System Security Virus

View previous topic View next topic Go down

System Security Virus

Post by tkdgrl513 on 23rd July 2009, 5:21 pm

I recently acquired the System Security Virus. After attempting to open Norton and failing, I got on my friends Mac and downloaded the Malwarebytes tool, put it on a flashdrive, installed it in my computer, scanned, and deleted the suspicious entries it reported. When I restarted, the virus seemed to have gone away. However, when I opened my web browser it was much slower than usual, and whenever I clicked a link in google it sent me to ad websites. I then downloaded ad aware and ran a scan, but it only found a few cookies. As I was reading the ad aware report, the system security virus popped up again. I could still open Malwarebytes so I ran another scan. It found upward of 20 entries, so I deleted those and restarted my computer. However, upon restarting, Norton continuously popped up reports that I was being attacked, and the type was HTTP Malicious PDF. I disabled my wireless and got on my friends Mac. I then went to your website and followed your instructions for the HijackThis program. Here is my log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:51:29 PM, on 7/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe
C:\Program Files\Lexmark 5200 series\lxbtbmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
F:\winlogon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.0.0.135\coIEPlg.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US [You must be registered and logged in to see this link.]
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - [You must be registered and logged in to see this link.]
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ControlInstaller Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - [You must be registered and logged in to see this link.]
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - [You must be registered and logged in to see this link.]
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.0.0.135\coIEPlg.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9326 bytes

Please help me! I don't know what else to do!

tkdgrl513
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-07-23
OS OS : XP
Points Points : 26994
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security Virus

Post by Origin on 24th July 2009, 7:10 pm

Hello tkdgrl513,

Welcome to Geek Police, my name is Origin and I will be helping you today. Please keep the following in mind:

  • If you do not get a reply from me or another helper within 2 days, please reply to your topic with the phrase BUMP
  • If you have any cracked/pirated software in your computer delete them or we will not help you.
  • Only follow advise from Geek Police Staff and not a regular member.
  • Do NOT run any tool without Geek Police supervision as it could hinder your system useless.


  • Open HijackThis.
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe



  • Press "Fix Checked"
  • Close Hijack This.

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31533
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security Virus

Post by tkdgrl513 on 24th July 2009, 7:45 pm

As I was attempting to turn off Norton, my task manager popped up and informed me that Norton was not responding and that it had to end it. I tried to open Norton again but it wouldn't work. Then I tried to open combo fix and a notification popped up saying that this combo-fix had been compromised by a virus patch "virut" and gave me directions to download from your website again. I am currently doing so and hopefully will be able to post the file soon.

tkdgrl513
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-07-23
OS OS : XP
Points Points : 26994
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security Virus

Post by tkdgrl513 on 24th July 2009, 8:09 pm

I downloaded combofix a second time and attempted to open it. It gave me the same error message, saying that it had been compromised by a virus patch "virut". I still cannot open Norton. However, a Norton "one click fix" pop up came up. I did not do anything it told me to and closed it. I attempted to get back on my web browser in order to post what happened, but it was extremely slow, and I could not access your website because it was still loading. I am currently on my friends Mac and using his internet to post this.

tkdgrl513
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-07-23
OS OS : XP
Points Points : 26994
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security Virus

Post by Belahzur on 25th July 2009, 10:41 pm

Do not use Combofix, Virut maybe present.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System Security Virus

Post by tkdgrl513 on 26th July 2009, 2:55 am

Thank you. Norton has reappeared since my last post, but I haven't tried disabling it again because I'm afraid that whatever is attacking my computer will get in if I disable it. Also, Ad-Watch Live continues to inform me that it has blocked the process vrt10.tmp and that this process has been identified as Win32.Trojan.inject. Here is the dds log.

tkdgrl513
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-07-23
OS OS : XP
Points Points : 26994
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security Virus

Post by tkdgrl513 on 26th July 2009, 2:56 am

Apparently posting it all at once is too big, so I'll divide it into two posts.

DDS (Ver_09-06-26.01) - FAT32x86
Run by Shanna Hayes at 22:47:42.46 on Sat 07/25/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.435 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
SVCHOST.EXE
SVCHOST.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
SVCHOST.EXE
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe
C:\Program Files\Lexmark 5200 series\lxbtbmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Shanna Hayes\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\3.0.0.135\coIEPlg.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US [You must be registered and logged in to see this link.]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S
uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe
mRun: [LaunchApp] Alaunch
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
mRun: [SiS Windows KeyHook] c:\windows\system32\keyhook.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [PCMService] "c:\program files\arcade\PCMService.exe"
mRun: [LManager] c:\program files\launch manager\QtZgAcer.EXE
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\Monitor.exe
mRun: [WorksFUD] c:\program files\microsoft works\wkfud.exe
mRun: [Microsoft Works Portfolio] c:\program files\microsoft works\WksSb.exe /AllUsers
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [Lexmark 5200 series] "c:\program files\lexmark 5200 series\lxbtbmgr.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [LXBTCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXBTtime.dll,_RunDLLEntry@16
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\utilit~1.lnk - c:\windows\system32\sistray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\common files\microsoft shared\works shared\wkcalrem.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - [You must be registered and logged in to see this link.]
DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - [You must be registered and logged in to see this link.]
DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - [You must be registered and logged in to see this link.]
DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - [You must be registered and logged in to see this link.]
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - [You must be registered and logged in to see this link.]
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\engine\3.0.0.135\CoIEPlg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\shanna~1\applic~1\mozilla\firefox\profiles\kqxhhf63.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-22 64160]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0300000.087\SymEFA.sys [2009-5-5 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0300000.087\BHDrvx86.sys [2009-5-5 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0300000.087\cchpx86.sys [2009-5-5 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090715.003\IDSXpx86.sys [2009-7-18 276344]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456]
R2 N360;Norton 360;c:\program files\norton 360\engine\3.0.0.135\ccSvcHst.exe [2009-5-5 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-7-22 101936]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090722.035\NAVENG.SYS [2009-7-23 87888]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090722.035\NAVEX15.SYS [2009-7-23 875728]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2006-7-26 16512]
S3 MusCDriverV32;MusCDriverV32;c:\windows\system32\drivers\MusCDriverV32.sys [2007-12-16 513152]
S3 MusCVideo32;MusCVideo32;c:\windows\system32\drivers\MusCVideo32.sys [2007-12-16 3768]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-12 45132]

tkdgrl513
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-07-23
OS OS : XP
Points Points : 26994
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security Virus

Post by tkdgrl513 on 26th July 2009, 2:57 am

============== File Associations ===============

scrfile="%1" %*

=============== Created Last 30 ================

2009-07-25 17:03 0 a------- c:\windows\system32\B.tmp
2009-07-25 16:49 0 a------- c:\windows\system32\A.tmp
2009-07-24 15:24 0 a------- c:\windows\system32\9.tmp
2009-07-24 07:39 0 a------- c:\windows\system32\D.tmp
2009-07-24 07:38 0 a------- c:\windows\system32\8.tmp
2009-07-23 19:10 0 a------- c:\windows\system32\6.tmp
2009-07-23 18:04 3,989,821 a------- c:\windows\pfirewall.log.old
2009-07-23 17:14 0 a------- c:\windows\system32\7.tmp
2009-07-23 17:13 0 a------- c:\windows\system32\4.tmp
2009-07-23 17:06 0 a------- c:\windows\system32\2.tmp
2009-07-23 12:39 0 a------- c:\windows\system32\3.tmp
2009-07-23 12:16 0 a------- c:\windows\system32\5.tmp
2009-07-23 10:43 --d----- c:\docume~1\alluse~1\applic~1\19539214
2009-07-22 23:22 15,688 a------- c:\windows\system32\lsdelete.exe
2009-07-22 22:26 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-07-22 22:25 --d-h--- c:\docume~1\alluse~1\applic~1\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-22 22:24 --d----- c:\program files\Lavasoft
2009-07-22 13:26 --d----- c:\program files\Norton Support
2009-07-22 13:04 --d----- c:\docume~1\shanna~1\applic~1\Malwarebytes
2009-07-22 13:04 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-22 13:04 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-22 13:04 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-22 13:04 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-21 21:37 0 a------- C:\839718926
2009-07-21 21:37 149,169 a------- c:\docume~1\shanna~1\applic~1\hiyop.exe
2009-07-21 18:30 --dsh--- C:\FOUND.126
2009-07-20 18:45 --dsh--- C:\FOUND.125
2009-07-20 18:13 --dsh--- C:\FOUND.124
2009-07-20 17:12 --d----- c:\program files\iPod
2009-07-20 17:10 --d----- c:\program files\iTunes
2009-07-18 21:48 --dsh--- C:\FOUND.123
2009-07-18 18:19 --dsh--- C:\FOUND.122
2009-07-12 22:59 --dsh--- C:\FOUND.121
2009-07-09 17:20 --dsh--- C:\FOUND.120
2009-07-07 18:25 --dsh--- C:\FOUND.119
2009-07-07 11:48 --dsh--- C:\FOUND.118
2009-07-05 22:26 --dsh--- C:\FOUND.117
2009-07-05 12:22 664 a------- c:\windows\system32\d3d9caps.dat
2009-07-04 14:31 --dsh--- C:\FOUND.116
2009-07-04 14:16 --d----- c:\docume~1\shanna~1\applic~1\avidemux
2009-07-04 14:15 --d----- c:\program files\Avidemux 2.5
2009-07-02 18:44 --dsh--- C:\FOUND.115
2009-06-30 18:22 --dsh--- C:\FOUND.114
2009-06-30 10:10 --dsh--- C:\FOUND.113
2009-06-30 08:23 --dsh--- C:\FOUND.112
2009-06-29 13:55 --d----- c:\docume~1\shanna~1\applic~1\MoveFab
2009-06-29 11:06 --dsh--- C:\FOUND.111
2009-06-29 10:55 --dsh--- C:\FOUND.110
2009-06-28 21:36 --dsh--- C:\FOUND.109
2009-06-28 18:26 --dsh--- C:\FOUND.108
2009-06-28 10:08 --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-28 10:06 --d----- c:\program files\Bonjour
2009-06-28 10:04 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-06-27 19:21 --d----- c:\program files\DVDFab 6
2009-06-27 18:00 24 a--sh--- c:\windows\BEBC49F72A6857F9
2009-06-27 17:54 --d----- c:\program files\SlySoft

==================== Find3M ====================

2009-07-25 16:48 102,400 a------- c:\windows\DUMP85d9.tmp
2009-07-22 18:17 102,400 a------- c:\windows\DUMP7f13.tmp
2009-06-24 03:35 4,704 a------- c:\windows\system32\PerfStringBackup.TMP
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-16 10:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 10:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-11 16:33 104,512 a------- c:\windows\system32\drivers\AnyDVD.sys
2009-06-05 11:42 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-03 15:09 1,291,264 -------- c:\windows\system32\dllcache\quartz.dll
2009-05-25 08:01 89,256 a------- c:\windows\system32\ElbyCDIO.dll
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 11:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-05-05 20:19 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-04-29 00:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-29 00:56 44,544 a------- c:\windows\system32\dllcache\pngfilt.dll
2009-04-29 00:56 1,159,680 -------- c:\windows\system32\dllcache\urlmon.dll
2009-04-29 00:56 827,392 -------- c:\windows\system32\dllcache\wininet.dll
2009-04-29 00:56 671,232 -------- c:\windows\system32\dllcache\mstime.dll
2009-04-29 00:56 233,472 -------- c:\windows\system32\dllcache\webcheck.dll
2009-04-29 00:56 105,984 -------- c:\windows\system32\dllcache\url.dll
2009-04-29 00:56 102,912 -------- c:\windows\system32\dllcache\occache.dll
2009-04-29 00:56 3,596,288 -------- c:\windows\system32\dllcache\mshtml.dll
2009-04-29 00:56 477,696 -------- c:\windows\system32\dllcache\mshtmled.dll
2009-04-29 00:56 193,024 -------- c:\windows\system32\dllcache\msrating.dll
2009-04-28 05:05 91,136 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-28 05:05 34,304 -------- c:\windows\system32\dllcache\ieudinit.exe
2006-08-18 15:16 13 a--sh--- c:\windows\CNSYSDLG.SYS
2007-01-18 12:03 104 ---shr-- c:\windows\system32\A7A2ADFD41.sys
2007-01-18 12:03 3,766 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-09-23 03:08 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092320080924\index.dat

============= FINISH: 22:49:49.79 ========

tkdgrl513
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-07-23
OS OS : XP
Points Points : 26994
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security Virus

Post by Belahzur on 26th July 2009, 9:01 pm

Hello.

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTM.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :files
    c:\windows\system32\B.tmp
    c:\windows\system32\A.tmp
    c:\windows\system32\9.tmp
    c:\windows\system32\D.tmp
    c:\windows\system32\8.tmp
    c:\windows\system32\6.tmp
    c:\windows\system32\7.tmp
    c:\windows\system32\4.tmp
    c:\windows\system32\2.tmp
    c:\windows\system32\3.tmp
    c:\windows\system32\5.tmp
    c:\docume~1\alluse~1\applic~1\19539214
    C:\839718926
    c:\docume~1\shanna~1\applic~1\hiyop.exe
    C:\FOUND.***
    c:\windows\DUMP*.tmp


  • Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System Security Virus

Post by tkdgrl513 on 26th July 2009, 11:45 pm

Here is the OTMoveIt log. I hope all of those errors don't mean anything bad.

Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!

OTM by OldTimer - Version 3.0.0.5 log created on 07262009_194344

tkdgrl513
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-07-23
OS OS : XP
Points Points : 26994
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security Virus

Post by Belahzur on 27th July 2009, 4:14 pm

Hello.
The error are because you didn't include :files in the script.


:files
c:\windows\system32\B.tmp
c:\windows\system32\A.tmp
c:\windows\system32\9.tmp
c:\windows\system32\D.tmp
c:\windows\system32\8.tmp
c:\windows\system32\6.tmp
c:\windows\system32\7.tmp
c:\windows\system32\4.tmp
c:\windows\system32\2.tmp
c:\windows\system32\3.tmp
c:\windows\system32\5.tmp
c:\docume~1\alluse~1\applic~1\19539214
C:\839718926
c:\docume~1\shanna~1\applic~1\hiyop.exe
C:\FOUND.***
c:\windows\DUMP*.tmp


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System Security Virus

Post by tkdgrl513 on 28th July 2009, 1:35 am

I apologize for that error. Here is the correct log.

========== FILES ==========
c:\windows\system32\B.tmp moved successfully.
c:\windows\system32\A.tmp moved successfully.
c:\windows\system32\9.tmp moved successfully.
c:\windows\system32\D.tmp moved successfully.
c:\windows\system32\8.tmp moved successfully.
c:\windows\system32\6.tmp moved successfully.
c:\windows\system32\7.tmp moved successfully.
c:\windows\system32\4.tmp moved successfully.
c:\windows\system32\2.tmp moved successfully.
c:\windows\system32\3.tmp moved successfully.
c:\windows\system32\5.tmp moved successfully.
c:\docume~1\alluse~1\applic~1\19539214 moved successfully.
C:\839718926 moved successfully.
c:\docume~1\shanna~1\applic~1\hiyop.exe moved successfully.
C:\FOUND.000 moved successfully.
C:\FOUND.001 moved successfully.
C:\FOUND.002 moved successfully.
C:\FOUND.003 moved successfully.
C:\FOUND.004 moved successfully.
C:\FOUND.005 moved successfully.
C:\FOUND.006 moved successfully.
C:\FOUND.007 moved successfully.
C:\FOUND.008 moved successfully.
C:\FOUND.009 moved successfully.
C:\FOUND.010 moved successfully.
C:\FOUND.011 moved successfully.
C:\FOUND.012 moved successfully.
C:\FOUND.013 moved successfully.
C:\FOUND.014 moved successfully.
C:\FOUND.015 moved successfully.
C:\FOUND.016 moved successfully.
C:\FOUND.017 moved successfully.
C:\FOUND.018 moved successfully.
C:\FOUND.019 moved successfully.
C:\FOUND.020 moved successfully.
C:\FOUND.021 moved successfully.
C:\FOUND.022 moved successfully.
C:\FOUND.023 moved successfully.
C:\FOUND.024 moved successfully.
C:\FOUND.025 moved successfully.
C:\FOUND.026 moved successfully.
C:\FOUND.027 moved successfully.
C:\FOUND.028 moved successfully.
C:\FOUND.029 moved successfully.
C:\FOUND.030 moved successfully.
C:\FOUND.031 moved successfully.
C:\FOUND.032 moved successfully.
C:\FOUND.033 moved successfully.
C:\FOUND.034 moved successfully.
C:\FOUND.035 moved successfully.
C:\FOUND.036 moved successfully.
C:\FOUND.037 moved successfully.
C:\FOUND.038 moved successfully.
C:\FOUND.039 moved successfully.
C:\FOUND.040 moved successfully.
C:\FOUND.041 moved successfully.
C:\FOUND.042 moved successfully.
C:\FOUND.043 moved successfully.
C:\FOUND.044 moved successfully.
C:\FOUND.045 moved successfully.
C:\FOUND.046 moved successfully.
C:\FOUND.047 moved successfully.
C:\FOUND.048 moved successfully.
C:\FOUND.049 moved successfully.
C:\FOUND.050 moved successfully.
C:\FOUND.051 moved successfully.
C:\FOUND.052 moved successfully.
C:\FOUND.053 moved successfully.
C:\FOUND.054 moved successfully.
C:\FOUND.055 moved successfully.
C:\FOUND.056 moved successfully.
C:\FOUND.057 moved successfully.
C:\FOUND.058 moved successfully.
C:\FOUND.059 moved successfully.
C:\FOUND.060 moved successfully.
C:\FOUND.061 moved successfully.
C:\FOUND.062 moved successfully.
C:\FOUND.063 moved successfully.
C:\FOUND.064 moved successfully.
C:\FOUND.065 moved successfully.
C:\FOUND.066 moved successfully.
C:\FOUND.067 moved successfully.
C:\FOUND.068 moved successfully.
C:\FOUND.069 moved successfully.
C:\FOUND.070 moved successfully.
C:\FOUND.071 moved successfully.
C:\FOUND.072 moved successfully.
C:\FOUND.073 moved successfully.
C:\FOUND.074 moved successfully.
C:\FOUND.075 moved successfully.
C:\FOUND.076 moved successfully.
C:\FOUND.077 moved successfully.
C:\FOUND.078 moved successfully.
C:\FOUND.079 moved successfully.
C:\FOUND.080 moved successfully.
C:\FOUND.081 moved successfully.
C:\FOUND.082 moved successfully.
C:\FOUND.083 moved successfully.
C:\FOUND.084 moved successfully.
C:\FOUND.085 moved successfully.
C:\FOUND.086 moved successfully.
C:\FOUND.087 moved successfully.
C:\FOUND.088 moved successfully.
C:\FOUND.089 moved successfully.
C:\FOUND.090 moved successfully.
C:\FOUND.091 moved successfully.
C:\FOUND.092 moved successfully.
C:\FOUND.093 moved successfully.
C:\FOUND.094 moved successfully.
C:\FOUND.095 moved successfully.
C:\FOUND.096 moved successfully.
C:\FOUND.097 moved successfully.
C:\FOUND.098 moved successfully.
C:\FOUND.099 moved successfully.
C:\FOUND.100 moved successfully.
C:\FOUND.101 moved successfully.
C:\FOUND.102 moved successfully.
C:\FOUND.103 moved successfully.
C:\FOUND.104 moved successfully.
C:\FOUND.105 moved successfully.
C:\FOUND.106 moved successfully.
C:\FOUND.107 moved successfully.
C:\FOUND.108 moved successfully.
C:\FOUND.109 moved successfully.
C:\FOUND.110 moved successfully.
C:\FOUND.111 moved successfully.
C:\FOUND.112 moved successfully.
C:\FOUND.113 moved successfully.
C:\FOUND.114 moved successfully.
C:\FOUND.115 moved successfully.
C:\FOUND.116 moved successfully.
C:\FOUND.117 moved successfully.
C:\FOUND.118 moved successfully.
C:\FOUND.119 moved successfully.
C:\FOUND.120 moved successfully.
C:\FOUND.121 moved successfully.
C:\FOUND.122 moved successfully.
C:\FOUND.123 moved successfully.
C:\FOUND.124 moved successfully.
C:\FOUND.125 moved successfully.
C:\FOUND.126 moved successfully.
c:\windows\DUMP7f13.tmp moved successfully.
c:\windows\DUMP85d9.tmp moved successfully.

OTM by OldTimer - Version 3.0.0.5 log created on 07272009_213425

tkdgrl513
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-07-23
OS OS : XP
Points Points : 26994
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security Virus

Post by Belahzur on 28th July 2009, 5:28 pm

We can remove OTMoveIt now.

  • Please double-click OTM.exe to run it again.
  • Press the green CleanUp! button.
  • Press Yes cleanup process prompt, do the same for the reboot prompt.
How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System Security Virus

Post by tkdgrl513 on 28th July 2009, 6:16 pm

Well, my web browser loaded much slower than normal, and Norton continues to pop up alerts that I'm being attacked. I attempted to access your site by google and I was re-directed to various ad websites. I think I'm going to take my machine in to a tech support facility at my campus. I sincerely appreciate your help though. I understand how busy you must be.

tkdgrl513
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-07-23
OS OS : XP
Points Points : 26994
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security Virus

Post by Belahzur on 29th July 2009, 5:38 pm

I didn't say I couldn't fix it. ;)

Please download GooredFix from one of the locations below and save it to your Desktop
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System Security Virus

Post by tkdgrl513 on 31st July 2009, 1:51 am

Before I executed your directions, I wanted to try a scan with Malwarebytes again. It requested that I restart. I did so, and when I logged in, my computer immiedietly logged me out. I tried this three more times, and each time my computer logged me out as soon as I logged in. What kind of virus is this?! I'm going to attempt to log in to safe mode. Hopefully I'll at least be able to gain access to my computer. If I can, I'll run Goored Fix and post the log.

tkdgrl513
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-07-23
OS OS : XP
Points Points : 26994
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security Virus

Post by Origin on 31st July 2009, 4:09 pm

Tell me if you can boot in Safe mode with Networking:

Please do the following in Safe Mode with Networking: as the computer is booting press and hold your "F8 Key" which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press your Enter key.

Note: With some computers if you press and hold a key as the computer is booting you will get a stuck key message. If this occurs, instead of pressing and holding the "F8 key", tap the "F8 key" continuously until you get the startup menu.) Once in the start up menu, select "Safe Mode with Networking", then do the following instructions:


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31533
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security Virus

Post by tkdgrl513 on 1st August 2009, 9:28 pm

My computer won't even let me log in in safe mode. Is there something I can do? Is there a way to do a restore without losing all the data on my hard drive?

tkdgrl513
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-07-23
OS OS : XP
Points Points : 26994
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security Virus

Post by Origin on 2nd August 2009, 6:11 pm

There is no way to restore your computer without losing data, please do the following:

Please download this file: [You must be registered and logged in to see this link.]

  1. Insert a black CD into your CD draw.
  2. Double click the rescuecd.exe file on your Desktop.
  3. Hit the "Burn CD" button and allow it to burn, it shouldn't take too long.
  4. Next, reboot your computer, keep the CD inside the draw.
  5. Your computer should boot from the CD and boot to the Avira rescue disc.
  6. Next, see this guide here: [You must be registered and logged in to see this link.]


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31533
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security Virus

Post by tkdgrl513 on 4th August 2009, 1:59 am

I downloaded the program and burned the CD. I put it into my pc to test it and it worked. However, when I put it into my laptop and restarted, the CD didn't load. What do I do now?

tkdgrl513
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-07-23
OS OS : XP
Points Points : 26994
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum