advanced virus remover...and maybe some others

View previous topic View next topic Go down

advanced virus remover...and maybe some others

Post by Mandi on Sat Oct 17, 2009 1:41 am

a few weeks ago, i had the windows antivirus pro on my computer. i was able to download malwarebytes onto a jump drive, and then run it on my computer that way.

a few days later, the advanced virus remover has now shown up on my computer and i'm back in safe mode. i tried doing the same thing, but it won't let me. i tried downloading Hijack This to a jump drive, and installing it that way but it won't work.

can anyone help? as a note: whatever is on my computer will NOT let me download anything from the internet so those options do not help. is there a way to manually remove the virus(es)?

Mandi
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-08-29
OS OS : XP
Points Points : 26573
# Likes # Likes : 0

View user profile

Back to top Go down

Re: advanced virus remover...and maybe some others

Post by Dr Jay on Sat Oct 17, 2009 5:11 am

Please download ComboFix from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.]

* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective
    programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : [You must be registered and logged in to see this link.]
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Do not mouse-click Combofix's window while it is running. That may cause it to stall.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: advanced virus remover...and maybe some others

Post by Mandi on Wed Oct 21, 2009 8:38 pm

Ok, it took forever but I finally got Combofix to run and here's the result:

ComboFix 09-10-19.04 - Mandi Mooney 10/20/2009 18:16.1.1 - NTFSx86
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Application Data\7969527279
c:\documents and settings\Administrator\Application Data\7969527279\7969527279.bat
c:\documents and settings\Administrator\Application Data\7969527279\7969527279.cfg
c:\documents and settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced Virus Remover.lnk
c:\documents and settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\10\AVGToolbarInstall.exe
c:\documents and settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\11\avgxch32.dll
c:\documents and settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\15\avg7api.dll
c:\documents and settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\15\avgmail.dll
c:\documents and settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\15\avgmvflx.dll
c:\documents and settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\15\avgscanx.dll
c:\documents and settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\15\avgscanx.exe
c:\documents and settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\15\avgvvx.dll
c:\documents and settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\15\avgwdwsc.dll
c:\documents and settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\3\avgbat.bav
c:\documents and settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\34\avgmfx64.sys
c:\documents and settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\34\avgmfx86.sys
c:\documents and settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\34\avgrsa.exe
c:\documents and settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\34\avgrssta.dll
c:\documents and settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\34\avgrsstx.dll
c:\documents and settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\34\avgrsx.exe
c:\documents and settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\afuinst64.dat
c:\documents and settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgabout.dll
c:\documents and settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgamnot.dll
c:\documents and settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgapix.dll
c:\documents and settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgcfgex.exe
c:\documents and settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgcfgx.dll
c:\documents and settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgcmgr.exe
c:\documents and settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgdumpx.exe
c:\documents and settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgfrw.exe
c:\documents and settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avginet.dll
c:\documents and settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgiproxy.exe
c:\documents and settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgldx86.sys
c:\documents and settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avglngx.dll
c:\documents and settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avglogx.dll
c:\documents and settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avglvex.dll
c:\documents and settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgnsx.exe
c:\documents and settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgpp.dll
c:\documents and settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgresf.dll
c:\documents and settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgsched.dll
c:\documents and settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgsrmax.exe
c:\documents and settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgsrmx.dll
c:\documents and settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgssff.dll
c:\documents and settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgssie.dll
c:\documents and settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgtbapi.dll
c:\documents and settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgtdix.sys
c:\documents and settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgtray.exe
c:\documents and settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgui.exe
c:\documents and settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avguiadv.dll
c:\documents and settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avguires.dll
c:\documents and settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgupd.dll
c:\documents and settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgupd.exe
c:\documents and settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgwd.dll
c:\documents and settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgwdsvc.exe
c:\documents and settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgxpl.dll
c:\documents and settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\dbghelp.dll
c:\documents and settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\fixcfg.exe
c:\documents and settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\setup.exe
c:\documents and settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\sporder.dll
c:\documents and settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\36\avgse.dll
c:\documents and settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\36\avgsea.dll
c:\documents and settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\4\avgcclix.dll
c:\documents and settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\4\avgclitx.dll
c:\documents and settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\4\avgcorex.dll
c:\documents and settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\4\avgcrlpx.dll
c:\documents and settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\4\avgcsrvx.exe
c:\documents and settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\7\avgoff2k.dll
c:\documents and settings\Administrator\Local Settings\Temp\is-90QMH.tmp\_isetup\_RegDLL.tmp
c:\documents and settings\Administrator\Local Settings\Temp\is-90QMH.tmp\_isetup\_shfoldr.dll
c:\documents and settings\Administrator\Local Settings\Temp\is-90QMH.tmp\mbam.dll
c:\documents and settings\Administrator\Local Settings\Temp\is-9MCT9.tmp\mbam-setup.tmp
c:\documents and settings\Administrator\Local Settings\Temp\is-LDLHG.tmp\mbam-setup.tmp
c:\documents and settings\Administrator\Local Settings\Temp\is-M5G8N.tmp\_isetup\_RegDLL.tmp
c:\documents and settings\Administrator\Local Settings\Temp\is-M5G8N.tmp\_isetup\_shfoldr.dll
c:\documents and settings\Administrator\Local Settings\Temp\is-M5G8N.tmp\mbam.dll
c:\documents and settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q7STOROP\mbam-setup[1].exe
c:\documents and settings\Administrator\ntuser.dll
c:\documents and settings\Administrator\Start Menu\Programs\Startup\scandisk.dll
c:\documents and settings\Administrator\Start Menu\Programs\Startup\scandisk.lnk
c:\documents and settings\All Users\Application Data\46935229
c:\documents and settings\All Users\Application Data\46935229\46935229.bat
c:\documents and settings\All Users\Application Data\62102617
c:\documents and settings\All Users\Application Data\62102617\62102617.bat
c:\documents and settings\Mandi Mooney\ntuser.dll
c:\documents and settings\Mandi Mooney\Start Menu\Programs\Startup\scandisk.dll
c:\documents and settings\Mandi Mooney\Start Menu\Programs\Startup\scandisk.lnk
c:\program files\Common
c:\program files\Common\_helper.sig
c:\program files\maqonv
c:\program files\maqonv\iygrsysguard.exe
c:\program files\Shared
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\iyufuloh.dll
c:\windows\ppp3.dat
c:\windows\ppp4.dat
c:\windows\run.log
c:\windows\system32\11478.exe
c:\windows\system32\13782.exe
c:\windows\system32\14044.exe
c:\windows\system32\15724.exe
c:\windows\system32\16771.exe
c:\windows\system32\16827.exe
c:\windows\system32\17853.exe
c:\windows\system32\18029.exe
c:\windows\system32\18151.exe
c:\windows\system32\18467.exe
c:\windows\system32\18803.exe
c:\windows\system32\18841.exe
c:\windows\system32\19169.exe
c:\windows\system32\19226.exe
c:\windows\system32\20498.exe
c:\windows\system32\21095.exe
c:\windows\system32\21551.exe
c:\windows\system32\22033.exe
c:\windows\system32\22557.exe
c:\windows\system32\22581.exe
c:\windows\system32\23281.exe
c:\windows\system32\24464.exe
c:\windows\system32\24695.exe
c:\windows\system32\26500.exe
c:\windows\system32\26962.exe
c:\windows\system32\27961.exe
c:\windows\system32\28145.exe
c:\windows\system32\29358.exe
c:\windows\system32\29479.exe
c:\windows\system32\30146.exe
c:\windows\system32\30945.exe
c:\windows\system32\3199.exe
c:\windows\system32\3625.exe
c:\windows\system32\3956.exe
c:\windows\system32\41.exe
c:\windows\system32\5705.exe
c:\windows\system32\5935.exe
c:\windows\system32\6334.exe
c:\windows\system32\6471.exe
c:\windows\system32\652.exe
c:\windows\system32\7135.exe
c:\windows\system32\724.exe
c:\windows\system32\8221.exe
c:\windows\system32\8801.exe
c:\windows\system32\9961.exe
c:\windows\system32\AVR09.exe
c:\windows\system32\bincd32.dat
c:\windows\system32\biyogali.dll
c:\windows\system32\bodihovi.dll
c:\windows\system32\calc.dll
c:\windows\system32\config\systemprofile\Application Data\6221912618
c:\windows\system32\config\systemprofile\Application Data\6221912618\6221912618.bat
c:\windows\system32\config\systemprofile\Application Data\6221912618\6221912618.cfg
c:\windows\system32\config\systemprofile\Application Data\6221912618\6221912618.exe
c:\windows\system32\config\systemprofile\Application Data\lizkavd.exe
c:\windows\system32\config\systemprofile\Application Data\seres.exe
c:\windows\system32\config\systemprofile\Application Data\svcst.exe
c:\windows\system32\config\systemprofile\ntuser.dll
c:\windows\system32\config\systemprofile\Start Menu\Programs\Windows Antivirus Pro
c:\windows\system32\config\systemprofile\Start Menu\Programs\Windows Antivirus Pro\Windows Antivirus Pro.lnk
c:\windows\system32\drivers\SKYNETqvxduymi.sys
c:\windows\system32\gikuseju.dll
c:\windows\system32\gomonoye.dll
c:\windows\system32\hizupoye.dll
c:\windows\system32\iehelper.dll
c:\windows\system32\images
c:\windows\system32\images\i1.gif
c:\windows\system32\images\i2.gif
c:\windows\system32\images\i3.gif
c:\windows\system32\images\j1.gif
c:\windows\system32\images\j2.gif
c:\windows\system32\images\j3.gif
c:\windows\system32\images\jj1.gif
c:\windows\system32\images\jj2.gif
c:\windows\system32\images\jj3.gif
c:\windows\system32\images\l1.gif
c:\windows\system32\images\l2.gif
c:\windows\system32\images\l3.gif
c:\windows\system32\images\pix.gif
c:\windows\system32\images\t1.gif
c:\windows\system32\images\t2.gif
c:\windows\system32\images\up1.gif
c:\windows\system32\images\up2.gif
c:\windows\system32\images\w1.gif
c:\windows\system32\images\w11.gif
c:\windows\system32\images\w2.gif
c:\windows\system32\images\w3.gif
c:\windows\system32\images\w3.jpg
c:\windows\system32\images\wt1.gif
c:\windows\system32\images\wt2.gif
c:\windows\system32\images\wt3.gif
c:\windows\system32\janufini.dll
c:\windows\system32\juyiwune.dll
c:\windows\system32\ketisuli.dll
c:\windows\system32\kogujiru.dll
c:\windows\system32\lojerawu.dll
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\mipasowu.dll
c:\windows\system32\mosanemi.dll
c:\windows\system32\mscomct2.dat
c:\windows\system32\msCOrewr.dll
c:\windows\system32\pump.exe
c:\windows\system32\sepajimo.exe
c:\windows\system32\skynet.dat
c:\windows\system32\SKYNETalnqjlct.dll
c:\windows\system32\SKYNETdkdffbym.dll
c:\windows\system32\SKYNETfqxoqmqi.dll
c:\windows\system32\SKYNEThxvrjbav.dll
c:\windows\system32\SKYNETjgymnkvy.dll
c:\windows\system32\SKYNETqhrrjenk.dll
c:\windows\system32\SKYNETvwqtahht.dat
c:\windows\system32\SKYNETymqfuivm.dat
c:\windows\system32\sonhelp.htm
c:\windows\system32\winupdate.exe
c:\windows\system32\wispex.html
c:\windows\system32\yizofuyu.dll
c:\windows\system32\yovimuti.dll
c:\windows\system32\zeselufu.dll
c:\windows\Temp\3749436016.exe
c:\windows\Temp\418741962.exe
c:\windows\wf3.dat
c:\windows\wf4.dat

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SKYNETodablrmy
-------\Legacy_SKYNETodablrmy
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}


((((((((((((((((((((((((( Files Created from 2009-09-21 to 2009-10-21 )))))))))))))))))))))))))))))))
.

2009-10-20 22:19 . 2009-10-20 22:19 -------- d-----w- c:\documents and settings\Mandi Mooney\Local Settings\Application Data\{14F1623B-F81D-4FD8-8AC7-CABBB18179E4}
2009-10-18 14:59 . 2009-10-20 22:13 0 ----a-r- c:\windows\Pgogi.bin
2009-10-18 14:59 . 2009-10-20 22:13 120 ----a-w- c:\windows\Shaqaxu.dat
2009-10-18 14:59 . 2009-10-18 14:59 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\{4DBAD962-922E-4BE4-BDB6-BAF4699DF0C5}
2009-10-17 01:58 . 2009-10-20 22:22 0 ----a-r- c:\windows\win32k.sys
2009-10-15 22:37 . 2009-10-20 22:49 744 ----a-w- c:\windows\system32\wininit.dll
2009-10-05 17:13 . 2009-10-05 22:04 131731 ----a-w- c:\windows\system32\dbsinit.exe
2009-10-05 17:01 . 2009-10-05 17:01 5120 ----a-w- C:\pmyro.exe
2009-10-05 00:13 . 2009-10-05 00:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\AdobeUM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-17 01:57 . 2009-09-11 00:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-18 23:31 . 2009-09-18 23:31 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-18 23:31 . 2009-09-18 23:31 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-09-18 23:31 . 2009-09-18 23:31 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-09-18 23:31 . 2009-09-18 23:31 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-09-18 23:30 . 2009-09-18 23:30 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-09-18 23:30 . 2009-09-18 23:30 -------- d-----w- c:\program files\AVG
2009-09-18 23:30 . 2009-09-18 23:30 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-09-18 23:26 . 2009-09-18 23:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG8
2009-09-18 23:06 . 2009-09-18 23:06 -------- d-----w- c:\program files\Trend Micro
2009-09-13 13:19 . 2009-09-13 13:19 163840 ----a-w- c:\windows\svchasts.exe
2009-09-13 03:04 . 2009-09-13 03:03 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-13 03:03 . 2009-09-13 03:03 -------- d-----w- c:\program files\Common Files\Cisco Systems
2009-09-13 03:03 . 2009-09-13 03:02 -------- d-----w- c:\program files\McAfee
2009-09-13 03:02 . 2009-09-13 03:02 -------- d-----w- c:\program files\Common Files\McAfee
2009-09-11 01:12 . 2009-09-11 01:12 -------- d-----w- c:\documents and settings\Mandi Mooney\Application Data\Malwarebytes
2009-09-11 01:02 . 2009-09-02 10:22 7 ----a-w- c:\windows\system32\nar.bin
2009-09-11 00:18 . 2009-09-11 00:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-09-11 00:18 . 2009-09-11 00:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-03 18:36 . 2009-09-11 00:18 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 18:36 . 2009-09-11 00:18 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2005-10-31 02:09 . 2005-10-31 02:06 20921040 ----a-w- c:\program files\AdbeRdr705_enu_full.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="c:\program files\AIM\aim.exe" [2005-08-05 67160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-07-28 4841472]
"WCOLOREAL"="c:\program files\COMPAQ\Coloreal\coloreal.exe" [2002-01-22 131072]
"CPQEASYACC"="c:\program files\Compaq\Easy Access Button Support\StartEAK.exe" [2001-12-14 32768]
"srmclean"="c:\cpqs\Scom\srmclean.exe" [2001-07-24 36864]
"Smapp"="c:\program files\Analog Devices\SoundMAX\Smtray.exe" [2001-10-12 69632]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-09-28 26112]
"Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2000-07-13 311350]
"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [2000-07-13 28739]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-02-10 1420560]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-10 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-01-15 267048]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-08-03 1295632]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-10-17 111952]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2007-10-25 136512]
"CARPService"="carpserv.exe" - c:\windows\system32\carpserv.exe [2002-07-08 4608]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2003-07-28 323584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9f.exe" [2008-03-25 218496]

c:\documents and settings\Mandi Mooney\Start Menu\Programs\Startup\
Adobe Media Player.lnk - c:\program files\Adobe Media Player\Adobe Media Player.exe [2008-9-24 260096]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2008-4-15 303104]
Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-7-13 24633]
office.exe [2009-10-16 102678]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli msninte2.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=

R1 EACMOS;EACMOS;c:\windows\system32\drivers\EACMOS.SYS [x]
R2 srmsvc;srmsvc;c:\windows\srmsvc.exe [x]
R4 WinDefend;Windows Defender Service;c:\program files\Windows Defender\MsMpEng.exe [2006-02-10 45840]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-09-18 335240]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-09-18 108552]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-09-18 297752]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 C4C_BSC2;C4C_BSC2;c:\windows\system32\DRIVERS\C4C_BSC2.sys [2002-07-08 84788]

.
Contents of the 'Scheduled Tasks' folder

2009-10-18 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-02-10 21:27]

2005-10-03 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\System32\OOBE\oobebaln.exe [2001-08-18 07:56]

2005-09-28 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\System32\OOBE\oobebaln.exe [2001-08-18 07:56]

2005-10-13 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\System32\OOBE\oobebaln.exe [2001-08-18 07:56]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
LSP: c:\windows\system32\vaOICKwyOu.dll
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: Yahoo! Euchre - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -

BHO-{a50a9cb4-78e3-2cdf-2c42-0ec7e8950ed2} - c:\windows\iyufuloh.dll
WebBrowser-{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
HKLM-Run-AVG7_CC - c:\progra~1\Grisoft\AVGFRE~1\avgcc.exe
HKLM-Run-AOLDialer - c:\program files\Common Files\AOL\ACS\AOLDial.exe
HKLM-Run-lomesujin - c:\windows\system32\bodihovi.dll
HKLM-Run-Xjatubi - c:\windows\iyufuloh.dll
HKLM-Run-AutoLogon - (no file)
HKU-Default-Run-AVG7_Run - c:\progra~1\Grisoft\AVGFRE~1\avgw.exe
HKU-Default-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKU-Default-Run-system tool - c:\program files\maqonv\iygrsysguard.exe
HKU-Default-Run-calc - c:\windows\system32\config\SYSTEM~1\ntuser.dll
HKU-Default-Run-Microsoft uptime Service - sysuptime.exe
SharedTaskScheduler-{8178829f-3c09-4ba6-91d5-646db1b3a77d} - c:\windows\system32\bodihovi.dll
SSODL-pejuwesaw-{8178829f-3c09-4ba6-91d5-646db1b3a77d} - c:\windows\system32\bodihovi.dll
SafeBoot-EACMOS.SYS
AddRemove-AVG7Uninstall - c:\program files\Grisoft\AVG Free\setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-10-20 19:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(672)
c:\windows\msninte2.dll

- - - - - - - > 'explorer.exe'(3904)
c:\windows\msninte2.dll
c:\windows\system32\browselc.dll
c:\program files\McAfee\VirusScan Enterprise\Scriptcl.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\windows\system32\nvsvc32.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\windows\system32\wdfmgr.exe
c:\combofix\CF10059.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
c:\program files\Compaq\Easy Access Button Support\CPQEADM.EXE
c:\compaq\EAKDRV\EAUSBKBD.EXE
c:\progra~1\Compaq\EASYAC~1\BttnServ.exe
c:\program files\McAfee\Common Framework\McTray.exe
c:\program files\iPod\bin\iPodService.exe
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-21 19:13 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-21 00:13

Pre-Run: 60,048,687,104 bytes free
Post-Run: 63,186,464,768 bytes free

- - End Of File - - 88DD1BEBAA60A9C60A5B5ECBBBE46C92


AS A NOTE: After I ran ComboFix, my internet stopped working. I've checked with my local provider and they've advised that it's a problem on my end. Can you advise what I need to do to restore connections?

Mandi
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-08-29
OS OS : XP
Points Points : 26573
# Likes # Likes : 0

View user profile

Back to top Go down

Re: advanced virus remover...and maybe some others

Post by Dr Jay on Wed Oct 21, 2009 10:35 pm

Hi

Reboot your computer to restore connection.

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    File::
    c:\windows\Pgogi.bin
    c:\windows\Shaqaxu.dat
    c:\windows\system32\dbsinit.exe
    C:\pmyro.exe
    c:\windows\svchasts.exe
    c:\windows\srmsvc.exe

    NetSvc::
    srmsvc

    DDS::
    LSP: c:\windows\system32\vaOICKwyOu.dll
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


==

Jotti File Submission:
  • Please go to [You must be registered and logged in to see this link.]

  • Copy and paste the following file path into the "File to upload & scan"box on the top of the page:

    • c:\windows\system32\wininit.dll


  • Click on the submit button

  • Please post the results (URL) in your next reply.

Please do the same Jotti scan for the following:
c:\windows\msninte2.dll
c:\windows\system32\nar.bin
c:\windows\system32\drivers\EACMOS.SYS

==

In your next reply, please post the ComboFix log and the 4 Jotti URLs.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: advanced virus remover...and maybe some others

Post by Mandi on Thu Oct 22, 2009 12:38 pm

hi,

i have tried to reboot my system to restore the connection several times, and it still will not work.

can i do any of this without the internet?

Mandi
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-08-29
OS OS : XP
Points Points : 26573
# Likes # Likes : 0

View user profile

Back to top Go down

Re: advanced virus remover...and maybe some others

Post by Dr Jay on Thu Oct 22, 2009 3:14 pm

Yes.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: advanced virus remover...and maybe some others

Post by Mandi on Sun Oct 25, 2009 9:34 pm

here's the jotti results:

Filename: wininit.dll
Status: Scan finished. 0 out of 21 scanners reported malware.
Scan taken on: Sun 25 Oct 2009 22:22:41 (CET)


File to scan: c:\windows\msninte2.dll
Status: File is empty (0 bytes)!



Filename: nar.bin
Status: Scan finished. 0 out of 21 scanners reported malware.
Scan taken on: Sun 25 Oct 2009 22:29:26 (CET)


File to scan: c:\windows\system32\drivers\EACMOS.SYS
Status: File is empty (0 bytes)!


And here's the results of this second ComboFix run:

ComboFix 09-10-19.04 - Mandi Mooney 10/25/2009 16:04.2.1 - NTFSx86
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
* Created a new restore point
* Resident AV is active


FILE ::
"c:\pmyro.exe"
"c:\windows\Pgogi.bin"
"c:\windows\Shaqaxu.dat"
"c:\windows\srmsvc.exe"
"c:\windows\svchasts.exe"
"c:\windows\system32\dbsinit.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\pmyro.exe
c:\windows\Pgogi.bin
c:\windows\Shaqaxu.dat
c:\windows\svchasts.exe
c:\windows\system32\dbsinit.exe

.
((((((((((((((((((((((((( Files Created from 2009-09-25 to 2009-10-25 )))))))))))))))))))))))))))))))
.

2009-10-20 22:19 . 2009-10-20 22:19 -------- d-----w- c:\documents and settings\Mandi Mooney\Local Settings\Application Data\{14F1623B-F81D-4FD8-8AC7-CABBB18179E4}
2009-10-18 14:59 . 2009-10-18 14:59 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\{4DBAD962-922E-4BE4-BDB6-BAF4699DF0C5}
2009-10-15 22:37 . 2009-10-20 22:49 744 ----a-w- c:\windows\system32\wininit.dll
2009-10-05 00:13 . 2009-10-05 00:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\AdobeUM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-17 01:57 . 2009-09-11 00:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-18 23:31 . 2009-09-18 23:31 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-18 23:31 . 2009-09-18 23:31 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-09-18 23:31 . 2009-09-18 23:31 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-09-18 23:31 . 2009-09-18 23:31 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-09-18 23:30 . 2009-09-18 23:30 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-09-18 23:30 . 2009-09-18 23:30 -------- d-----w- c:\program files\AVG
2009-09-18 23:30 . 2009-09-18 23:30 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-09-18 23:26 . 2009-09-18 23:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG8
2009-09-18 23:06 . 2009-09-18 23:06 -------- d-----w- c:\program files\Trend Micro
2009-09-13 03:04 . 2009-09-13 03:03 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-13 03:03 . 2009-09-13 03:03 -------- d-----w- c:\program files\Common Files\Cisco Systems
2009-09-13 03:03 . 2009-09-13 03:02 -------- d-----w- c:\program files\McAfee
2009-09-13 03:02 . 2009-09-13 03:02 -------- d-----w- c:\program files\Common Files\McAfee
2009-09-11 01:12 . 2009-09-11 01:12 -------- d-----w- c:\documents and settings\Mandi Mooney\Application Data\Malwarebytes
2009-09-11 01:02 . 2009-09-02 10:22 7 ----a-w- c:\windows\system32\nar.bin
2009-09-11 00:18 . 2009-09-11 00:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-09-11 00:18 . 2009-09-11 00:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-03 18:36 . 2009-09-11 00:18 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 18:36 . 2009-09-11 00:18 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2005-10-31 02:09 . 2005-10-31 02:06 20921040 ----a-w- c:\program files\AdbeRdr705_enu_full.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="c:\program files\AIM\aim.exe" [2005-08-05 67160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-07-28 4841472]
"WCOLOREAL"="c:\program files\COMPAQ\Coloreal\coloreal.exe" [2002-01-22 131072]
"CPQEASYACC"="c:\program files\Compaq\Easy Access Button Support\StartEAK.exe" [2001-12-14 32768]
"srmclean"="c:\cpqs\Scom\srmclean.exe" [2001-07-24 36864]
"Smapp"="c:\program files\Analog Devices\SoundMAX\Smtray.exe" [2001-10-12 69632]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-09-28 26112]
"Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2000-07-13 311350]
"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [2000-07-13 28739]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-02-10 1420560]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-10 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-01-15 267048]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-08-03 1295632]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-10-17 111952]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2007-10-25 136512]
"CARPService"="carpserv.exe" - c:\windows\system32\carpserv.exe [2002-07-08 4608]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2003-07-28 323584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9f.exe" [2008-03-25 218496]

c:\documents and settings\Mandi Mooney\Start Menu\Programs\Startup\
Adobe Media Player.lnk - c:\program files\Adobe Media Player\Adobe Media Player.exe [2008-9-24 260096]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2008-4-15 303104]
Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-7-13 24633]
office.exe [2009-10-16 102678]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=

R1 EACMOS;EACMOS;c:\windows\system32\drivers\EACMOS.SYS [x]
R2 srmsvc;srmsvc;c:\windows\srmsvc.exe [x]
R4 WinDefend;Windows Defender Service;c:\program files\Windows Defender\MsMpEng.exe [2006-02-10 45840]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-09-18 335240]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-09-18 108552]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-09-18 297752]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 C4C_BSC2;C4C_BSC2;c:\windows\system32\DRIVERS\C4C_BSC2.sys [2002-07-08 84788]

.
Contents of the 'Scheduled Tasks' folder

2009-10-25 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-02-10 21:27]

2005-10-03 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\System32\OOBE\oobebaln.exe [2001-08-18 07:56]

2005-09-28 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\System32\OOBE\oobebaln.exe [2001-08-18 07:56]

2005-10-13 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\System32\OOBE\oobebaln.exe [2001-08-18 07:56]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: Yahoo! Euchre - [You must be registered and logged in to see this link.]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-10-25 16:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
Completion time: 2009-10-25 16:18
ComboFix-quarantined-files.txt 2009-10-25 21:18
ComboFix2.txt 2009-10-21 00:13

Pre-Run: 63,123,562,496 bytes free
Post-Run: 63,092,994,048 bytes free

- - End Of File - - 6371A77E8447EF5B431CCFE1FCFAAE2C

Mandi
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-08-29
OS OS : XP
Points Points : 26573
# Likes # Likes : 0

View user profile

Back to top Go down

Re: advanced virus remover...and maybe some others

Post by Belahzur on Mon Oct 26, 2009 12:17 am

Hello.


  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    Driver::
    EACMOS
    srmsvc

    Registry::
    [-HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=-
    "FirewallOverride"=-
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: advanced virus remover...and maybe some others

Post by Mandi on Tue Oct 27, 2009 10:58 pm

here are the latest results from ComboFix:

ComboFix 09-10-26.06 - Mandi Mooney 10/27/2009 17:13.3.1 - NTFSx86
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_EACMOS
-------\Legacy_SRMSVC
-------\Service_EACMOS
-------\Service_srmsvc


((((((((((((((((((((((((( Files Created from 2009-09-27 to 2009-10-27 )))))))))))))))))))))))))))))))
.

2009-10-20 22:19 . 2009-10-20 22:19 -------- d-----w- c:\documents and settings\Mandi Mooney\Local Settings\Application Data\{14F1623B-F81D-4FD8-8AC7-CABBB18179E4}
2009-10-18 14:59 . 2009-10-18 14:59 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\{4DBAD962-922E-4BE4-BDB6-BAF4699DF0C5}
2009-10-15 22:37 . 2009-10-20 22:49 744 ----a-w- c:\windows\system32\wininit.dll
2009-10-05 00:13 . 2009-10-05 00:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\AdobeUM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-17 01:57 . 2009-09-11 00:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-18 23:31 . 2009-09-18 23:31 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-18 23:31 . 2009-09-18 23:31 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-09-18 23:31 . 2009-09-18 23:31 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-09-18 23:31 . 2009-09-18 23:31 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-09-18 23:30 . 2009-09-18 23:30 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-09-18 23:30 . 2009-09-18 23:30 -------- d-----w- c:\program files\AVG
2009-09-18 23:30 . 2009-09-18 23:30 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-09-18 23:26 . 2009-09-18 23:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG8
2009-09-18 23:06 . 2009-09-18 23:06 -------- d-----w- c:\program files\Trend Micro
2009-09-13 03:04 . 2009-09-13 03:03 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-13 03:03 . 2009-09-13 03:03 -------- d-----w- c:\program files\Common Files\Cisco Systems
2009-09-13 03:03 . 2009-09-13 03:02 -------- d-----w- c:\program files\McAfee
2009-09-13 03:02 . 2009-09-13 03:02 -------- d-----w- c:\program files\Common Files\McAfee
2009-09-11 01:12 . 2009-09-11 01:12 -------- d-----w- c:\documents and settings\Mandi Mooney\Application Data\Malwarebytes
2009-09-11 01:02 . 2009-09-02 10:22 7 ----a-w- c:\windows\system32\nar.bin
2009-09-11 00:18 . 2009-09-11 00:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-09-11 00:18 . 2009-09-11 00:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-03 18:36 . 2009-09-11 00:18 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 18:36 . 2009-09-11 00:18 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2005-10-31 02:09 . 2005-10-31 02:06 20921040 ----a-w- c:\program files\AdbeRdr705_enu_full.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="c:\program files\AIM\aim.exe" [2005-08-05 67160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-07-28 4841472]
"WCOLOREAL"="c:\program files\COMPAQ\Coloreal\coloreal.exe" [2002-01-22 131072]
"CPQEASYACC"="c:\program files\Compaq\Easy Access Button Support\StartEAK.exe" [2001-12-14 32768]
"srmclean"="c:\cpqs\Scom\srmclean.exe" [2001-07-24 36864]
"Smapp"="c:\program files\Analog Devices\SoundMAX\Smtray.exe" [2001-10-12 69632]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-09-28 26112]
"Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2000-07-13 311350]
"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [2000-07-13 28739]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-02-10 1420560]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-10 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-01-15 267048]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-08-03 1295632]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-10-17 111952]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2007-10-25 136512]
"CARPService"="carpserv.exe" - c:\windows\system32\carpserv.exe [2002-07-08 4608]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2003-07-28 323584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9f.exe" [2008-03-25 218496]

c:\documents and settings\Mandi Mooney\Start Menu\Programs\Startup\
Adobe Media Player.lnk - c:\program files\Adobe Media Player\Adobe Media Player.exe [2008-9-24 260096]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2008-4-15 303104]
Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-7-13 24633]
office.exe [2009-10-16 102678]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=

R4 WinDefend;Windows Defender Service;c:\program files\Windows Defender\MsMpEng.exe [2006-02-10 45840]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-09-18 335240]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-09-18 108552]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-09-18 297752]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 C4C_BSC2;C4C_BSC2;c:\windows\system32\DRIVERS\C4C_BSC2.sys [2002-07-08 84788]


--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-10-27 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-02-10 21:27]

2005-10-03 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\System32\OOBE\oobebaln.exe [2001-08-18 07:56]

2005-09-28 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\System32\OOBE\oobebaln.exe [2001-08-18 07:56]

2005-10-13 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\System32\OOBE\oobebaln.exe [2001-08-18 07:56]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: Yahoo! Euchre - [You must be registered and logged in to see this link.]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-10-27 17:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\windows\system32\nvsvc32.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\windows\system32\wdfmgr.exe
c:\combofix\CF15304.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
c:\program files\Compaq\Easy Access Button Support\CPQEADM.EXE
c:\compaq\EAKDRV\EAUSBKBD.EXE
c:\progra~1\Compaq\EASYAC~1\BttnServ.exe
c:\program files\McAfee\Common Framework\McTray.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\McAfee\VirusScan Enterprise\MCUPDATE.EXE
c:\program files\McAfee\Common Framework\McScript_InUse.exe
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-27 17:48 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-27 22:48
ComboFix2.txt 2009-10-25 21:18
ComboFix3.txt 2009-10-21 00:13

Pre-Run: 62,679,793,664 bytes free
Post-Run: 62,983,180,288 bytes free

- - End Of File - - F430E33F954804FE6962955AFF0F85F2



what next? p.s. thanks for all the help so far!

Mandi
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-08-29
OS OS : XP
Points Points : 26573
# Likes # Likes : 0

View user profile

Back to top Go down

Re: advanced virus remover...and maybe some others

Post by Belahzur on Wed Oct 28, 2009 1:35 am

One more thing.

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum