Unknown virus

View previous topic View next topic Go down

Unknown virus

Post by esvraka on Wed Aug 05, 2009 12:00 am

Please help again - my other computer is now acting up. I cannot do system restore, it freezes for no reason, etc...
Malware detects two same broken commands every time even after it "fixes" them

I have also noticed these things: the broken commands found by Malware all refer to notepad.exe and when I ran my System Mechanic it wanted to repair securities by assigning all .reg and .scr files to be opened with notepad. Hope this helps

Thank you so much!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:59:17 PM, on 8/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\iolo\System Mechanic Professional\IoloSGCtrl.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\iolo\System Mechanic Professional\SystemGuardAlerter.exe
C:\Program Files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\AOG\My Documents\Downloads\winlogon(2).exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Road Runner High Speed Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SystemGuardAlerter] "C:\Program Files\iolo\System Mechanic Professional\SystemGuardAlerter.exe"
O4 - HKLM\..\Run: [iolo AntiVirus] "C:\Program Files\iolo\System Mechanic Professional\AntiVirus\ioloAV.exe"
O4 - HKLM\..\Run: [iolo Personal Firewall] "C:\Program Files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\AOG\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O16 - DPF: {01010200-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Installer) - [You must be registered and logged in to see this link.]
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - [You must be registered and logged in to see this link.]
O16 - DPF: {010123DF-5E80-11D8-9E86-0007E96C65AE} (SprtCtlBrowse Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {010136FD-5E80-11D8-9E86-0007E96C65AE} (SprtWMIControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {01117B00-3E00-11D2-8470-0060089874ED} (Support.com ScreenShot Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {01119400-3E00-11D2-8470-0060089874ED} (SupportSoft Listener Control) - [You must be registered and logged in to see this link.]
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic Professional\IoloSGCtrl.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 9081 bytes

esvraka
Novice
Novice

Posts Posts : 27
Joined Joined : 2009-07-10
Gender Gender : Female
OS OS : XP SP3
Points Points : 27128
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown virus

Post by Belahzur on Wed Aug 05, 2009 5:48 pm

Please post the MBAM report for me to see.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Unknown virus

Post by esvraka on Wed Aug 05, 2009 8:25 pm

MBAM report showed 0 in everything. Here's the new winlogon report

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:22:38 PM, on 8/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\iolo\System Mechanic Professional\IoloSGCtrl.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iolo\System Mechanic Professional\SystemGuardAlerter.exe
C:\Program Files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\AOG\Application Data\mjusbsp\magicJack.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\AOG\My Documents\Downloads\winlogon(2).exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Road Runner High Speed Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SystemGuardAlerter] "C:\Program Files\iolo\System Mechanic Professional\SystemGuardAlerter.exe"
O4 - HKLM\..\Run: [iolo AntiVirus] "C:\Program Files\iolo\System Mechanic Professional\AntiVirus\ioloAV.exe"
O4 - HKLM\..\Run: [iolo Personal Firewall] "C:\Program Files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\AOG\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O16 - DPF: {01010200-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Installer) - [You must be registered and logged in to see this link.]
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - [You must be registered and logged in to see this link.]
O16 - DPF: {010123DF-5E80-11D8-9E86-0007E96C65AE} (SprtCtlBrowse Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {010136FD-5E80-11D8-9E86-0007E96C65AE} (SprtWMIControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {01117B00-3E00-11D2-8470-0060089874ED} (Support.com ScreenShot Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {01119400-3E00-11D2-8470-0060089874ED} (SupportSoft Listener Control) - [You must be registered and logged in to see this link.]
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic Professional\IoloSGCtrl.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 9151 bytes

esvraka
Novice
Novice

Posts Posts : 27
Joined Joined : 2009-07-10
Gender Gender : Female
OS OS : XP SP3
Points Points : 27128
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown virus

Post by Belahzur on Thu Aug 06, 2009 3:18 pm

I still need to see the MBAM report to see if you have the latest database and what version you are running.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Unknown virus

Post by esvraka on Thu Aug 06, 2009 3:26 pm

Malwarebytes' Anti-Malware 1.40
Database version: 2565
Windows 5.1.2600 Service Pack 3

8/5/2009 3:15:18 PM
mbam-log-2009-08-05 (15-15-18).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|)
Objects scanned: 162794
Time elapsed: 39 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

esvraka
Novice
Novice

Posts Posts : 27
Joined Joined : 2009-07-10
Gender Gender : Female
OS OS : XP SP3
Points Points : 27128
# Likes # Likes : 0

View user profile

Back to top Go down

bump

Post by esvraka on Sun Aug 09, 2009 8:46 pm

bump

esvraka
Novice
Novice

Posts Posts : 27
Joined Joined : 2009-07-10
Gender Gender : Female
OS OS : XP SP3
Points Points : 27128
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown virus

Post by Belahzur on Mon Aug 10, 2009 12:31 am

Sorry about the wait, your post slipped past us and got missed.

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Unknown virus

Post by esvraka on Mon Aug 10, 2009 2:02 am

No problem - here's the log
ComboFix 09-08-09.04 - AOG 08/09/2009 20:34.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.213 [GMT -5:00]
Running from: c:\documents and settings\AOG\Desktop\Combo-Fix.exe
AV: iolo AntiVirusŪ *On-access scanning disabled* (Updated) {2565CEEE-6BDB-4A6D-AD6D-F682F2695014}
FW: iolo Personal FirewallŪ *enabled* {38254411-9AEC-4967-913E-F892C2A4DF89}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\AOG\Start Menu\Programs\MovieBox
c:\program files\moviebox
c:\windows\Installer\10167021.msp
c:\windows\Installer\104d7584.msp
c:\windows\Installer\10844be8.msp
c:\windows\Installer\10bb417d.msp
c:\windows\Installer\10f2287b.msp
c:\windows\Installer\1129170a.msp
c:\windows\Installer\113aa6f.msp
c:\windows\Installer\115c5.msp
c:\windows\Installer\11600607.msp
c:\windows\Installer\1184757.msp
c:\windows\Installer\118e2.msp
c:\windows\Installer\1196f4b6.msp
c:\windows\Installer\119b7df.msp
c:\windows\Installer\119cc.msp
c:\windows\Installer\11cb669.msp
c:\windows\Installer\11cde336.msp
c:\windows\Installer\1204d197.msp
c:\windows\Installer\123bc603.msp
c:\windows\Installer\1272d549.msp
c:\windows\Installer\12780fc.msp
c:\windows\Installer\127e6.msp
c:\windows\Installer\12a99d84.msp
c:\windows\Installer\12e08f41.msp
c:\windows\Installer\13177c78.msp
c:\windows\Installer\134e681a.msp
c:\windows\Installer\1385566b.msp
c:\windows\Installer\13bc4568.msp
c:\windows\Installer\13f333c9.msp
c:\windows\Installer\142a2287.msp
c:\windows\Installer\146110aa.msp
c:\windows\Installer\1497fedc.msp
c:\windows\Installer\14a98d0.msp
c:\windows\Installer\14ceed8a.msp
c:\windows\Installer\14f35f7.msp
c:\windows\Installer\1505df56.msp
c:\windows\Installer\150a611.msp
c:\windows\Installer\152de.msp
c:\windows\Installer\152e7.msp
c:\windows\Installer\153b209.msp
c:\windows\Installer\153ccc7e.msp
c:\windows\Installer\1573da4e.msp
c:\windows\Installer\15aaa76b.msp
c:\windows\Installer\15e19743.msp
c:\windows\Installer\15e6645.msp
c:\windows\Installer\161885b3.msp
c:\windows\Installer\164f78e6.msp
c:\windows\Installer\168662b3.msp
c:\windows\Installer\16bd5049.msp
c:\windows\Installer\16f43ee8.msp
c:\windows\Installer\172b2da7.msp
c:\windows\Installer\176227ee.msp
c:\windows\Installer\17995b18.msp
c:\windows\Installer\17cffa50.msp
c:\windows\Installer\1806f3cc.msp
c:\windows\Installer\18186f2.msp
c:\windows\Installer\183e500a.msp
c:\windows\Installer\18627d2.msp
c:\windows\Installer\18757ae7.msp
c:\windows\Installer\187a589.msp
c:\windows\Installer\18a91b4.msp
c:\windows\Installer\18abf706.msp
c:\windows\Installer\18e2c01c.msp
c:\windows\Installer\1919d7ee.msp
c:\windows\Installer\1950d4a6.msp
c:\windows\Installer\1958143.msp
c:\windows\Installer\1987ab78.msp
c:\windows\Installer\19bf013d.msp
c:\windows\Installer\19f5b564.msp
c:\windows\Installer\1a2c521a.msp
c:\windows\Installer\1a642954.msp
c:\windows\Installer\1a9a33ed.msp
c:\windows\Installer\1ad1058e.msp
c:\windows\Installer\1b07f72b.msp
c:\windows\Installer\1b3eeb39.msp
c:\windows\Installer\1b75ce20.msp
c:\windows\Installer\1b875a1.msp
c:\windows\Installer\1bacc22e.msp
c:\windows\Installer\1be09f9.msp
c:\windows\Installer\1be3aca7.msp
c:\windows\Installer\1be85d0.msp
c:\windows\Installer\1c19c57.msp
c:\windows\Installer\1c1a9ba4.msp
c:\windows\Installer\1c518a14.msp
c:\windows\Installer\1c5ac.msp
c:\windows\Installer\1c6898b8.msp
c:\windows\Installer\1c887eaf.msp
c:\windows\Installer\1cbf6791.msp
c:\windows\Installer\1cc4410.msp
c:\windows\Installer\1cf66c87.msp
c:\windows\Installer\1d2d5df5.msp
c:\windows\Installer\1d6437c4.msp
c:\windows\Installer\1d9b2153.msp
c:\windows\Installer\1dd20fa4.msp
c:\windows\Installer\1e08fe62.msp
c:\windows\Installer\1e3fece2.msp
c:\windows\Installer\1ef63a4.msp
c:\windows\Installer\1f404c2.msp
c:\windows\Installer\1f576c1.msp
c:\windows\Installer\1f86e08.msp
c:\windows\Installer\2033743.msp
c:\windows\Installer\2265262.msp
c:\windows\Installer\22af5b3.msp
c:\windows\Installer\22c605f.msp
c:\windows\Installer\22f5cd6.msp
c:\windows\Installer\23a214e.msp
c:\windows\Installer\25d44e9.msp
c:\windows\Installer\261ecfd.msp
c:\windows\Installer\2634f3d.msp
c:\windows\Installer\2664b08.msp
c:\windows\Installer\2711220.msp
c:\windows\Installer\2942f72.msp
c:\windows\Installer\298dce5.msp
c:\windows\Installer\29a3d9e.msp
c:\windows\Installer\29d3d32.msp
c:\windows\Installer\2a7fdb2.msp
c:\windows\Installer\2ac3a.msi
c:\windows\Installer\2ac3f.msi
c:\windows\Installer\2ac42.msi
c:\windows\Installer\2cb2ae2.msp
c:\windows\Installer\2cfbd7a.msp
c:\windows\Installer\2d13565.msp
c:\windows\Installer\2d428f2.msp
c:\windows\Installer\2df0a1a.msp
c:\windows\Installer\3021c60.msp
c:\windows\Installer\306abbc.msp
c:\windows\Installer\3081c82.msp
c:\windows\Installer\30b4846.msp
c:\windows\Installer\315da64.msp
c:\windows\Installer\338fdff.msp
c:\windows\Installer\33d9942.msp
c:\windows\Installer\33f08ef.msp
c:\windows\Installer\34206ae.msp
c:\windows\Installer\34cc903.msp
c:\windows\Installer\36febd3.msp
c:\windows\Installer\3748754.msp
c:\windows\Installer\375f6b3.msp
c:\windows\Installer\378f3e6.msp
c:\windows\Installer\382efe.msp
c:\windows\Installer\383b6e7.msp
c:\windows\Installer\3861d6.msp
c:\windows\Installer\38bbae.msp
c:\windows\Installer\3a6d89e.msp
c:\windows\Installer\3ab7642.msp
c:\windows\Installer\3ace533.msp
c:\windows\Installer\3baa509.msp
c:\windows\Installer\3c0902.msp
c:\windows\Installer\3ca0b0.msp
c:\windows\Installer\3ddc75c.msp
c:\windows\Installer\3e1aed.msp
c:\windows\Installer\3e26454.msp
c:\windows\Installer\3e3d3a4.msp
c:\windows\Installer\3f19406.msp
c:\windows\Installer\41135c.msp
c:\windows\Installer\414bb3b.msp
c:\windows\Installer\4195351.msp
c:\windows\Installer\41aceb6.msp
c:\windows\Installer\428abc9.msp
c:\windows\Installer\44ba6fc.msp
c:\windows\Installer\451b1bd.msp
c:\windows\Installer\45f566a.msp
c:\windows\Installer\45f7116.msp
c:\windows\Installer\482a80a.msp
c:\windows\Installer\48730af.msp
c:\windows\Installer\4889f81.msp
c:\windows\Installer\4968166.msp
c:\windows\Installer\4b98fd3.msp
c:\windows\Installer\4be2605.msp
c:\windows\Installer\4bf9e1e.msp
c:\windows\Installer\4cd4ed1.msp
c:\windows\Installer\4f09026.msp
c:\windows\Installer\4f50ca5.msp
c:\windows\Installer\4f67cfe.msp
c:\windows\Installer\5043a92.msp
c:\windows\Installer\5275ddf.msp
c:\windows\Installer\52bfb93.msp
c:\windows\Installer\52d6b11.msp
c:\windows\Installer\53b2922.msp
c:\windows\Installer\55e4da7.msp
c:\windows\Installer\562e9c5.msp
c:\windows\Installer\5646cac.msp
c:\windows\Installer\5721735.msp
c:\windows\Installer\5953afe.msp
c:\windows\Installer\599dc9a.msp
c:\windows\Installer\59b4830.msp
c:\windows\Installer\5a93158.msp
c:\windows\Installer\5b676.msp
c:\windows\Installer\5cc2de3.msp
c:\windows\Installer\5d11b4d.msp
c:\windows\Installer\5d23643.msp
c:\windows\Installer\5dff33b.msp
c:\windows\Installer\6031724.msp
c:\windows\Installer\607c1c8.msp
c:\windows\Installer\6092407.msp
c:\windows\Installer\616e18c.msp
c:\windows\Installer\63a0575.msp
c:\windows\Installer\63ea5d8.msp
c:\windows\Installer\6402227.msp
c:\windows\Installer\64dd089.msp
c:\windows\Installer\670f472.msp
c:\windows\Installer\6770369.msp
c:\windows\Installer\684be9b.msp
c:\windows\Installer\6a7e265.msp
c:\windows\Installer\6adf563.msp
c:\windows\Installer\6bbaf00.msp
c:\windows\Installer\6ded0c6.msp
c:\windows\Installer\6e4e2f9.msp
c:\windows\Installer\6edfba.msp
c:\windows\Installer\6f2c1f0.msp
c:\windows\Installer\6f4644.msp
c:\windows\Installer\715dacd.msp
c:\windows\Installer\71be465.msp
c:\windows\Installer\7298ede.msp
c:\windows\Installer\7394af.msp
c:\windows\Installer\74cb315.msp
c:\windows\Installer\74fe03.msp
c:\windows\Installer\752be24.msp
c:\windows\Installer\7607abe.msp
c:\windows\Installer\78070d.msp
c:\windows\Installer\783ac05.msp
c:\windows\Installer\789ab1e.msp
c:\windows\Installer\7976ab5.msp
c:\windows\Installer\7ba8bc0.msp
c:\windows\Installer\7c09940.msp
c:\windows\Installer\7ce55bb.msp
c:\windows\Installer\7ef1323.msp
c:\windows\Installer\7f796d3.msp
c:\windows\Installer\80544c7.msp
c:\windows\Installer\825f733.msp
c:\windows\Installer\82e76ec.msp
c:\windows\Installer\83c57b7.msp
c:\windows\Installer\85ce5f2.msp
c:\windows\Installer\865657b.msp
c:\windows\Installer\86b181.msp
c:\windows\Installer\873215a.msp
c:\windows\Installer\893d4a1.msp
c:\windows\Installer\89c52c3.msp
c:\windows\Installer\8aa0f6c.msp
c:\windows\Installer\8cac62e.msp
c:\windows\Installer\8d340e5.msp
c:\windows\Installer\8e0fe2b.msp
c:\windows\Installer\901b059.msp
c:\windows\Installer\90a2fc3.msp
c:\windows\Installer\917ec6c.msp
c:\windows\Installer\93155.msp
c:\windows\Installer\938a4e3.msp
c:\windows\Installer\94130f0.msp
c:\windows\Installer\94edc83.msp
c:\windows\Installer\96f8d78.msp
c:\windows\Installer\9780cd2.msp
c:\windows\Installer\985e05f.msp
c:\windows\Installer\9a67c07.msp
c:\windows\Installer\9aefba1.msp
c:\windows\Installer\9bcde60.msp
c:\windows\Installer\9dd6ce9.msp
c:\windows\Installer\9e5fa3e.msp
c:\windows\Installer\9f3a65d.msp
c:\windows\Installer\a14584c.msp
c:\windows\Installer\a1cd852.msp
c:\windows\Installer\a229a.msp
c:\windows\Installer\a4b4768.msp
c:\windows\Installer\a53d2b9.msp
c:\windows\Installer\a5cd6f.msp
c:\windows\Installer\a633f9.msp
c:\windows\Installer\a8235aa.msp
c:\windows\Installer\a8ac253.msp
c:\windows\Installer\aa6b22.msp
c:\windows\Installer\ab92449.msp
c:\windows\Installer\abe995.msp
c:\windows\Installer\ac1a72e.msp
c:\windows\Installer\aeda15.msp
c:\windows\Installer\af014cd.msp
c:\windows\Installer\af8a08b.msp
c:\windows\Installer\b271cef.msp
c:\windows\Installer\b2f84ba.msp
c:\windows\Installer\b5def9a.msp
c:\windows\Installer\b667463.msp
c:\windows\Installer\b94de68.msp
c:\windows\Installer\b9b448.msp
c:\windows\Installer\b9d6380.msp
c:\windows\Installer\bcbd351.msp
c:\windows\Installer\bd44e75.msp
c:\windows\Installer\c02c173.msp
c:\windows\Installer\c0b3d05.msp
c:\windows\Installer\c39ab7e.msp
c:\windows\Installer\c422fda.msp
c:\windows\Installer\c709887.msp
c:\windows\Installer\c79287c.msp
c:\windows\Installer\ca786e8.msp
c:\windows\Installer\cb007d9.msp
c:\windows\Installer\cde75b6.msp
c:\windows\Installer\ce6f85d.msp
c:\windows\Installer\d1563e8.msp
c:\windows\Installer\d4c7283.msp
c:\windows\Installer\d834184.msp
c:\windows\Installer\dba318b.msp
c:\windows\Installer\dcbb62.msp
c:\windows\Installer\dd2334.msp
c:\windows\Installer\df11de8.msp
c:\windows\Installer\e159c2.msp
c:\windows\Installer\e28133e.msp
c:\windows\Installer\e2c96f.msp
c:\windows\Installer\e5c857.msp
c:\windows\Installer\e5efac9.msp
c:\windows\Installer\e95e939.msp
c:\windows\Installer\eccd8e2.msp
c:\windows\Installer\f03c985.msp
c:\windows\Installer\f09635.msp
c:\windows\Installer\f3ab7c7.msp
c:\windows\Installer\f71a387.msp
c:\windows\Installer\fa891e8.msp
c:\windows\Installer\fdf81c0.msp
c:\windows\kb913800.exe
c:\windows\RM.exe
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\_000010_.tmp.dll
c:\windows\system32\_000023_.tmp.dll
c:\windows\system32\_000024_.tmp.dll
c:\windows\system32\_000025_.tmp.dll
c:\windows\system32\_000026_.tmp.dll
c:\windows\system32\mfc45.dll

.

esvraka
Novice
Novice

Posts Posts : 27
Joined Joined : 2009-07-10
Gender Gender : Female
OS OS : XP SP3
Points Points : 27128
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown virus

Post by esvraka on Mon Aug 10, 2009 2:02 am

((((((((((((((((((((((((( Files Created from 2009-07-10 to 2009-08-10 )))))))))))))))))))))))))))))))
.

2009-08-06 21:47 . 2009-08-06 21:47 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-08-05 19:33 . 2009-08-01 16:16 6256600 ---ha-w- c:\documents and settings\AOG\Application Data\mjusbsp\in00000\setup.exe
2009-08-05 19:33 . 2009-08-01 16:12 728600 ---ha-w- c:\documents and settings\AOG\Application Data\mjusbsp\ar00000\install.exe
2009-08-05 12:49 . 2009-08-05 12:49 153104 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-08-05 12:49 . 2009-08-05 12:49 -------- d-----w- c:\documents and settings\AOG\log
2009-08-04 11:54 . 2009-08-04 11:54 3942048 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-02 12:12 . 2009-08-01 16:16 6256600 ---ha-w- c:\documents and settings\AOG\Application Data\mjusbsp\Upgrade\setup2.exe
2009-08-02 12:12 . 2009-08-01 16:12 728600 ---ha-w- c:\documents and settings\AOG\Application Data\mjusbsp\Upgrade\install2.exe
2009-08-01 16:16 . 2009-08-01 16:16 95576 ----a-w- c:\documents and settings\AOG\Application Data\mjusbsp\ug00000\magicJack.dll
2009-08-01 16:16 . 2009-08-01 16:16 6256600 ----a-w- c:\documents and settings\AOG\Application Data\mjusbsp\ug00000\setup.exe
2009-08-01 16:16 . 2009-08-01 16:16 413304 ----a-w- c:\documents and settings\AOG\Application Data\mjusbsp\magicJackLoader.exe
2009-08-01 16:16 . 2009-08-01 16:16 480608 ----a-w- c:\documents and settings\AOG\Application Data\mjusbsp\octvqe1_apiw.dll
2009-08-01 16:16 . 2009-08-01 16:16 214360 ----a-w- c:\documents and settings\AOG\Application Data\mjusbsp\TjVista.dll
2009-08-01 16:16 . 2009-08-01 16:16 325040 ----a-w- c:\documents and settings\AOG\Application Data\mjusbsp\TjIpSys.dll
2009-08-01 16:16 . 2009-08-01 16:16 570736 ----a-w- c:\documents and settings\AOG\Application Data\mjusbsp\SJHandsetMagicJack.dll
2009-08-01 16:15 . 2009-08-01 16:15 87384 ----a-w- c:\documents and settings\AOG\Application Data\mjusbsp\st00000\mjsetup.exe
2009-08-01 16:15 . 2009-08-01 16:15 95576 ----a-w- c:\documents and settings\AOG\Application Data\mjusbsp\st00000\magicJack.dll
2009-08-01 16:15 . 2009-08-01 16:15 95576 ----a-w- c:\documents and settings\AOG\Application Data\mjusbsp\magicJack.dll
2009-08-01 16:13 . 2009-08-01 16:13 12231512 ----a-w- c:\documents and settings\AOG\Application Data\mjusbsp\magicJack.exe
2009-08-01 16:12 . 2009-08-01 16:12 728600 ----a-w- c:\documents and settings\AOG\Application Data\mjusbsp\ug00000\install.exe
2009-08-01 16:12 . 2009-08-01 16:12 87384 ----a-w- c:\documents and settings\AOG\Application Data\mjusbsp\in00000\mjsetup.exe
2009-08-01 16:12 . 2009-08-01 16:12 95576 ----a-w- c:\documents and settings\AOG\Application Data\mjusbsp\in00000\magicJack.dll
2009-08-01 16:11 . 2009-08-01 16:11 441704 ----a-w- c:\documents and settings\AOG\Application Data\mjusbsp\ug00000\magicJackSplash.exe
2009-08-01 16:11 . 2009-08-01 16:11 441704 ----a-w- c:\documents and settings\AOG\Application Data\mjusbsp\st00000\magicJackSplash.exe
2009-08-01 16:11 . 2009-08-01 16:11 441704 ----a-w- c:\documents and settings\AOG\Application Data\mjusbsp\magicJackSplash.exe
2009-08-01 16:11 . 2009-08-01 16:11 441704 ----a-w- c:\documents and settings\AOG\Application Data\mjusbsp\in00000\magicJackSplash.exe
2009-08-01 16:11 . 2009-08-01 16:11 50520 ----a-w- c:\documents and settings\AOG\Application Data\mjusbsp\cdloader2.exe
2009-07-27 13:40 . 2009-07-10 12:56 327688 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys
2009-07-27 13:40 . 2009-07-10 12:56 2301208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avguiadv.dll
2009-07-27 13:40 . 2009-07-10 12:56 3402008 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-07-27 13:40 . 2009-07-10 12:56 1204504 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgabout.dll
2009-07-27 13:40 . 2009-07-10 12:56 1107224 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgssie.dll
2009-07-27 13:40 . 2009-07-10 12:56 3298072 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-07-27 13:40 . 2009-07-10 12:56 337176 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avglogx.dll
2009-07-27 13:40 . 2009-07-10 12:56 829208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcfgx.dll
2009-07-27 13:40 . 2009-07-10 12:56 2167576 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgresf.dll
2009-07-27 13:40 . 2009-07-10 12:56 353048 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgxch32.dll
2009-07-27 13:39 . 2009-07-10 12:56 1085208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2009-07-27 13:38 . 2009-07-10 12:56 1454360 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-07-11 13:09 . 2009-07-11 13:09 2052376 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-08 19:26 . 2008-04-27 15:28 518 ----a-w- c:\documents and settings\AOG\Application Data\iolo\Registry\Last\restore.bat
2009-08-06 22:08 . 2008-04-27 03:43 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
2009-08-06 21:57 . 2009-07-10 12:56 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-05 19:34 . 2009-03-06 22:41 -------- d-----w- c:\documents and settings\AOG\Application Data\mjusbsp
2009-08-04 23:41 . 2008-04-27 03:43 -------- d-----w- c:\documents and settings\AOG\Application Data\iolo
2009-08-04 23:33 . 2009-07-10 14:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-04 20:58 . 2009-01-24 15:56 518 ----a-w- c:\documents and settings\LocalService\Application Data\iolo\Registry\Last\restore.bat
2009-08-03 18:36 . 2009-07-10 14:01 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 18:36 . 2009-07-10 14:01 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-30 12:05 . 2008-04-27 15:28 1523 ----a-w- c:\documents and settings\AOG\Application Data\iolo\restore.bat
2009-07-16 08:45 . 2009-03-19 01:19 1119 ----a-w- c:\documents and settings\LocalService\Application Data\iolo\restore.bat
2009-07-10 14:01 . 2009-07-10 14:01 -------- d-----w- c:\documents and settings\AOG\Application Data\Malwarebytes
2009-07-10 14:01 . 2009-07-10 14:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-10 12:56 . 2009-07-10 12:56 -------- d-----w- c:\program files\AVG
2009-07-10 11:39 . 2009-07-10 11:39 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-10 11:39 . 2007-01-24 15:58 -------- d-----w- c:\program files\Java
2009-07-10 11:38 . 2009-07-10 11:38 152576 ----a-w- c:\documents and settings\AOG\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-07-08 01:31 . 2007-02-01 23:04 -------- d-----w- c:\documents and settings\AOG\Application Data\Image Zone Express
2009-06-26 16:50 . 2005-08-16 10:18 666624 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:50 . 2005-08-16 10:18 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-16 14:36 . 2005-08-16 10:18 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2005-08-16 10:18 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-03 19:09 . 2005-08-16 10:18 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-29 20:54 . 2008-04-27 04:32 940896 ----a-w- c:\windows\system32\Incinerator.dll
.

esvraka
Novice
Novice

Posts Posts : 27
Joined Joined : 2009-07-10
Gender Gender : Female
OS OS : XP SP3
Points Points : 27128
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown virus

Post by esvraka on Mon Aug 10, 2009 2:03 am

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SystemGuardAlerter"="c:\program files\iolo\System Mechanic Professional\SystemGuardAlerter.exe" [2009-05-29 364896]
"iolo Personal Firewall"="c:\program files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe" [2009-05-13 1322848]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverUpdaterPro

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\iolo\\System Mechanic Professional\\Personal Firewall\\ioloFW.exe"=
"c:\\Documents and Settings\\AOG\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\iolo\\System Mechanic Professional\\AntiVirus\\ioloAV.exe"=
"c:\\Program Files\\iolo\\System Mechanic Professional\\AntiVirus\\iAVEmailScanner.exe"=

R0 XPacket;iolo Personal Firewall Driver;c:\windows\system32\xpacket.sys [6/8/2008 5:28 PM 39424]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [4/26/2008 11:32 PM 600944]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [4/26/2008 11:32 PM 600944]
S3 pelmouse;Mouse Suite Driver;c:\windows\system32\drivers\PELMOUSE.SYS [1/27/2007 8:33 PM 16384]
S3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\drivers\pelusblf.sys [1/27/2007 8:33 PM 12288]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
.
Contents of the 'Scheduled Tasks' folder

2009-08-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mDefault_Search_URL = [You must be registered and logged in to see this link.]
mSearch Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
mSearchAssistant = [You must be registered and logged in to see this link.]
LSP: c:\windows\system32\iavlsp.dll
LSP: c:\program files\iolo\Common\Firewall\iFW_Xfilter.dll
DPF: {01010200-5E80-11D8-9E86-0007E96C65AE} - [You must be registered and logged in to see this link.]
DPF: {010123DF-5E80-11D8-9E86-0007E96C65AE} - [You must be registered and logged in to see this link.]
DPF: {010136FD-5E80-11D8-9E86-0007E96C65AE} - [You must be registered and logged in to see this link.]
DPF: {01117B00-3E00-11D2-8470-0060089874ED} - [You must be registered and logged in to see this link.]
DPF: {01119400-3E00-11D2-8470-0060089874ED} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\AOG\Application Data\Mozilla\Firefox\Profiles\qzgtcly0.default\
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-08-09 20:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(780)
c:\windows\system32\iavlsp.dll
c:\program files\iolo\Common\Firewall\iFW_Xfilter.dll
.
Completion time: 2009-08-10 20:46
ComboFix-quarantined-files.txt 2009-08-10 01:46

Pre-Run: 222,749,523,968 bytes free
Post-Run: 222,705,733,632 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

540 --- E O F --- 2009-08-04 23:39

esvraka
Novice
Novice

Posts Posts : 27
Joined Joined : 2009-07-10
Gender Gender : Female
OS OS : XP SP3
Points Points : 27128
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown virus

Post by Belahzur on Mon Aug 10, 2009 3:39 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Unknown virus

Post by esvraka on Mon Aug 10, 2009 3:47 pm

seems to be running ok. can you tell me what the problem was?

esvraka
Novice
Novice

Posts Posts : 27
Joined Joined : 2009-07-10
Gender Gender : Female
OS OS : XP SP3
Points Points : 27128
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown virus

Post by Belahzur on Mon Aug 10, 2009 6:24 pm

Not sure what it was myself, there was never any malicious run value for anything, just some leftover files.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum