can not get rid of this virus and i do not know what it is

View previous topic View next topic Go down

can not get rid of this virus and i do not know what it is

Post by JustGotDropped on 13th July 2009, 4:20 am

I was on my computer and a random update popped up so i shut the computer down. When i restarted my computer still connected to the internet there were three porn website links on my desktop that i did not put there and there was a strange song playing that i did not open. I can not run any of my anti-virus programs such as malwarebytes or webroot. PLEASE HELP

JustGotDropped
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-07-13
OS OS : XP
Points Points : 27097
# Likes # Likes : 0

View user profile

Back to top Go down

Re: can not get rid of this virus and i do not know what it is

Post by JustGotDropped on 13th July 2009, 4:23 am

follow up to that post my computer is currently off and not connected to the internet i am posting from my laptop

JustGotDropped
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-07-13
OS OS : XP
Points Points : 27097
# Likes # Likes : 0

View user profile

Back to top Go down

Re: can not get rid of this virus and i do not know what it is

Post by Belahzur on 13th July 2009, 3:43 pm

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34917
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245090
# Likes # Likes : 1

View user profile

Back to top Go down

Re: can not get rid of this virus and i do not know what it is

Post by JustGotDropped on 13th July 2009, 4:33 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:33:02 AM, on 7/13/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.5.0\bin\jucheck.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [PCDrProfiler] "C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe" -r
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Nike+ Utility.lnk = C:\Program Files\Nike+ Utility\Nike+ Utility.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &Google Search - [You must be registered and logged in to see this link.] Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - [You must be registered and logged in to see this link.] Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - [You must be registered and logged in to see this link.] Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Similar Pages - [You must be registered and logged in to see this link.] Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - [You must be registered and logged in to see this link.] Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 9935 bytes

JustGotDropped
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-07-13
OS OS : XP
Points Points : 27097
# Likes # Likes : 0

View user profile

Back to top Go down

Re: can not get rid of this virus and i do not know what it is

Post by JustGotDropped on 13th July 2009, 4:34 pm

i did a hp pc restore this moring is there anyway i can get my old documents and setting for my computer back after this

JustGotDropped
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-07-13
OS OS : XP
Points Points : 27097
# Likes # Likes : 0

View user profile

Back to top Go down

Re: can not get rid of this virus and i do not know what it is

Post by Origin on 13th July 2009, 5:43 pm

Unfortunately if you did a system restore you can't get them back, please post a new HijackThis log.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: can not get rid of this virus and i do not know what it is

Post by JustGotDropped on 13th July 2009, 8:21 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:20:12 PM, on 7/13/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\HP\KBD\KBD.EXE
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Java\jre1.5.0\bin\jucheck.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Nike+ Utility.lnk = C:\Program Files\Nike+ Utility\Nike+ Utility.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &Google Search - [You must be registered and logged in to see this link.] Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - [You must be registered and logged in to see this link.] Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - [You must be registered and logged in to see this link.] Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Similar Pages - [You must be registered and logged in to see this link.] Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - [You must be registered and logged in to see this link.] Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 9911 bytes

JustGotDropped
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-07-13
OS OS : XP
Points Points : 27097
# Likes # Likes : 0

View user profile

Back to top Go down

Re: can not get rid of this virus and i do not know what it is

Post by Belahzur on 13th July 2009, 9:16 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34917
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245090
# Likes # Likes : 1

View user profile

Back to top Go down

Re: can not get rid of this virus and i do not know what it is

Post by JustGotDropped on 13th July 2009, 11:04 pm

Malwarebytes' Anti-Malware 1.39
Database version: 2423
Windows 5.1.2600 Service Pack 2

7/13/2009 3:58:30 PM
mbam-log-2009-07-13 (15-58-30).txt

Scan type: Quick Scan
Objects scanned: 93041
Time elapsed: 14 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\Protection System (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\Temp\Installer.exe (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
c:\program files\protection system\blacklist.cga (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
c:\program files\protection system\core.cga (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
c:\program files\protection system\coreext.dll (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
c:\program files\protection system\firewall.dll (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
c:\program files\protection system\uninstall.exe (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.

JustGotDropped
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-07-13
OS OS : XP
Points Points : 27097
# Likes # Likes : 0

View user profile

Back to top Go down

Re: can not get rid of this virus and i do not know what it is

Post by Origin on 14th July 2009, 4:22 pm

Please post a new HijackThis log.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: can not get rid of this virus and i do not know what it is

Post by JustGotDropped on 15th July 2009, 2:05 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:01:18 PM, on 7/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nike+ Utility\Nike+ Utility.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\HP Software Update\HPWUCli.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Java\jre1.5.0\bin\jucheck.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\HPSUYPV3.0P1\HP_IZ_Closing_Disc_Error_HPSU-HPCOM.exe
C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\gacutil.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Nike+ Utility.lnk = C:\Program Files\Nike+ Utility\Nike+ Utility.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &Google Search - [You must be registered and logged in to see this link.] Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - [You must be registered and logged in to see this link.] Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - [You must be registered and logged in to see this link.] Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Similar Pages - [You must be registered and logged in to see this link.] Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - [You must be registered and logged in to see this link.] Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 10621 bytes

JustGotDropped
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-07-13
OS OS : XP
Points Points : 27097
# Likes # Likes : 0

View user profile

Back to top Go down

Re: can not get rid of this virus and i do not know what it is

Post by Belahzur on 15th July 2009, 3:10 pm

Hello.
That log looks okay now, just one more log I want to see.

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34917
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245090
# Likes # Likes : 1

View user profile

Back to top Go down

Re: can not get rid of this virus and i do not know what it is

Post by JustGotDropped on 16th July 2009, 2:08 am

Adobe Reader 7.0
Agere Systems PCI Soft Modem
ATI Catalyst Control Center
ATI Display Driver
Barnyard Invasion from HP Media Center (remove only)
Bejeweled 2 Deluxe from HP Media Center (remove only)
Big Kahuna Reef from HP Media Center (remove only)
Blackhawk Striker 2 from HP Media Center (remove only)
Blasterball 2 from HP Media Center (remove only)
Blasterball 2 Holidays from HP Media Center (remove only)
Boggle Supreme from HP Media Center (remove only)
Bookworm Deluxe from HP Media Center (remove only)
Bounce Symphony from HP Media Center (remove only)
CC_ccProxyExt
ccCommon
ccPxyCore
Crystal Maze from HP Media Center (remove only)
Digby's Donuts from HP Media Center (remove only)
Easy Internet Sign-up
Enhanced Multimedia Keyboard Solution
FATE Demo from HP Media Center (remove only)
Flip Words from HP Media Center (remove only)
GemMaster Mystic
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
HP Boot Optimizer
HP Deskjet Printer Preload
HP DigitalMedia Archive
HP Document Viewer 5.3
HP Game Console and games
HP Image Zone 5.3
HP Image Zone for Media Center PC
HP Imaging Device Functions 5.3
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Photosmart Cameras 5.0
HP Product Assistant
HP PSC & OfficeJet 5.3.B
HP Solution Center & Imaging Support Tools 5.3
HP Tunes
HP Update
HPTunesAddIn
Insaniquarium Deluxe from HP Media Center (remove only)
Intel(R) PRO Network Connections Drivers
IntelliMover Data Transfer Demo
InterVideo WinDVD Player
iTunes
J2SE Runtime Environment 5.0
Jewel Quest from HP Media Center (remove only)
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Mah Jong Quest from HP Media Center (remove only)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Money 2005
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
MSRedist
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 4.0
muvee autoProducer unPlugged 1.1 - HPD
Norton AntiSpam
Norton AntiVirus 2005
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security 2005 (Symantec Corporation)
Norton Security Center
Norton WMI Update
Norton WMI Update
Office 2003 Tour
Otto
PC-Doctor 5 for Windows
Polar Bowler from HP Media Center (remove only)
Polar Golfer from HP Media Center (remove only)
PS2
Puzzle Express from HP Media Center (remove only)
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Quicken 2005
QuickTime
RealPlayer
Ricochet Lost Worlds from HP Media Center (remove only)
SCRABBLE Blast from HP Media Center (remove only)
SCRABBLE from HP Media Center (remove only)
SCRABBLE Rack Attack from HP Media Center (remove only)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB973346)
Shrek 2 Ogre Bowler from HP Media Center (remove only)
Slingo Deluxe from HP Media Center (remove only)
Slyder from HP Media Center (remove only)
Sonic Encoders
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
SPBBC
Super Granny from HP Media Center (remove only)
Swarm from HP Media Center (remove only)
SymNet
Tradewinds from HP Media Center (remove only)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Updates from HP (remove only)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows XP Media Center Edition 2005 KB908250
Windows XP Service Pack 3
Zune
Zune
Zune Language Pack (ES)
Zune Language Pack (FR)

JustGotDropped
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-07-13
OS OS : XP
Points Points : 27097
# Likes # Likes : 0

View user profile

Back to top Go down

Re: can not get rid of this virus and i do not know what it is

Post by JustGotDropped on 16th July 2009, 2:11 am

also i have a question after the system restore my zune program will not open i get an error message that says
Zune encountered a critical error and needs to close. For instructions on correcting this error, open the URL below in a web browser.
[You must be registered and logged in to see this link.]

i followed thses ideas and instructuions but nothings working. any ideas

JustGotDropped
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-07-13
OS OS : XP
Points Points : 27097
# Likes # Likes : 0

View user profile

Back to top Go down

Re: can not get rid of this virus and i do not know what it is

Post by Origin on 16th July 2009, 4:44 pm

Download Dr.Web CureIt to the desktop:
[You must be registered and logged in to see this link.]

  • Double-click the launch.exe or cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, just let it cure whatever it finds...
    o Now, go to Settings >> Change Settings
    o Go to Actions tab >> under Objects section, change the settings to below
    Infected objects - Cure
    Incurable objects - Report
    Suspicious objects - Report
    o Don't change any other settings
  • Start the scan again. This time, choose Complete Scan
  • Click the green arrow button at the right, and the scan will start.
  • After the scan finished, click Select all
  • Click on Cure and choose Report incurable (means take no actions.. Don't "move", or "rename" or "delete")
  • When the scan has finished, in the menu, click File and choose Save report list
  • Save the report to your Desktop. The report will be called DrWeb.csv
  • Post DrWeb.csv in your next reply (Open it as Notepad).. Do NOT reboot the computer yet..


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: can not get rid of this virus and i do not know what it is

Post by JustGotDropped on 17th July 2009, 10:16 pm

when i use the complete scan for the cure it it always says it encountered an unexpectred error and needs to shut down before the scan can finish

JustGotDropped
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-07-13
OS OS : XP
Points Points : 27097
# Likes # Likes : 0

View user profile

Back to top Go down

Re: can not get rid of this virus and i do not know what it is

Post by Origin on 18th July 2009, 1:05 am

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: can not get rid of this virus and i do not know what it is

Post by JustGotDropped on 18th July 2009, 6:32 pm

ComboFix 09-07-14.08 - HP_Administrator 07/18/2009 13:59.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.596 [GMT -7:00]
Running from: c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\Combo-Fix.exe
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\HP_ADM~1.YOU\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Temp\IadHide5.dll
c:\recycler\S-1-5-21-4022182150-1509933919-40857881-1008
c:\recycler\S-1-5-21-4022182150-1509933919-40857881-1010
c:\recycler\S-1-5-21-776561741-1229272821-725345543-500
c:\windows\Installer\1032ca9.msi
c:\windows\Installer\107702ed.msp
c:\windows\Installer\10770315.msp
c:\windows\Installer\107704ca.msp
c:\windows\Installer\107704f0.msp
c:\windows\Installer\10770513.msp
c:\windows\Installer\10770538.msp
c:\windows\Installer\1077055b.msp
c:\windows\Installer\10770586.msp
c:\windows\Installer\107705aa.msp
c:\windows\Installer\107705c1.msi
c:\windows\Installer\107705d7.msp
c:\windows\Installer\107705eb.msp
c:\windows\Installer\1077060f.msp
c:\windows\Installer\10770633.msp
c:\windows\Installer\1077065b.msp
c:\windows\Installer\10919bc5.msi
c:\windows\Installer\10e2c44.msi
c:\windows\Installer\112ec5.msi
c:\windows\Installer\11e9290.msi
c:\windows\Installer\11e9291.msi
c:\windows\Installer\12da75.msi
c:\windows\Installer\12da7b.msi
c:\windows\Installer\12da83.msi
c:\windows\Installer\12da89.msi
c:\windows\Installer\12da91.msi
c:\windows\Installer\13b32fb5.msi
c:\windows\Installer\13b33039.msi
c:\windows\Installer\144edf.msi
c:\windows\Installer\144ee5.msi
c:\windows\Installer\144eeb.msi
c:\windows\Installer\144ef1.msi
c:\windows\Installer\150c894b.msi
c:\windows\Installer\151791.msi
c:\windows\Installer\151797.msi
c:\windows\Installer\15fb253b.msi
c:\windows\Installer\16cb08.msi
c:\windows\Installer\18351d55.msi
c:\windows\Installer\1843250f.msi
c:\windows\Installer\18553c7f.msi
c:\windows\Installer\18e3faf.msi
c:\windows\Installer\1ab4da19.msi
c:\windows\Installer\1ab4da21.msi
c:\windows\Installer\1af8dae.msi
c:\windows\Installer\1da38f8.msi
c:\windows\Installer\1fca6896.msp
c:\windows\Installer\20683fd.msi
c:\windows\Installer\2282bcd.msi
c:\windows\Installer\29db2460.msi
c:\windows\Installer\30f56e.msi
c:\windows\Installer\37352.msi
c:\windows\Installer\38421b24.msi
c:\windows\Installer\38e640d0.msi
c:\windows\Installer\3fe2b4.msi
c:\windows\Installer\4866b.msi
c:\windows\Installer\50f7602.msp
c:\windows\Installer\50f7626.msp
c:\windows\Installer\50f764a.msp
c:\windows\Installer\50f766f.msp
c:\windows\Installer\51e5bb8.msi
c:\windows\Installer\51e5bb9.msp
c:\windows\Installer\51e5bba.msp
c:\windows\Installer\51e5bbb.msp
c:\windows\Installer\51e5bbc.msp
c:\windows\Installer\51e5bbd.msp
c:\windows\Installer\51e5bbe.msp
c:\windows\Installer\51e5bbf.msp
c:\windows\Installer\51e5bc0.msp
c:\windows\Installer\51e5bc1.msp
c:\windows\Installer\52a0d.msi
c:\windows\Installer\52a21.msp
c:\windows\Installer\52b4b.msp
c:\windows\Installer\52b5e.msp
c:\windows\Installer\52ebbde.msi
c:\windows\Installer\52ebbea.msi
c:\windows\Installer\52ebbf6.msi
c:\windows\Installer\553373d.msi
c:\windows\Installer\5588cf4.msi
c:\windows\Installer\5c805d0.msi
c:\windows\Installer\5f7544c.msi
c:\windows\Installer\60951e2.msi
c:\windows\Installer\67314.msi
c:\windows\Installer\689f8.msi
c:\windows\Installer\73e86.msi
c:\windows\Installer\7674c.msi
c:\windows\Installer\782ebaa.msi
c:\windows\Installer\84af132.msi
c:\windows\Installer\8cb7dd9.msi
c:\windows\Installer\8ebf50.msi
c:\windows\Installer\93ad033.msi
c:\windows\Installer\9a60857.msi
c:\windows\Installer\a1901cc.msi
c:\windows\Installer\a1901d3.msp
c:\windows\Installer\a3815.msi
c:\windows\Installer\b64a1a.msp
c:\windows\Installer\bf29d.msi
c:\windows\Installer\d2ac81.msi
c:\windows\Installer\d77018.msi
c:\windows\Installer\db5174d.msi
c:\windows\Installer\e1563a.msi
c:\windows\Installer\eb84c75.msi
c:\windows\Installer\ee0c03.msi
c:\windows\kb913800.exe
D:\Autorun.inf
K:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-06-18 to 2009-07-18 )))))))))))))))))))))))))))))))
.

2009-07-17 00:10 . 2009-07-17 00:10 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\DoctorWeb
2009-07-16 02:53 . 2009-07-16 02:53 1914000 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-07-16 02:52 . 2009-07-17 00:03 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-16 02:52 . 2009-07-16 17:51 -------- d-----w- c:\program files\NOS
2009-07-15 02:43 . 2009-07-15 02:43 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-07-15 02:35 . 2009-07-15 02:35 -------- d-----w- C:\SystemRoot
2009-07-15 02:18 . 2009-07-15 02:18 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\WinBatch
2009-07-14 16:57 . 2008-10-16 21:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-07-14 04:46 . 2009-07-14 04:46 -------- d-----w- c:\windows\system32\scripting
2009-07-14 04:13 . 2009-07-14 04:14 -------- dc-h--w- c:\windows\ie8
2009-07-13 21:47 . 2008-03-21 20:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2009-07-13 21:46 . 2008-05-02 13:25 465920 ------w- c:\windows\system32\imapi2fs.dll
2009-07-13 21:46 . 2008-05-02 13:25 465920 ------w- c:\windows\system32\dllcache\imapi2fs.dll
2009-07-13 21:46 . 2008-05-02 13:25 317952 ------w- c:\windows\system32\imapi2.dll
2009-07-13 21:46 . 2008-05-02 13:25 317952 ------w- c:\windows\system32\dllcache\imapi2.dll
2009-07-13 21:46 . 2008-05-02 10:49 62976 ------w- c:\windows\system32\dllcache\cdrom.sys
2009-07-13 21:43 . 2009-07-14 01:35 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-07-13 21:43 . 2009-07-13 21:43 -------- d-----w- c:\windows\system32\LogFiles
2009-07-13 21:00 . 2008-04-14 00:12 20992 ------w- c:\windows\system32\spupdwxp.exe
2009-07-13 20:59 . 2008-04-14 00:11 86016 ------w- c:\windows\system32\mdmxsdk.dll
2009-07-13 20:50 . 2009-07-13 20:50 -------- d-----w- c:\program files\SymNetDrv
2009-07-13 20:46 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-07-13 20:46 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2009-07-13 20:46 . 2008-08-14 10:04 138496 ------w- c:\windows\system32\dllcache\afd.sys
2009-07-13 20:45 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2009-07-13 20:45 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2009-07-13 20:45 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2009-07-13 20:45 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2009-07-13 20:45 . 2009-02-09 12:10 729088 ------w- c:\windows\system32\dllcache\lsasrv.dll
2009-07-13 20:45 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2009-07-13 20:45 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2009-07-13 20:45 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-07-13 20:45 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2009-07-13 20:45 . 2009-02-06 11:06 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-07-13 20:45 . 2009-02-06 11:08 2189056 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-07-13 20:45 . 2009-02-06 10:32 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-07-13 20:43 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-07-13 20:43 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-07-13 20:42 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2009-07-13 20:42 . 2008-10-24 11:21 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-07-13 20:42 . 2008-12-11 10:57 333952 ------w- c:\windows\system32\dllcache\srv.sys
2009-07-13 20:41 . 2008-04-11 19:04 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll
2009-07-13 20:40 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2009-07-13 20:39 . 2009-07-13 20:39 50280 ----a-w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-13 19:13 . 2001-08-18 05:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2009-07-13 19:13 . 2008-04-14 00:09 6144 ----a-w- c:\windows\system32\kbd106.dll
2009-07-13 19:13 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-07-13 19:13 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-07-13 19:12 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-07-13 18:42 . 2009-07-15 03:09 -------- d-sh--r- c:\windows\system32\dllcache
2009-07-13 16:35 . 2009-07-13 16:35 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\Malwarebytes
2009-07-13 16:35 . 2009-07-13 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 16:35 . 2009-07-13 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-13 16:32 . 2009-07-13 16:32 -------- d-----w- c:\program files\Trend Micro
2009-07-13 16:31 . 2009-07-13 16:31 -------- d-sh--w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\UserData
2009-07-13 16:29 . 2009-07-13 16:29 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\Webroot
2009-07-13 16:23 . 2009-07-13 16:23 7406 ----a-r- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\Microsoft\Installer\{BE9FEFBA-F2F8-468B-A108-4356F73A3E9C}\_63cb6bfc.exe
2009-07-13 16:23 . 2009-07-13 16:23 1078 ----a-r- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\Microsoft\Installer\{BE9FEFBA-F2F8-468B-A108-4356F73A3E9C}\_6e5d1ad4.exe
2009-07-13 16:17 . 2005-10-12 01:57 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS
2009-07-05 07:13 . 2009-07-05 07:13 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-07-04 01:21 . 2009-07-04 01:21 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-03 16:56 . 2009-04-24 17:19 1563008 ----a-w- c:\windows\WRSetup.dll
2009-07-03 16:55 . 2009-07-03 16:55 164 ----a-w- c:\windows\install.dat
2009-06-25 03:35 . 2009-06-29 02:24 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\vlc
2009-06-25 03:31 . 2009-06-25 03:31 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Graboid_Inc
2009-06-25 03:31 . 2009-06-29 19:01 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Graboid
2009-06-25 03:30 . 2009-06-25 03:31 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\MozillaControl
2009-06-25 03:29 . 2009-07-03 18:30 -------- d-----w- c:\program files\VideoLAN
2009-06-25 03:28 . 2009-07-01 17:35 -------- d-----w- c:\program files\Graboid

JustGotDropped
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-07-13
OS OS : XP
Points Points : 27097
# Likes # Likes : 0

View user profile

Back to top Go down

Re: can not get rid of this virus and i do not know what it is

Post by JustGotDropped on 18th July 2009, 6:33 pm

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-18 20:57 . 2005-10-12 02:16 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-15 03:03 . 2005-10-12 01:51 -------- d-----w- c:\program files\Hewlett-Packard
2009-07-15 01:59 . 2005-01-25 00:30 139264 ----a-w- c:\windows\system32\hpzjrd01.dll
2009-07-14 04:49 . 2005-01-28 17:40 92191 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-14 04:49 . 2009-07-14 04:49 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2009-07-14 04:49 . 2009-07-14 04:49 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2009-07-14 04:49 . 2009-07-14 04:49 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2009-07-14 04:49 . 2009-07-14 04:49 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2009-07-14 04:49 . 2009-07-14 04:49 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2009-07-14 04:49 . 2009-07-14 04:49 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2009-07-14 04:49 . 2009-07-14 04:49 287310 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection.dll
2009-07-14 04:49 . 2009-07-14 04:49 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2009-07-14 01:34 . 2007-11-18 19:57 -------- d-----w- c:\program files\Zune
2009-07-13 22:43 . 2009-02-16 19:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-13 21:50 . 2009-07-13 21:50 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_zumbus_01007.Wdf
2009-07-13 21:47 . 2009-07-13 21:47 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-07-13 21:08 . 2005-10-12 02:18 -------- d-----w- c:\program files\Norton Internet Security
2009-07-13 20:50 . 2005-10-12 02:16 -------- d-----w- c:\program files\Symantec
2009-07-13 20:38 . 2009-07-13 16:20 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\Symantec
2009-07-13 16:23 . 2009-07-13 16:20 155 ----a-w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\fusioncache.dat
2009-07-13 16:22 . 2009-07-13 16:22 1961 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_ED842AA-ABA M7250N_YC_0Pavi_QMXK541_E54NAemMPC2_48_ILITHIUM_SASUSTek Computer INC._V1.04_B3.08_T050912_WXP2_L409_M1023_J250_7Intel_8Pentium D_92.8_#051218_N808627DC_Z11C1048C_G10025B60.MRK
2009-07-13 16:22 . 2005-10-12 02:09 -------- d-----w- c:\program files\Easy Internet signup
2009-07-13 02:16 . 2007-05-23 17:48 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-07-13 02:07 . 2007-05-23 17:53 -------- d-----w- c:\program files\McAfee
2009-07-12 15:33 . 2007-09-19 01:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-05 22:18 . 2008-12-31 20:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot
2009-07-05 22:17 . 2005-12-26 14:02 115160 ----a-w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-03 18:29 . 2009-04-05 19:49 -------- d-----w- c:\program files\Starcraft
2009-07-03 18:28 . 2008-02-24 19:20 -------- d--h--w- c:\documents and settings\HP_Administrator\Application Data\ijjigame
2009-07-03 18:27 . 2009-04-05 18:47 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-07-01 20:32 . 2009-03-29 16:41 -------- d-----w- c:\program files\Vuze
2009-06-28 18:48 . 2008-09-19 01:39 -------- d-----w- c:\documents and settings\All Users\Application Data\MediaMall
2009-06-16 20:17 . 2009-03-29 16:42 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Azureus
2009-06-16 14:36 . 2004-08-10 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-10 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-09 21:14 . 2007-07-20 18:44 -------- d-----w- c:\program files\DivX
2009-06-09 21:13 . 2009-06-09 21:13 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-03 19:09 . 2004-08-10 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-21 20:36 . 2009-05-21 02:11 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\LimeWire
2009-05-21 20:20 . 2009-05-08 00:42 -------- d-----w- c:\program files\NCH Software
2009-05-21 20:18 . 2009-05-21 02:10 -------- d-----w- c:\program files\LimeWire
2009-05-21 16:30 . 2009-05-21 16:30 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\NCH Swift Sound
2009-05-21 02:11 . 2009-05-21 02:11 20480 ----a-w- c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
2009-05-21 02:11 . 2009-05-21 02:11 18944 ----a-w- c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
2009-05-21 02:11 . 2009-05-21 02:11 17408 ----a-w- c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\auth.dll
2009-05-21 02:11 . 2009-05-21 02:11 8192 ----a-w- c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
2009-05-21 02:11 . 2009-05-21 02:11 20480 ----a-w- c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
2009-05-13 05:15 . 2004-08-10 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2004-08-10 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-06-22 15:14 . 2009-02-11 01:27 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-10 61440]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 49768]
"URLLSTCK.exe"="c:\program files\Norton Internet Security\UrlLstCk.exe" [2005-03-30 22656]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-10-12 180269]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2009-07-13 100056]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-11-10 157312]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-03 77312]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-08-18 14820864]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-8-10 61440]
Extender Resource Monitor.lnk - c:\windows\ehome\RMSysTry.exe [2005-10-20 18432]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Nike+ Utility.lnk - c:\program files\Nike+ Utility\Nike+ Utility.exe [2008-4-30 1228800]
Updates from HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2005-10-11 36903]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-13 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2005-05-24 23:46]

2009-07-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-07-03 06:33]

2009-06-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-05-23 15:53]

2009-07-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-05-23 15:53]

2009-07-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

2009-07-13 c:\windows\Tasks\Norton AntiVirus - Scan my computer - HP_Administrator.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2005-03-24 05:15]

2009-07-17 c:\windows\Tasks\wrSpySweeper_LDF53BDAFCFB443A89FAF85DAD1AC0362.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-12-31 17:19]

2009-07-17 c:\windows\Tasks\wrSpySweeper_LDF53BDAFCFB443A89FAF85DAD1AC0362.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-12-31 17:19]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-PCDrProfiler - (no file)


.
------- Supplementary Scan -------
.
uDefault_Search_URL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-07-18 14:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(756)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1856)
c:\windows\system32\WININET.dll
c:\docume~1\HP_ADM~1.YOU\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Symantec Shared\CCPROXY.EXE
c:\program files\Common Files\Symantec Shared\CCSETMGR.EXE
c:\program files\Norton Internet Security\ISSVC.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Symantec Shared\CCEVTMGR.EXE
c:\windows\arservice.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\ehome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\spool\drivers\w32x86\3\HPZIPM12.EXE
c:\windows\system32\ZuneBusEnum.exe
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system\hpsysdrv.exe
c:\program files\Java\jre1.5.0\bin\jusched.exe
c:\program files\Java\jre1.5.0\bin\jucheck.exe
c:\program files\iTunes\iTunesHelper.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dwwin.exe
.
**************************************************************************
.
Completion time: 2009-07-18 14:23 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-18 21:23

Pre-Run: 105,761,423,360 bytes free
Post-Run: 107,082,805,248 bytes free

395 --- E O F --- 2009-07-17 09:18

JustGotDropped
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-07-13
OS OS : XP
Points Points : 27097
# Likes # Likes : 0

View user profile

Back to top Go down

Re: can not get rid of this virus and i do not know what it is

Post by Origin on 18th July 2009, 9:22 pm

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

If Limewire is not removed, then I won't help you.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

  • Limewire



Now open a new notepad file.
Input this into the notepad file:

Folder::
c:\program files\LimeWire

File::
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\auth.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll


Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: can not get rid of this virus and i do not know what it is

Post by JustGotDropped on 19th July 2009, 1:35 am

ComboFix 09-07-14.08 - HP_Administrator 07/18/2009 21:02.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.693 [GMT -7:00]
Running from: c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\CFScript.txt
AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

FILE ::
"c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll"
"c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\auth.dll"
"c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\HP_ADM~1.YOU\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Temp\IadHide5.dll

.
((((((((((((((((((((((((( Files Created from 2009-06-19 to 2009-07-19 )))))))))))))))))))))))))))))))
.

2009-07-17 00:10 . 2009-07-17 00:10 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\DoctorWeb
2009-07-16 02:53 . 2009-07-16 02:53 1914000 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-07-16 02:52 . 2009-07-17 00:03 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-16 02:52 . 2009-07-16 17:51 -------- d-----w- c:\program files\NOS
2009-07-15 02:43 . 2009-07-15 02:43 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-07-15 02:35 . 2009-07-15 02:35 -------- d-----w- C:\SystemRoot
2009-07-15 02:18 . 2009-07-15 02:18 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\WinBatch
2009-07-14 16:57 . 2008-10-16 21:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-07-14 04:46 . 2009-07-14 04:46 -------- d-----w- c:\windows\system32\scripting
2009-07-14 04:13 . 2009-07-14 04:14 -------- dc-h--w- c:\windows\ie8
2009-07-13 21:47 . 2008-03-21 20:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2009-07-13 21:46 . 2008-05-02 13:25 465920 ------w- c:\windows\system32\imapi2fs.dll
2009-07-13 21:46 . 2008-05-02 13:25 465920 ------w- c:\windows\system32\dllcache\imapi2fs.dll
2009-07-13 21:46 . 2008-05-02 13:25 317952 ------w- c:\windows\system32\imapi2.dll
2009-07-13 21:46 . 2008-05-02 13:25 317952 ------w- c:\windows\system32\dllcache\imapi2.dll
2009-07-13 21:46 . 2008-05-02 10:49 62976 ------w- c:\windows\system32\dllcache\cdrom.sys
2009-07-13 21:43 . 2009-07-14 01:35 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-07-13 21:43 . 2009-07-13 21:43 -------- d-----w- c:\windows\system32\LogFiles
2009-07-13 21:00 . 2008-04-14 00:12 20992 ------w- c:\windows\system32\spupdwxp.exe
2009-07-13 20:59 . 2008-04-14 00:11 86016 ------w- c:\windows\system32\mdmxsdk.dll
2009-07-13 20:50 . 2009-07-13 20:50 -------- d-----w- c:\program files\SymNetDrv
2009-07-13 20:46 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-07-13 20:46 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2009-07-13 20:46 . 2008-08-14 10:04 138496 ------w- c:\windows\system32\dllcache\afd.sys
2009-07-13 20:45 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2009-07-13 20:45 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2009-07-13 20:45 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2009-07-13 20:45 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2009-07-13 20:45 . 2009-02-09 12:10 729088 ------w- c:\windows\system32\dllcache\lsasrv.dll
2009-07-13 20:45 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2009-07-13 20:45 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2009-07-13 20:45 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-07-13 20:45 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2009-07-13 20:45 . 2009-02-06 11:06 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-07-13 20:45 . 2009-02-06 11:08 2189056 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-07-13 20:45 . 2009-02-06 10:32 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-07-13 20:43 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-07-13 20:43 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-07-13 20:42 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2009-07-13 20:42 . 2008-10-24 11:21 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-07-13 20:42 . 2008-12-11 10:57 333952 ------w- c:\windows\system32\dllcache\srv.sys
2009-07-13 20:41 . 2008-04-11 19:04 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll
2009-07-13 20:40 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2009-07-13 20:39 . 2009-07-18 21:26 51056 ----a-w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-13 19:13 . 2001-08-18 05:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2009-07-13 19:13 . 2008-04-14 00:09 6144 ----a-w- c:\windows\system32\kbd106.dll
2009-07-13 19:13 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-07-13 19:13 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-07-13 19:12 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-07-13 18:42 . 2009-07-18 21:23 -------- d-sh--r- c:\windows\system32\dllcache
2009-07-13 16:35 . 2009-07-13 16:35 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\Malwarebytes
2009-07-13 16:35 . 2009-07-13 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 16:35 . 2009-07-13 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-13 16:32 . 2009-07-13 16:32 -------- d-----w- c:\program files\Trend Micro
2009-07-13 16:31 . 2009-07-13 16:31 -------- d-sh--w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\UserData
2009-07-13 16:29 . 2009-07-13 16:29 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\Webroot
2009-07-13 16:23 . 2009-07-13 16:23 7406 ----a-r- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\Microsoft\Installer\{BE9FEFBA-F2F8-468B-A108-4356F73A3E9C}\_63cb6bfc.exe
2009-07-13 16:23 . 2009-07-13 16:23 1078 ----a-r- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\Microsoft\Installer\{BE9FEFBA-F2F8-468B-A108-4356F73A3E9C}\_6e5d1ad4.exe
2009-07-13 16:17 . 2005-10-12 01:57 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS
2009-07-05 07:13 . 2009-07-05 07:13 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-07-04 01:21 . 2009-07-04 01:21 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-03 16:56 . 2009-04-24 17:19 1563008 ----a-w- c:\windows\WRSetup.dll
2009-07-03 16:55 . 2009-07-03 16:55 164 ----a-w- c:\windows\install.dat
2009-06-25 03:35 . 2009-06-29 02:24 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\vlc
2009-06-25 03:31 . 2009-06-25 03:31 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Graboid_Inc
2009-06-25 03:31 . 2009-06-29 19:01 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Graboid
2009-06-25 03:30 . 2009-06-25 03:31 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\MozillaControl
2009-06-25 03:29 . 2009-07-03 18:30 -------- d-----w- c:\program files\VideoLAN
2009-06-25 03:28 . 2009-07-01 17:35 -------- d-----w- c:\program files\Graboid

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-19 01:47 . 2005-10-12 02:16 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-18 21:31 . 2005-10-12 02:18 -------- d-----w- c:\program files\Norton Internet Security
2009-07-15 03:03 . 2005-10-12 01:51 -------- d-----w- c:\program files\Hewlett-Packard
2009-07-15 01:59 . 2005-01-25 00:30 139264 ----a-w- c:\windows\system32\hpzjrd01.dll
2009-07-14 04:49 . 2005-01-28 17:40 92191 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-14 04:49 . 2009-07-14 04:49 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2009-07-14 04:49 . 2009-07-14 04:49 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2009-07-14 04:49 . 2009-07-14 04:49 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2009-07-14 04:49 . 2009-07-14 04:49 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2009-07-14 04:49 . 2009-07-14 04:49 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2009-07-14 04:49 . 2009-07-14 04:49 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2009-07-14 04:49 . 2009-07-14 04:49 287310 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection.dll
2009-07-14 04:49 . 2009-07-14 04:49 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2009-07-14 01:34 . 2007-11-18 19:57 -------- d-----w- c:\program files\Zune
2009-07-13 22:43 . 2009-02-16 19:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-13 21:50 . 2009-07-13 21:50 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_zumbus_01007.Wdf
2009-07-13 21:47 . 2009-07-13 21:47 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-07-13 20:50 . 2005-10-12 02:16 -------- d-----w- c:\program files\Symantec
2009-07-13 20:38 . 2009-07-13 16:20 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\Symantec
2009-07-13 16:23 . 2009-07-13 16:20 155 ----a-w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\fusioncache.dat
2009-07-13 16:22 . 2009-07-13 16:22 1961 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_ED842AA-ABA M7250N_YC_0Pavi_QMXK541_E54NAemMPC2_48_ILITHIUM_SASUSTek Computer INC._V1.04_B3.08_T050912_WXP2_L409_M1023_J250_7Intel_8Pentium D_92.8_#051218_N808627DC_Z11C1048C_G10025B60.MRK
2009-07-13 16:22 . 2005-10-12 02:09 -------- d-----w- c:\program files\Easy Internet signup
2009-07-13 02:16 . 2007-05-23 17:48 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-07-13 02:07 . 2007-05-23 17:53 -------- d-----w- c:\program files\McAfee
2009-07-12 15:33 . 2007-09-19 01:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-05 22:18 . 2008-12-31 20:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot
2009-07-05 22:17 . 2005-12-26 14:02 115160 ----a-w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-03 18:29 . 2009-04-05 19:49 -------- d-----w- c:\program files\Starcraft
2009-07-03 18:28 . 2008-02-24 19:20 -------- d--h--w- c:\documents and settings\HP_Administrator\Application Data\ijjigame
2009-07-03 18:27 . 2009-04-05 18:47 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-07-01 20:32 . 2009-03-29 16:41 -------- d-----w- c:\program files\Vuze
2009-06-28 18:48 . 2008-09-19 01:39 -------- d-----w- c:\documents and settings\All Users\Application Data\MediaMall
2009-06-16 20:17 . 2009-03-29 16:42 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Azureus
2009-06-16 14:36 . 2004-08-10 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-10 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-09 21:14 . 2007-07-20 18:44 -------- d-----w- c:\program files\DivX
2009-06-09 21:13 . 2009-06-09 21:13 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-03 19:09 . 2004-08-10 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-21 20:20 . 2009-05-08 00:42 -------- d-----w- c:\program files\NCH Software
2009-05-21 16:30 . 2009-05-21 16:30 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\NCH Swift Sound
2009-05-13 05:15 . 2004-08-10 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2004-08-10 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-06-22 15:14 . 2009-02-11 01:27 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-13 21:23 . 2009-07-07 15:10 24539592 c:\windows\system32\MRT.exe

JustGotDropped
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-07-13
OS OS : XP
Points Points : 27097
# Likes # Likes : 0

View user profile

Back to top Go down

Re: can not get rid of this virus and i do not know what it is

Post by JustGotDropped on 19th July 2009, 1:35 am

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-10 61440]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-01-08 49512]
"URLLSTCK.exe"="c:\program files\Norton Internet Security\UrlLstCk.exe" [2005-03-30 22656]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-10-12 180269]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2009-07-13 100056]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-11-10 157312]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-03 77312]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-08-18 14820864]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-8-10 61440]
Extender Resource Monitor.lnk - c:\windows\ehome\RMSysTry.exe [2005-10-20 18432]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Nike+ Utility.lnk - c:\program files\Nike+ Utility\Nike+ Utility.exe [2008-4-30 1228800]
Updates from HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2005-10-11 36903]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-13 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2005-05-24 23:46]

2009-07-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-07-03 06:33]

2009-06-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-05-23 15:53]

2009-07-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-05-23 15:53]

2009-07-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

2009-07-13 c:\windows\Tasks\Norton AntiVirus - Scan my computer - HP_Administrator.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2005-03-24 21:47]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-07-18 21:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(760)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2192)
c:\windows\system32\WININET.dll
c:\docume~1\HP_ADM~1.YOU\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Symantec Shared\CCPROXY.EXE
c:\program files\Common Files\Symantec Shared\CCSETMGR.EXE
c:\program files\Norton Internet Security\ISSVC.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Symantec Shared\CCEVTMGR.EXE
c:\windows\arservice.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\ehome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\spool\drivers\w32x86\3\HPZIPM12.EXE
c:\windows\system32\ZuneBusEnum.exe
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system\hpsysdrv.exe
c:\windows\system32\dwwin.exe
c:\program files\Java\jre1.5.0\bin\jusched.exe
c:\program files\Java\jre1.5.0\bin\jucheck.exe
c:\windows\ehome\ehrecvr.exe
c:\program files\iTunes\iTunesHelper.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\dwwin.exe
.
**************************************************************************
.
Completion time: 2009-07-19 21:31 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-19 04:31
ComboFix2.txt 2009-07-18 21:23

Pre-Run: 106,189,852,672 bytes free
Post-Run: 106,828,496,896 bytes free

283 --- E O F --- 2009-07-18 21:40

JustGotDropped
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-07-13
OS OS : XP
Points Points : 27097
# Likes # Likes : 0

View user profile

Back to top Go down

Re: can not get rid of this virus and i do not know what it is

Post by Origin on 19th July 2009, 3:28 pm

Can you do another Malwarebytes scan and post the log back here.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: can not get rid of this virus and i do not know what it is

Post by JustGotDropped on 19th July 2009, 6:09 pm

Malwarebytes' Anti-Malware 1.39
Database version: 2423
Windows 5.1.2600 Service Pack 3

7/19/2009 2:07:33 PM
mbam-log-2009-07-19 (14-07-33).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|)
Objects scanned: 303190
Time elapsed: 2 hour(s), 19 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

JustGotDropped
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-07-13
OS OS : XP
Points Points : 27097
# Likes # Likes : 0

View user profile

Back to top Go down

Re: can not get rid of this virus and i do not know what it is

Post by Origin on 19th July 2009, 7:04 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: can not get rid of this virus and i do not know what it is

Post by JustGotDropped on 19th July 2009, 7:31 pm

the computer is running good now except fort he problem that my zune software is still encountering an unexpected error everytime i open it otherwise it is good

JustGotDropped
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-07-13
OS OS : XP
Points Points : 27097
# Likes # Likes : 0

View user profile

Back to top Go down

Re: can not get rid of this virus and i do not know what it is

Post by Origin on 20th July 2009, 3:29 pm

The malware might have corrupted the program, you might need to uninstall and then reinstall it, please do the following:

Please download Revo Uninstall from here: [You must be registered and logged in to see this link.]

  1. Download and run the setup file for Revo Uninstaller.
  2. Once setup, run Revo Uninstaller.
  3. Select the following item for removal by clicking on it once.

    Zune

  4. Then hit the "Uninstall" button at the top.
  5. Close Revo Uninstaller.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: can not get rid of this virus and i do not know what it is

Post by JustGotDropped on 21st July 2009, 11:31 pm

i used the revo uninstaller but my zune is still giving me the same error

JustGotDropped
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-07-13
OS OS : XP
Points Points : 27097
# Likes # Likes : 0

View user profile

Back to top Go down

Re: can not get rid of this virus and i do not know what it is

Post by Origin on 23rd July 2009, 6:33 pm

I see but virus wise is everything running good?


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: can not get rid of this virus and i do not know what it is

Post by JustGotDropped on 23rd July 2009, 6:58 pm

yes everything virus wise is good thank you for the help

JustGotDropped
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-07-13
OS OS : XP
Points Points : 27097
# Likes # Likes : 0

View user profile

Back to top Go down

Re: can not get rid of this virus and i do not know what it is

Post by Origin on 23rd July 2009, 7:05 pm

Glad to hear things are running better, while I am not keen on this particular problem you can open a new topic here and see if someone else who is good in that field can help:

[You must be registered and logged in to see this link.]


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31503
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum