\system32\msvdijv.exe
c:\windows\system32\msvdkqtz.exe
c:\windows\system32\msvdrgxp.exe
c:\windows\system32\msvealip.exe
c:\windows\system32\msveg.exe
c:\windows\system32\msvek.exe
c:\windows\system32\msvezvgi.exe
c:\windows\system32\msvhe.exe
c:\windows\system32\msvik.exe
c:\windows\system32\msvjtje.exe
c:\windows\system32\msvkqv.exe
c:\windows\system32\msvln.exe
c:\windows\system32\msvnh.exe
c:\windows\system32\msvos.exe
c:\windows\system32\msvpg.exe
c:\windows\system32\msvqqzo.exe
c:\windows\system32\msvrrhc.exe
c:\windows\system32\msvrs.exe
c:\windows\system32\msvspigl.exe
c:\windows\system32\msvsvuqv.exe

floodjlc
Novice
Novice

Status :
Online
Offline

Posts : 49
Joined : 2009-07-02
OS : windows xp

View user profile

Back to top Go down

Re: System Security Virus

Post by floodjlc on Mon Jul 06, 2009 7:40 pm

c:\windows\system32\msvsy.exe
c:\windows\system32\msvuoct.exe
c:\windows\system32\msvwcafu.exe
c:\windows\system32\msvyb.exe
c:\windows\system32\msvydudn.exe
c:\windows\system32\msvyls.exe
c:\windows\system32\msvynp.exe
c:\windows\system32\msvzhcw.exe
c:\windows\system32\mswagwsd.exe
c:\windows\system32\mswbl.exe
c:\windows\system32\mswbs.exe
c:\windows\system32\mswcipw.exe
c:\windows\system32\mswcsz.exe
c:\windows\system32\mswdsx.exe
c:\windows\system32\mswfrozl.exe
c:\windows\system32\mswgdgow.exe
c:\windows\system32\mswgur.exe
c:\windows\system32\mswher.exe
c:\windows\system32\mswheti.exe
c:\windows\system32\mswhkboi.exe
c:\windows\system32\mswir.exe
c:\windows\system32\mswiz.exe
c:\windows\system32\mswlbc.exe
c:\windows\system32\mswleaz.exe
c:\windows\system32\mswlfqks.exe
c:\windows\system32\mswltyp.exe
c:\windows\system32\mswmdf.exe
c:\windows\system32\mswmvcs.exe
c:\windows\system32\mswnccgz.exe
c:\windows\system32\mswnraw.exe
c:\windows\system32\mswpf.exe
c:\windows\system32\mswpyvj.exe
c:\windows\system32\mswpzdz.exe
c:\windows\system32\mswqvy.exe
c:\windows\system32\mswrls.exe
c:\windows\system32\mswsraav.exe
c:\windows\system32\mswtd.exe
c:\windows\system32\mswtli.exe
c:\windows\system32\mswtqx.exe
c:\windows\system32\mswubbaa.exe
c:\windows\system32\mswuymws.exe
c:\windows\system32\mswuz.exe
c:\windows\system32\mswvsldl.exe
c:\windows\system32\mswwb.exe
c:\windows\system32\mswwnoa.exe
c:\windows\system32\mswxckx.exe
c:\windows\system32\mswxgq.exe
c:\windows\system32\mswxml.exe
c:\windows\system32\mswyhbdu.exe
c:\windows\system32\mswzbhee.exe
c:\windows\system32\msxajwt.exe
c:\windows\system32\msxcdk.exe
c:\windows\system32\msxcsik.exe
c:\windows\system32\msxdnjne.exe
c:\windows\system32\msxfi.exe
c:\windows\system32\msxilpqb.exe
c:\windows\system32\msxivjk.exe
c:\windows\system32\msxjia.exe
c:\windows\system32\msxjjwxe.exe
c:\windows\system32\msxlkbbb.exe
c:\windows\system32\msxlzzsy.exe
c:\windows\system32\msxoio.exe
c:\windows\system32\msxpxp.exe
c:\windows\system32\msxqnnwg.exe
c:\windows\system32\msxuhfkj.exe

floodjlc
Novice
Novice

Status :
Online
Offline

Posts : 49
Joined : 2009-07-02
OS : windows xp

View user profile

Back to top Go down

Re: System Security Virus

Post by floodjlc on Mon Jul 06, 2009 7:41 pm

c:\windows\system32\msxvvvl.exe
c:\windows\system32\msxzkak.exe
c:\windows\system32\msyafdfa.exe
c:\windows\system32\msyan.exe
c:\windows\system32\msyau.exe
c:\windows\system32\msybqx.exe
c:\windows\system32\msycdl.exe
c:\windows\system32\msycik.exe
c:\windows\system32\msycizlk.exe
c:\windows\system32\msydbo.exe
c:\windows\system32\msydmse.exe
c:\windows\system32\msydnww.exe
c:\windows\system32\msydwyfs.exe
c:\windows\system32\msyecg.exe
c:\windows\system32\msyfbz.exe
c:\windows\system32\msygja.exe
c:\windows\system32\msygo.exe
c:\windows\system32\msyhbni.exe
c:\windows\system32\msyhetw.exe
c:\windows\system32\msyhzhhw.exe
c:\windows\system32\msykpxi.exe
c:\windows\system32\msyle.exe
c:\windows\system32\msymfkgo.exe
c:\windows\system32\msymg.exe
c:\windows\system32\msynpna.exe
c:\windows\system32\msynwq.exe
c:\windows\system32\msyoobc.exe
c:\windows\system32\msyoozr.exe
c:\windows\system32\msyouj.exe
c:\windows\system32\msyqtwlh.exe
c:\windows\system32\msyraexn.exe
c:\windows\system32\msyrbq.exe
c:\windows\system32\msyssn.exe
c:\windows\system32\msytj.exe
c:\windows\system32\msytr.exe
c:\windows\system32\msyuf.exe
c:\windows\system32\msyvb.exe
c:\windows\system32\msyyk.exe
c:\windows\system32\mszay.exe
c:\windows\system32\mszdn.exe
c:\windows\system32\mszeo.exe
c:\windows\system32\mszes.exe
c:\windows\system32\mszfpmlm.exe
c:\windows\system32\mszfpvwq.exe
c:\windows\system32\mszfz.exe
c:\windows\system32\mszgt.exe
c:\windows\system32\mszhdic.exe
c:\windows\system32\mszhjog.exe
c:\windows\system32\mszjwcd.exe
c:\windows\system32\mszkelwg.exe
c:\windows\system32\mszld.exe
c:\windows\system32\mszlqpr.exe
c:\windows\system32\mszlrg.exe
c:\windows\system32\mszlyv.exe
c:\windows\system32\msznlulq.exe
c:\windows\system32\msznx.exe
c:\windows\system32\msznxi.exe
c:\windows\system32\mszpe.exe
c:\windows\system32\mszrugb.exe
c:\windows\system32\mszrxoy.exe
c:\windows\system32\mszsk.exe
c:\windows\system32\msztds.exe
c:\windows\system32\mszvo.exe
c:\windows\system32\mszwj.exe
c:\windows\system32\mszyfye.exe
c:\windows\system32\mszyvz.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DRVDRV
-------\Legacy_LICH
-------\Legacy_XBMHKI
-------\Service_drvdrv
-------\Service_lich
-------\Service_xbmhki
-------\Service_7d8e9e7cdef90eef8fbb287e74086fa9


((((((((((((((((((((((((( Files Created from 2009-06-06 to 2009-07-06 )))))))))))))))))))))))))))))))
.

2009-07-06 18:35 . 2009-07-06 18:35 -------- d-sh--w- C:\found.000
2009-07-06 17:34 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-07-04 23:42 . 2009-07-04 23:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-07-03 06:10 . 2009-07-03 06:10 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AVG Security Toolbar
2009-07-03 06:10 . 2009-07-03 06:10 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-07-03 05:46 . 2009-07-03 05:46 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-07-02 20:35 . 2009-07-02 20:35 -------- d-----w- c:\windows\ie8updates
2009-07-02 19:05 . 2009-07-02 19:05 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-07-02 19:00 . 2009-07-02 19:00 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-07-02 18:57 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-07-02 18:57 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-02 15:55 . 2009-07-02 15:55 -------- d-sh--w- c:\documents and settings\Kara Hudon\IECompatCache
2009-07-02 15:54 . 2009-07-02 15:54 -------- d-sh--w- c:\documents and settings\Kara Hudon\PrivacIE
2009-07-02 15:47 . 2009-07-02 15:47 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-02 15:46 . 2009-07-02 15:46 -------- d-sh--w- c:\documents and settings\Kara Hudon\IETldCache
2009-07-02 15:32 . 2009-07-02 15:33 -------- dc-h--w- c:\windows\ie8
2009-06-25 16:21 . 2009-06-25 16:21 -------- d-----w- c:\documents and settings\Kara Hudon\Local Settings\Application Data\AVG Security Toolbar
2009-06-25 16:09 . 2009-06-25 16:08 832144 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\AVGToolbarInstall.exe
2009-06-25 16:09 . 2009-06-25 16:09 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-06-25 16:09 . 2009-06-25 16:09 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR

floodjlc
Novice
Novice

Status :
Online
Offline

Posts : 49
Joined : 2009-07-02
OS : windows xp

View user profile

Back to top Go down

Re: System Security Virus

Post by floodjlc on Mon Jul 06, 2009 7:41 pm

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-06 04:55 . 2009-07-02 00:34 4 ---h--w- c:\windows\Fonts\mlog
2009-07-04 23:46 . 2009-03-20 16:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-04 23:46 . 2009-03-20 16:26 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-02 18:31 . 2008-06-12 18:31 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-07-02 05:28 . 2009-07-02 06:03 1952 ----a-w- c:\windows\system32\drivers\kmixer.sys
2009-06-25 16:08 . 2008-06-12 18:31 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-25 16:08 . 2008-06-12 18:31 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-25 16:08 . 2008-06-12 18:31 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-17 15:27 . 2009-03-20 16:25 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-22 03:01 . 2006-06-13 01:27 -------- d-----w- c:\documents and settings\Kara Hudon\Application Data\AdobeUM
2009-05-20 16:23 . 2008-06-12 18:31 -------- d-----w- c:\documents and settings\Kara Hudon\Application Data\AVGTOOLBAR
2009-05-20 16:22 . 2009-05-20 16:22 -------- d-----w- c:\documents and settings\Kara Hudon\Application Data\Red Kawa
2009-05-20 16:21 . 2009-05-20 16:21 -------- d-----w- c:\program files\AviSynth 2.5
2009-05-20 16:21 . 2009-05-20 16:21 -------- d-----w- c:\program files\Red Kawa
2009-05-20 16:20 . 2007-01-29 05:15 -------- d-----w- c:\documents and settings\Kara Hudon\Application Data\Vso
2009-05-19 02:26 . 2006-06-09 21:47 -------- d-----w- c:\documents and settings\Kara Hudon\Application Data\Apple Computer
2009-05-19 02:13 . 2009-05-19 02:12 -------- d-----w- c:\program files\iTunes
2009-05-19 02:13 . 2009-05-19 02:12 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-19 02:12 . 2009-05-19 02:12 -------- d-----w- c:\program files\iPod
2009-05-19 02:11 . 2009-05-19 02:11 -------- d-----w- c:\program files\Bonjour
2009-05-19 02:10 . 2009-05-19 02:10 -------- d-----w- c:\program files\QuickTime
2009-05-19 02:05 . 2009-05-19 02:05 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-05-13 05:15 . 2004-08-10 11:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-08 01:00 . 2008-06-12 18:31 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-07 15:32 . 2004-08-10 11:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-17 12:26 . 2004-08-10 11:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-10 11:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2008-08-29 01:06 . 2006-12-18 01:31 56 --sh--r- c:\windows\system32\1442C91D9C.sys
2008-10-05 14:43 . 2006-06-09 20:39 88 --sh--r- c:\windows\system32\9C1DC94214.sys
2008-10-05 14:43 . 2006-06-09 20:39 6580 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 700416]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 602182]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2006-05-22 694272]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-11-16 397312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-6-5 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-25 16:08 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=c:\windows\pss\Kodak software updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1149888426\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1149888426\\ee\\aim6.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
"c:\\Program Files\\Viewpoint\\Common\\ViewpointService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/12/2008 2:31 PM 327688]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/12/2008 2:31 PM 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [8/29/2008 12:37 PM 906520]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/3/2008 2:45 PM 298776]
S3 PCD5SRVC{FBEA8B78-1B22F121-05040000};PCD5SRVC{FBEA8B78-1B22F121-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms [12/5/2007 4:47 PM 20640]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/17/2007 3:18 PM 24652]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 21:57]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
FF - ProfilePath - c:\documents and settings\Kara Hudon\Application Data\Mozilla\Firefox\Profiles\9d9q2bal.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava14.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-07-06 15:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PCD5SRVC{FBEA8B78-1B22F121-05040000}]
"ImagePath"="\??\c:\progra~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Adobe\Premiere\7.0\DefaultPreset]
@DACL=(02 0000)
@="c:\\Program Files\\Adobe\\Premiere Pro\\Settings\\DV - NTSC\\Standard 48kHz.prpreset"

[HKEY_LOCAL_MACHINE\software\Adobe\Premiere\7.0\Help]
@DACL=(02 0000)
"AdobeMediaEncoder"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\1_0_0_0.html"
"Contents"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\1_0_0_0.html"
"ExportToDVD"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\1_13_2_0.html"
"HowToUse"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\0_0_0_0.html"
"Keyboard"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\1_4_15_0.html"
"Search"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\search.html"
"Support"="http://www.adobe.com/support/products/premiere.html"

[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\0*! 2*]
"Path"="c:\\Documents and Settings\\Kara Hudon\\Application Data\\Intel\\Wireless\\"

[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\* 2*]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1236)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\a-squared Free\a2service.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\igfxsrvc.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-07-06 15:07 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-06 19:07
ComboFix2.txt 2009-07-06 17:45

Pre-Run: 22,847,897,600 bytes free
Post-Run: 22,800,965,632 bytes free

562 --- E O F --- 2009-07-02 20:35

floodjlc
Novice
Novice

Status :
Online
Offline

Posts : 49
Joined : 2009-07-02
OS : windows xp

View user profile

Back to top Go down

Re: System Security Virus

Post by Belahzur on Mon Jul 06, 2009 8:04 pm

Hello.

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: System Security Virus

Post by floodjlc on Mon Jul 06, 2009 9:19 pm

Ad-Aware SE Personal
Adobe Acrobat - Reader 6.0.2 Update
Adobe After Effects 6.0
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Photoshop 7.0
Adobe Premiere Pro
Adobe Reader 6.0.1
Adobe Shockwave Player
AIM 6
AOL Uninstaller (Choose which Products to Remove)
AOLIcon
Apple Mobile Device Support
Apple Software Update
a-squared Free 4.0
AudibleManager
Avery Wizard 3.1
AVG Free 8.5
AviSynth 2.5
Bonjour
Broadcom Management Programs
CardRd81
CCleaner (remove only)
CCScore
CleanUp!
Conexant HDA D110 MDC V.92 Modem
Corel Paint Shop Pro X
Corel Photo Album 6
CR2
Creative MediaSource 5
Creative Removable Disk Manager
Creative System Information
Creative ZEN Vision W
Critical Update for Windows Media Player 11 (KB959772)
Dell Digital Jukebox Driver
Dell Game Console
Dell Laser Printer 1110 Software Uninstall
Dell Support Center (Support Software)
DellConnect
DellSupport
Digital Content Portal
Digital Line Detect
DivX Content Uploader
DivX Web Player
Documentation & Support Launcher
DVD43 v3.9.0
EducateU
ELIcon
ESPNMotion
ESSBrwr
ESSCDBK
ESScore
ESSCT
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
ESSTUTOR
ESSvpaht
ESSvpot
GemMaster Mystic
HijackThis 2.0.2
HLPIndex
HLPPDOCK
HLPRFO
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Keylight (1.0v3) for Adobe After Effects
Kodak EasyShare software
KSU
Learn2 Player (Uninstall Only)
Malwarebytes' Anti-Malware
mCore
MCU
mDriver
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
mIWA
mLogView
mMHouse
Modem Helper
Mozilla Firefox (3.0.11)
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
Musicmatch for Windows Media Player
Musicmatch Jukebox
mWlsSafe
mWMI
mXML
mZConfig
NetWaiting

floodjlc
Novice
Novice

Status :
Online
Offline

Posts : 49
Joined : 2009-07-02
OS : windows xp

View user profile

Back to top Go down

Re: System Security Virus

Post by floodjlc on Mon Jul 06, 2009 9:19 pm

Notifier
OTtBP
OTtBPSDK
Otto
Polar Bowler
PowerDVD 5.7
QuickSet
QuickTime
RealPlayer Basic
Rhapsody Player Engine
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
SFR
SHASTA
SKIN0001
SKINXSDK
Sonic DLA
Sonic Encoders
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Spybot - Search & Destroy
Synaptics Pointing Device Driver
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update Rollup 2 for Windows XP Media Center Edition 2005
V CAST Music with Rhapsody
Veoh Player
Videora iPod Converter 4.07
Viewpoint Manager (Remove Only)
Viewpoint Media Player
VPRINTOL
WebCyberCoach 3.2 Dell
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
WIRELESS
WordPerfect Office 12
ZENcast Organizer

floodjlc
Novice
Novice

Status :
Online
Offline

Posts : 49
Joined : 2009-07-02
OS : windows xp

View user profile

Back to top Go down

Re: System Security Virus

Post by Origin on Mon Jul 06, 2009 9:29 pm

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

  • Java 2 Runtime Environment, SE v1.4.2_03
  • Viewpoint Manager (Remove Only)
  • Viewpoint Media Player


Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3

View user profile

Back to top Go down

Re: System Security Virus

Post by floodjlc on Mon Jul 06, 2009 9:54 pm

Malwarebytes' Anti-Malware 1.38
Database version: 2297
Windows 5.1.2600 Service Pack 3

7/6/2009 5:53:43 PM
mbam-log-2009-07-06 (17-53-43).txt

Scan type: Quick Scan
Objects scanned: 97058
Time elapsed: 8 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\mmkl.kl.1 (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\Fonts\logcde.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
c:\WINDOWS\Fonts\windef.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
c:\WINDOWS\Fonts\services.exe (Worm.Archive) -> Quarantined and deleted successfully.

floodjlc
Novice
Novice

Status :
Online
Offline

Posts : 49
Joined : 2009-07-02
OS : windows xp

View user profile

Back to top Go down

Re: System Security Virus

Post by Origin on Mon Jul 06, 2009 10:07 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3

View user profile

Back to top Go down

Re: System Security Virus

Post by floodjlc on Mon Jul 06, 2009 10:09 pm

When I did that it uninstalled combofix.....was that supposed to happen?

floodjlc
Novice
Novice

Status :
Online
Offline

Posts : 49
Joined : 2009-07-02
OS : windows xp

View user profile

Back to top Go down

Re: System Security Virus

Post by Origin on Mon Jul 06, 2009 10:10 pm

Yes it was, how is the computer running?


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3

View user profile

Back to top Go down

Re: System Security Virus

Post by floodjlc on Mon Jul 06, 2009 10:14 pm

Seems to be running good......I can open programs and everything and its running fast.....awsome...you guys are great. My wife will be very happy that her computer is fixed now...I will make sure she makes a donation to the site for all of your help.

floodjlc
Novice
Novice

Status :
Online
Offline

Posts : 49
Joined : 2009-07-02
OS : windows xp

View user profile

Back to top Go down

Re: System Security Virus

Post by floodjlc on Mon Jul 06, 2009 10:14 pm

My pc is running really slow...what should I run to check for problems on that?

floodjlc
Novice
Novice

Status :
Online
Offline

Posts : 49
Joined : 2009-07-02
OS : windows xp

View user profile

Back to top Go down

Re: System Security Virus

Post by Origin on Mon Jul 06, 2009 10:15 pm

This specific computer that we were fixing or another one?


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3

View user profile

Back to top Go down

Re: System Security Virus

Post by floodjlc on Mon Jul 06, 2009 10:16 pm

A different one....my computer.. I dont have any crazy virus like this one did but it is really slow and for example when I use after effects its extremely laggy sometimes

floodjlc
Novice
Novice

Status :
Online
Offline

Posts : 49
Joined : 2009-07-02
OS : windows xp

View user profile

Back to top Go down

Re: System Security Virus

Post by Origin on Mon Jul 06, 2009 10:20 pm

I see, start a new topic with a HijackThis log and I will look at it.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3

View user profile

Back to top Go down

Re: System Security Virus

Post by floodjlc on Mon Jul 06, 2009 10:20 pm

Will do....thanks so much

floodjlc
Novice
Novice

Status :
Online
Offline

Posts : 49
Joined : 2009-07-02
OS : windows xp

View user profile

Back to top Go down

Re: System Security Virus

Post by Origin on Mon Jul 06, 2009 10:26 pm

No worries, glad we could help Wink

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
[You must be registered and logged in to see this link.]

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found [You must be registered and logged in to see this link.].

Hopefully this should take care of your problems! Good luck. Big Grin


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3

View user profile

Back to top Go down

Re: System Security Virus

Post by floodjlc on Mon Jul 06, 2009 10:36 pm

Just noticed something still wrong with the computer....there is no sound. How do I get the sound to work again. I look at the device manager and it is messed up with a exclamation point.

floodjlc
Novice
Novice

Status :
Online
Offline

Posts : 49
Joined : 2009-07-02
OS : windows xp

View user profile

Back to top Go down

Re: System Security Virus

Post by Origin on Mon Jul 06, 2009 10:50 pm

Whats the manufacturer for your speakers?


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3

View user profile

Back to top Go down

Re: System Security Virus

Post by floodjlc on Mon Jul 06, 2009 11:06 pm

Its a dell laptop

floodjlc
Novice
Novice

Status :
Online
Offline

Posts : 49
Joined : 2009-07-02
OS : windows xp

View user profile

Back to top Go down

Re: System Security Virus

Post by floodjlc on Mon Jul 06, 2009 11:17 pm

Inspiron E1505 to be exact

floodjlc
Novice
Novice

Status :
Online
Offline

Posts : 49
Joined : 2009-07-02
OS : windows xp

View user profile

Back to top Go down

Re: System Security Virus

Post by floodjlc on Tue Jul 07, 2009 9:25 pm

???? Do you know how I can get the sound back??

floodjlc
Novice
Novice

Status :
Online
Offline

Posts : 49
Joined : 2009-07-02
OS : windows xp

View user profile

Back to top Go down

Re: System Security Virus

Post by Origin on Tue Jul 07, 2009 9:43 pm

I'm sure Doc would help you with that if you made a topic here:

[You must be registered and logged in to see this link.]


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3

View user profile

Back to top Go down

Re: System Security Virus

Post by floodjlc on Tue Jul 07, 2009 9:47 pm

sweet...thanks so much

floodjlc
Novice
Novice

Status :
Online
Offline

Posts : 49
Joined : 2009-07-02
OS : windows xp

View user profile

Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum