Need help, bad virus highjack this log attached

View previous topic View next topic Go down

Need help, bad virus highjack this log attached

Post by dgambler on Sat Oct 24, 2009 11:37 pm

Had a misdirect on a website yesterday and pulled the network cable, but I think it was too late. I did notice it looked like it was trying to update something Java related.

This morning, about 30 IE windows open and the system was acting weird.

Tried to run McAfee and got a "Error starting on demand scanner", tried running Spybot, it wouldn't launch, tried running Ad Aware, it wouldn't launch. It also won't let me run Firefox.

Rebooted and tried to boot into safe mode, wouldn't work, just continually cycled the boot screen whenever I tried. I eventually created a BartPE and was able to run Virus Scan from it, it found a.exe and b.exe and deleted.

Went to reboot the computer, still acting the same way, ran Spybot from a USB drive and found a few items as well, but still having issues.

Below is the HighjackThis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:56:09 AM, on 10/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Roxio 2010\5.0\CPMonitor.exe
C:\Program Files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\VxBlockServer.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Documents and Settings\Tammy\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe nogui
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe"
O4 - HKLM\..\Run: [CPMonitor] "C:\Program Files\Roxio 2010\5.0\CPMonitor.exe"
O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [XoftSpySE] "C:\Program Files\XoftSpySE6\XoftSpySE.exe" -NM -hidesplash
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [PopRock] C:\DOCUME~1\Tammy\LOCALS~1\Temp\b.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - [You must be registered and logged in to see this link.]
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - [You must be registered and logged in to see this link.]
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - [You must be registered and logged in to see this link.]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll
O23 - Service: Roxio SAIB Service (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - Unknown owner - C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CinemaNow Service - CinemaNow, Inc. - C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
O23 - Service: Google Update Service (gupdate1c9edb667696b04) (gupdate1c9edb667696b04) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RoxMediaDB12 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: XoftSpyService - ParetoLogic Inc. - C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe

--
End of file - 14396 bytes

dgambler
Novice
Novice

Status :
Online
Offline

Posts : 5
Joined : 2009-10-24
OS : XP SP3

View user profile

Back to top Go down

Re: Need help, bad virus highjack this log attached

Post by Belahzur on Mon Oct 26, 2009 12:21 am

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O4 - HKCU\..\Run: [PopRock] C:\DOCUME~1\Tammy\LOCALS~1\Temp\b.exe


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Need help, bad virus highjack this log attached

Post by dgambler on Mon Oct 26, 2009 1:59 pm

Malwarebytes' Anti-Malware 1.41
Database version: 3031
Windows 5.1.2600 Service Pack 3

10/26/2009 9:54:39 AM
mbam-log-2009-10-26 (09-54-39).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 327928
Time elapsed: 1 hour(s), 37 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\eventlog.dll.XXX (Trojan.Sirefef) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xa.tmp.XXX (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\win32k.sys (Trojan.Dropper) -> Quarantined and deleted successfully.

dgambler
Novice
Novice

Status :
Online
Offline

Posts : 5
Joined : 2009-10-24
OS : XP SP3

View user profile

Back to top Go down

Re: Need help, bad virus highjack this log attached

Post by Belahzur on Mon Oct 26, 2009 5:58 pm

Hello.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste BOTH LOGS back here, use more than one post if needed.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Need help, bad virus highjack this log attached

Post by dgambler on Mon Oct 26, 2009 6:56 pm

DDS.txt


DDS (Ver_09-10-26.01) - NTFSx86
Run by Tammy at 14:49:42.82 on Mon 10/26/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1018 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Roxio 2010\5.0\CPMonitor.exe
C:\Program Files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\VxBlockServer.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\dllhost.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Documents and Settings\Tammy\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
mSearchAssistant = [You must be registered and logged in to see this link.]
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: []
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [Reminder] "c:\windows\creator\Remind_XP.exe"
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [DISCover] c:\program files\disc\DISCover.exe nogui
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\12.0\sharedcom\RoxWatchTray12.exe"
mRun: [CPMonitor] "c:\program files\roxio 2010\5.0\CPMonitor.exe"
mRun: [Desktop Disc Tool] "c:\program files\roxio 2010\roxio burn\RoxioBurnLauncher.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [XoftSpySE] "c:\program files\xoftspyse6\XoftSpySE.exe" -NM -hidesplash
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
StartupFolder: c:\docume~1\tammy\startm~1\programs\startup\pinmclnk.lnk - c:\hp\bin\cloaker.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: cinemanow.com
Trusted Zone: qflix.com
Trusted Zone: roxio.com
Trusted Zone: sonic.com\redirect
Trusted Zone: sonic.com\redirect2
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - [You must be registered and logged in to see this link.]
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - [You must be registered and logged in to see this link.]
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - [You must be registered and logged in to see this link.]
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - [You must be registered and logged in to see this link.]
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - [You must be registered and logged in to see this link.]
DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - [You must be registered and logged in to see this link.]
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - [You must be registered and logged in to see this link.]
DPF: {49232000-16E4-426C-A231-62846947304B} - [You must be registered and logged in to see this link.]
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:\program files\stardock\fences\FencesMenu.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tammy\applic~1\mozilla\firefox\profiles\4o57j3bd.default\
FF - component: c:\program files\mozilla firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - hȋdden: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - hȋdden: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - hȋdden: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-17 64288]
R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [2009-10-14 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [2009-10-14 15856]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [2009-10-14 25584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-10-12 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-10-12 74480]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\roxio\backontrack\disaster recovery\SaibSVC.exe [2009-6-2 457200]
R2 CinemaNow Service;CinemaNow Service;c:\program files\cinemanow\cinemanow media manager\CinemaNowSvc.exe [2009-6-23 127352]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-5-8 10384]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-10-12 7408]
S2 0286391256571618mcinstcleanup;McAfee Application Installer Cleanup (0286391256571618);c:\docume~1\tammy\locals~1\temp\028639~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\tammy\locals~1\temp\028639~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S2 gupdate1c9edb667696b04;Google Update Service (gupdate1c9edb667696b04);c:\program files\google\update\GoogleUpdate.exe [2009-6-15 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1170768]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\common files\roxio shared\12.0\sharedcom\RoxWatch12.exe [2009-7-24 219632]
S3 RoxMediaDB12;RoxMediaDB12;c:\program files\common files\roxio shared\12.0\sharedcom\RoxMediaDB12.exe [2009-7-24 1116656]
S3 XoftSpyService;XoftSpyService;c:\program files\common files\xoftspyse\6\xoftspyservice.exe [2009-8-28 582424]

=============== Created Last 30 ================

2009-10-26 15:54:36 6145 ----a-w- c:\windows\system32\Config.MPF
2009-10-26 15:40:33 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-10-26 15:40:33 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-10-26 15:40:33 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-10-26 15:40:26 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-10-26 15:39:45 0 d-----w- c:\program files\common files\McAfee
2009-10-26 15:39:43 0 d-----w- c:\program files\McAfee.com
2009-10-26 15:39:33 0 d-----w- c:\program files\McAfee
2009-10-26 15:37:09 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-10-25 21:32:43 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-25 18:07:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-25 18:07:01 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-25 18:07:01 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-25 15:28:16 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-10-25 15:27:47 0 d-----w- c:\program files\SUPERAntiSpyware
2009-10-25 15:27:47 0 d-----w- c:\docume~1\tammy\applic~1\SUPERAntiSpyware.com
2009-10-25 14:55:30 0 d-----w- c:\program files\common files\ParetoLogic
2009-10-25 14:55:30 0 d-----w- c:\docume~1\alluse~1\applic~1\ParetoLogic
2009-10-25 14:55:28 0 d-----w- c:\program files\common files\XoftSpySE
2009-10-25 14:55:25 0 d-----w- c:\program files\XoftSpySE6
2009-10-24 23:25:59 0 d-----w- c:\docume~1\alluse~1\applic~1\XoftSpySE
2009-10-24 23:23:30 0 d-----w- c:\docume~1\alluse~1\applic~1\XoftSpySE6
2009-10-24 22:46:02 0 d-----w- c:\docume~1\tammy\applic~1\Malwarebytes
2009-10-24 22:46:02 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-24 22:16:28 0 d--h--w- c:\windows\PIF
2009-10-20 23:05:44 0 d-----w- c:\docume~1\alluse~1\applic~1\The KMPlayer
2009-10-15 17:40:57 0 d-----w- c:\program files\AlbumArtDownloader
2009-10-15 17:11:44 0 d-----w- c:\program files\HandBrake
2009-10-14 22:20:02 0 d-----w- c:\program files\The KMPlayer
2009-10-14 18:43:29 0 d-----w- c:\docume~1\tammy\applic~1\LightZone
2009-10-14 16:49:04 0 d-----w- C:\Binaries
2009-10-14 16:49:03 0 d-----w- c:\program files\BIAS
2009-10-14 16:48:38 0 d-----w- c:\program files\common files\eSellerate
2009-10-14 16:48:21 0 d-----w- c:\program files\LightZone 3
2009-10-14 16:35:19 0 d-----w- c:\docume~1\tammy\applic~1\Macrovision
2009-10-14 16:17:19 0 d-----w- c:\docume~1\alluse~1\applic~1\Uninstall
2009-10-14 16:14:46 25584 ------w- c:\windows\system32\drivers\SaibVd32.sys
2009-10-14 16:14:45 21488 ------w- c:\windows\system32\drivers\SahdIa32.sys
2009-10-14 16:14:45 15856 ------w- c:\windows\system32\drivers\SaibIa32.sys
2009-10-14 16:13:47 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2009-10-14 16:13:41 0 d-----w- c:\docume~1\alluse~1\applic~1\CinemaNow
2009-10-14 16:13:36 0 d-----w- c:\program files\CinemaNow
2009-10-14 16:12:34 0 d-----w- c:\docume~1\tammy\applic~1\Simple Star
2009-10-14 16:12:23 0 d-----w- c:\docume~1\alluse~1\applic~1\PhotoShow Shared Assets
2009-10-14 16:12:20 0 d-----w- c:\program files\Roxio
2009-10-14 16:11:30 0 d-----w- c:\docume~1\alluse~1\applic~1\SmartSound Software Inc
2009-10-14 16:11:29 0 d-----w- c:\program files\SmartSound Software
2009-10-14 16:03:14 0 d-----w- c:\program files\Roxio 2010
2009-10-14 16:01:05 0 d-----w- c:\program files\MSXML 6.0
2009-10-14 15:53:00 0 d-----w- c:\docume~1\tammy\applic~1\Roxio Log Files
2009-10-14 15:16:01 0 d-----w- c:\docume~1\tammy\applic~1\Canneverbe_Limited
2009-10-14 15:16:00 0 d-----w- c:\docume~1\alluse~1\applic~1\Canneverbe Limited
2009-10-13 16:54:09 0 d-----w- c:\program files\VS Revo Group
2009-10-10 04:58:17 0 d-----w- c:\program files\Duplicate Music Files Finder
2009-10-09 19:55:55 0 d-----w- c:\docume~1\tammy\applic~1\AC1

==================== Find3M ====================

2009-09-23 12:55:23 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-09-16 14:22:48 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:18:39 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 21:03:36 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2009-09-04 15:39:47 87608 ----a-w- c:\docume~1\tammy\applic~1\inst.exe
2009-09-04 15:39:47 47360 ----a-w- c:\docume~1\tammy\applic~1\pcouffin.sys
2009-09-03 09:17:47 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-08-28 10:35:52 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\dllcache\strmdll.dll
2009-08-06 23:24:18 327896 ----a-w- c:\windows\system32\dllcache\wucltui.dll
2009-08-06 23:24:18 209632 ----a-w- c:\windows\system32\dllcache\wuweb.dll
2009-08-06 23:24:10 35552 ----a-w- c:\windows\system32\dllcache\wups.dll
2009-08-06 23:24:06 53472 ----a-w- c:\windows\system32\dllcache\wuauclt.exe
2009-08-06 23:24:04 96480 ----a-w- c:\windows\system32\dllcache\cdm.dll
2009-08-06 23:23:54 575704 ----a-w- c:\windows\system32\dllcache\wuapi.dll
2009-08-06 23:23:46 1929952 ----a-w- c:\windows\system32\dllcache\wuaueng.dll
2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 00:44:46 2189184 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-08-04 15:13:08 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 15:13:08 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-08-04 14:20:09 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-08-04 14:20:09 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-08-04 14:20:08 2066048 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-07-31 19:23:10 411368 ----a-w- c:\windows\system32\deploytk.dll
2008-06-04 23:11:20 56 --sh--r- c:\windows\system32\00FB6810F2.sys
2008-06-04 23:11:20 11690 --sha-w- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 14:51:58.29 ===============

dgambler
Novice
Novice

Status :
Online
Offline

Posts : 5
Joined : 2009-10-24
OS : XP SP3

View user profile

Back to top Go down

Re: Need help, bad virus highjack this log attached

Post by dgambler on Mon Oct 26, 2009 6:56 pm

Attach.txt


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/18/2007 10:22:33 PM
System Uptime: 10/26/2009 9:35:49 AM (5 hours ago)

Motherboard: ASUSTek Computer INC. | | NODUSM3
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ | Socket AM2 | 2605/200mhz

==== Disk Partitions =========================

C: is fȋxed (NTFS) - 289 GiB total, 71.398 GiB free.
D: is fȋxed (FAT32) - 9 GiB total, 0.606 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP839: 7/26/2009 1:11:03 PM - System Checkpoint
RP840: 7/27/2009 2:09:58 PM - System Checkpoint
RP841: 7/28/2009 2:29:36 PM - System Checkpoint
RP842: 7/29/2009 3:09:59 PM - System Checkpoint
RP843: 7/30/2009 3:00:15 AM - Software Distribution Service 3.0
RP844: 7/31/2009 3:11:49 AM - System Checkpoint
RP845: 8/1/2009 4:11:47 AM - System Checkpoint
RP846: 8/9/2009 9:53:07 AM - System Checkpoint
RP847: 8/10/2009 10:52:25 AM - System Checkpoint
RP848: 8/11/2009 11:39:54 AM - System Checkpoint
RP849: 8/12/2009 1:20:21 PM - System Checkpoint
RP850: 8/13/2009 3:00:16 AM - Software Distribution Service 3.0
RP851: 8/14/2009 3:29:16 AM - System Checkpoint
RP852: 8/14/2009 9:09:18 AM - Installed Java(TM) 6 Update 15
RP853: 8/15/2009 10:01:24 AM - System Checkpoint
RP854: 8/16/2009 10:18:02 AM - System Checkpoint
RP855: 8/17/2009 11:18:02 AM - System Checkpoint
RP856: 8/18/2009 12:27:27 PM - System Checkpoint
RP857: 8/19/2009 1:18:02 PM - System Checkpoint
RP858: 8/20/2009 1:34:08 PM - System Checkpoint
RP859: 8/21/2009 2:37:25 PM - System Checkpoint
RP860: 8/22/2009 3:00:15 AM - Software Distribution Service 3.0
RP861: 8/22/2009 3:15:57 AM - Printer Driver Microsoft XPS Document Writer Installed
RP862: 8/23/2009 3:00:15 AM - Software Distribution Service 3.0
RP863: 8/24/2009 3:33:48 AM - System Checkpoint
RP864: 8/25/2009 4:19:18 AM - System Checkpoint
RP865: 8/26/2009 3:00:15 AM - Software Distribution Service 3.0
RP866: 8/27/2009 3:19:23 AM - System Checkpoint
RP867: 8/28/2009 6:19:20 AM - System Checkpoint
RP868: 8/29/2009 3:00:15 AM - Software Distribution Service 3.0
RP869: 8/30/2009 3:14:05 AM - System Checkpoint
RP870: 8/31/2009 3:15:21 AM - System Checkpoint
RP871: 9/1/2009 3:16:54 AM - System Checkpoint
RP872: 9/2/2009 3:00:18 AM - Software Distribution Service 3.0
RP873: 9/3/2009 3:47:39 AM - System Checkpoint
RP874: 9/4/2009 6:23:43 AM - System Checkpoint
RP875: 9/5/2009 6:47:39 AM - System Checkpoint
RP876: 9/6/2009 7:47:38 AM - System Checkpoint
RP877: 9/7/2009 8:47:38 AM - System Checkpoint
RP878: 9/7/2009 1:48:15 PM - Removed HP Update
RP879: 9/7/2009 1:48:36 PM - Installed HP Update.
RP880: 9/8/2009 2:50:04 PM - System Checkpoint
RP881: 9/9/2009 3:00:15 AM - Software Distribution Service 3.0
RP882: 9/10/2009 3:33:18 AM - System Checkpoint
RP883: 9/11/2009 6:30:51 AM - System Checkpoint
RP884: 9/12/2009 7:18:49 AM - System Checkpoint
RP885: 9/13/2009 8:18:48 AM - System Checkpoint
RP886: 9/14/2009 9:18:48 AM - System Checkpoint
RP887: 9/15/2009 9:24:23 AM - System Checkpoint
RP888: 9/16/2009 10:15:38 AM - System Checkpoint
RP889: 9/17/2009 10:17:57 AM - System Checkpoint
RP890: 9/17/2009 9:22:08 PM - Installed Steam
RP891: 9/18/2009 10:19:56 PM - System Checkpoint
RP892: 9/19/2009 11:18:56 PM - System Checkpoint
RP893: 9/21/2009 12:18:58 AM - System Checkpoint
RP894: 9/22/2009 1:19:00 AM - System Checkpoint
RP895: 9/22/2009 2:17:49 PM - Installed DirectX
RP896: 9/22/2009 2:19:04 PM - Installed Microsoft Visual C++ 2005 Redistributable
RP897: 9/23/2009 3:20:08 PM - System Checkpoint
RP898: 9/23/2009 10:50:16 PM - Installed DirectX
RP899: 9/24/2009 7:51:34 PM - Installed DirectX
RP900: 9/24/2009 8:32:34 PM - SetPoint 4.80
RP901: 9/25/2009 8:43:23 PM - System Checkpoint
RP902: 9/26/2009 9:25:32 PM - System Checkpoint
RP903: 9/27/2009 10:25:32 PM - System Checkpoint
RP904: 9/28/2009 11:25:36 PM - System Checkpoint
RP905: 9/29/2009 11:41:30 PM - System Checkpoint
RP906: 10/1/2009 12:26:52 AM - System Checkpoint
RP907: 10/2/2009 12:39:35 AM - System Checkpoint
RP908: 10/2/2009 3:00:16 AM - Software Distribution Service 3.0
RP909: 10/3/2009 3:39:35 AM - System Checkpoint
RP910: 10/4/2009 4:39:37 AM - System Checkpoint
RP911: 10/5/2009 5:39:39 AM - System Checkpoint
RP912: 10/6/2009 5:51:18 AM - System Checkpoint
RP913: 10/7/2009 6:53:43 AM - System Checkpoint
RP914: 10/8/2009 7:39:44 AM - System Checkpoint
RP915: 10/9/2009 8:39:49 AM - System Checkpoint
RP916: 10/10/2009 9:39:49 AM - System Checkpoint
RP917: 10/11/2009 9:40:55 AM - System Checkpoint
RP918: 10/12/2009 10:39:53 AM - System Checkpoint
RP919: 10/13/2009 11:00:08 AM - System Checkpoint
RP920: 10/13/2009 2:55:34 PM - Revo Uninstaller's restore point - DVDSmith Movie Backup 1.0.5
RP921: 10/13/2009 3:07:13 PM - Revo Uninstaller's restore point - iTunes
RP922: 10/13/2009 3:36:48 PM - Removed iTunes
RP923: 10/14/2009 11:59:58 AM - Installed DirectX
RP924: 10/14/2009 12:11:25 PM - Installed SmartSound Quicktracks Plugin
RP925: 10/14/2009 12:16:22 PM - Installed SmartSound "New Standard 22k Library"
RP926: 10/14/2009 1:05:42 PM - Installed Roxio Creator 2010 Content.
RP927: 10/14/2009 4:41:42 PM - Revo Uninstaller's restore point - CDBurnerXP
RP928: 10/14/2009 4:47:18 PM - Revo Uninstaller's restore point - Sonic MyDVD Plus
RP929: 10/14/2009 4:47:47 PM - Removed Sonic MyDVD Plus
RP930: 10/14/2009 4:50:04 PM - Revo Uninstaller's restore point - Sonic Express Labeler
RP931: 10/14/2009 4:50:20 PM - Removed Sonic Express Labeler
RP932: 10/14/2009 4:56:59 PM - Revo Uninstaller's restore point - Sonic RecordNow Audio
RP933: 10/14/2009 4:57:10 PM - Removed Sonic RecordNow Audio
RP934: 10/14/2009 4:58:19 PM - Revo Uninstaller's restore point - Sonic RecordNow Copy
RP935: 10/14/2009 5:07:53 PM - Removed Sonic RecordNow Copy
RP936: 10/14/2009 5:12:10 PM - Revo Uninstaller's restore point - Sonic RecordNow Data
RP937: 10/14/2009 5:12:41 PM - Removed Sonic RecordNow Data
RP938: 10/14/2009 5:13:50 PM - Revo Uninstaller's restore point - Sonic Update Manager
RP939: 10/14/2009 5:16:40 PM - Removed Sonic Update Manager
RP940: 10/14/2009 5:27:43 PM - Revo Uninstaller's restore point - muvee autoProducer 5.0
RP941: 10/14/2009 5:33:27 PM - Removed muvee autoProducer 5.0
RP942: 10/14/2009 5:39:08 PM - Revo Uninstaller's restore point - muvee autoProducer unPlugged 2.0
RP943: 10/14/2009 5:39:22 PM - Removed muvee autoProducer unPlugged 2.0
RP944: 10/14/2009 5:43:38 PM - Revo Uninstaller's restore point - Driver Detective
RP945: 10/14/2009 5:43:50 PM - Removed Driver Detective.
RP946: 10/14/2009 6:09:02 PM - Revo Uninstaller's restore point - HandBrake 0.9.3
RP947: 10/14/2009 6:10:15 PM - Revo Uninstaller's restore point - DVD Flick 1.3.0.7
RP948: 10/14/2009 6:11:33 PM - Revo Uninstaller's restore point - ImgBurn
RP949: 10/14/2009 6:13:22 PM - Revo Uninstaller's restore point - EA Download Manager
RP950: 10/15/2009 6:25:56 PM - System Checkpoint
RP951: 10/16/2009 3:00:16 AM - Software Distribution Service 3.0
RP952: 10/17/2009 3:34:20 AM - System Checkpoint
RP953: 10/18/2009 4:34:21 AM - System Checkpoint
RP954: 10/19/2009 5:34:23 AM - System Checkpoint
RP955: 10/20/2009 6:34:25 AM - System Checkpoint
RP956: 10/21/2009 8:16:57 AM - System Checkpoint
RP957: 10/22/2009 8:34:29 AM - System Checkpoint
RP958: 10/23/2009 9:52:02 AM - System Checkpoint
RP959: 10/24/2009 8:33:55 PM - Installed Java(TM) 6 Update 16
RP960: 10/24/2009 8:35:50 PM - Revo Uninstaller's restore point - Adobe Reader 7.0.5
RP961: 10/24/2009 8:36:30 PM - Removed Adobe Reader 7.0.5
RP962: 10/24/2009 9:14:39 PM - Installed Adobe Reader 9.2.
RP963: 10/25/2009 11:27:45 AM - Installed SUPERAntiSpyware Professional
RP964: 10/25/2009 5:33:18 PM - Revo Uninstaller's restore point - Ad-Aware
RP965: 10/25/2009 5:35:15 PM - Revo Uninstaller's restore point - Ad-Aware
RP966: 10/25/2009 10:54:10 PM - Revo Uninstaller's restore point - McAfee SecurityCenter

==== Installed Programs ======================

µTorrent
7-Zip 9.04 beta
AAC Decoder
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
Adobe Shockwave Player
Age of Conan - Hyborian Adventures
Alarm 2.0.4
Album Art Downloader XUI 0.31.1
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
Audacity 1.2.6
Auslogics Disk Defrag
Auslogics Duplicate File Finder
AutoUpdate
Batman: Arkham Asylum - Demo
Beyond Compare Version 2.5.3
Beyond TV DVD Burning Foundation
BIAS SoundSoap SE 2.2
Bonjour
BufferChm
Call of Duty(R) 2
Call of Duty(R) 2 Patch 1.3
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 1.1
Canon MX850 series
Canon MX850 series User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
CDDRV_Installer
CinemaNow Media Manager
Comcast High-Speed Internet Install Wizard
Company of Heroes
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
CueTour
Curse Client
Customer Experience Enhancement
Data Fax SoftModem with SmartCP
Demigod Demo
Destinations
DeviceManagementQFolder
DH Driver Cleaner Professional Edition
DirectX 9 Runtime
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
Download Manager 2.3.8
Driver Robot 1.0.6.0
Duplicate Music Files Finder 1.5.5
Easy Internet Sign-up
Enhanced Multimedia Keyboard Solution
EVGA Display Driver
Family Feud (remove only)
Fences
FileZilla Client 3.2.8.1
FullDPAppQFolder
GemMaster Mystic
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
H.264 Decoder
HandBrake 0.9.3
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
HP Boot Optimizer
HP DigitalMedia Archive
HP DVD Play 2.1
HP Games 3.43.97
HP Imaging Device Functions 7.0
HP Photosmart for Media Center PC
HP Photosmart Premier Software 6.5
HP Update
HP Web Helper
HPPhotoSmartExpress
HpSdpAppCoreApp
HPSSupply
Impulse
InstantShareDevices
Intel(R) IPP Run-Time Installer 5.2 for Windows* on IA-32
Java(TM) 6 Update 16
KhalInstallWrapper
LightScribe 1.4.105.1
LightZone 3.7
LiveUpdate 3.0 (Symantec Corporation)
Logitech SetPoint
Magic DVD Ripper V5.3 build 7
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Away Mode
Microsoft IntelliPoint 6.1
Microsoft IntelliType Pro 6.1
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Money 2006
Microsoft Office 2000 Small Business
Microsoft Office Live Meeting 2005
Microsoft Office Standard Edition 2003 60 days trial
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft Works
MKV Splitter
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.0.13)
Mozilla Thunderbird (2.0.0.23)
Mp3tag v2.44
MSXML 4.0
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser
My HP Games
NVIDIA Drivers
NVIDIA PhysX
OptionalContentQFolder
Otto
Paint.NET v3.36
PC-Doctor 5 for Windows
PhotoGallery
Picasa 3
Presto! PageManager 7.15.20
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QuickBooks 99
Quicken 2006
QuickTime
RandMap
Realtek High Definition Audio Driver
Revo Uninstaller 1.83
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Burn Manager
Roxio Burn Manager CDB
Roxio CinePlayer
Roxio CinePlayer Decoder Pack
Roxio Creator 2010 Content
Roxio Creator 2010 Pro
Roxio Disaster Recovery
Roxio File Backup
Roxio PhotoShow
Roxio Venue
Roxio Video Capture USB
ScanSoft OmniPage SE 4
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Shop for HP Supplies
SkinsHP1
Skype web features
Skype™ 4.1
SlideShow
SlideShowMusic
SmartSound Quicktracks Plugin
SmartSound Sonicfire Pro 5
Songbird 1.2.0 (Build 1146)
Sonic_PrimoSDK
SpeedFan (remove only)
Spybot - Search & Destroy
Stardock Impulse
Steam
SUPERAntiSpyware Professional
Symantec KB-DocID:2003093015493306
System Requirements Lab
The KMPlayer (remove only)
uberOptions 4.60.8
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Updates from HP (remove only)
VC80CRTRedist - 8.0.50727.762
Ventrilo Client
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Studio 2005 Redist Package
VLC media player 1.0.2
Warhammer Online - Age of Reckoning
WebFldrs XP
WhiteCap
Winamp
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Messenger 5.1
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
World of Warcraft
XoftSpySE
Zune Desktop Theme

==== End Of File ===========================

dgambler
Novice
Novice

Status :
Online
Offline

Posts : 5
Joined : 2009-10-24
OS : XP SP3

View user profile

Back to top Go down

Re: Need help, bad virus highjack this log attached

Post by Belahzur on Tue Oct 27, 2009 12:01 am

Hello.
Log looks okay to me, how is the machine running?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Need help, bad virus highjack this log attached

Post by dgambler on Tue Oct 27, 2009 2:06 am

First, thanks!!!!!

Runs well except for one little problem, I can't start up in Safe Mode anymore and Firefox still won't launch.

I'm assuming a reinstall of FF should fix that, but not sure about the Safe Mode issue.

dgambler
Novice
Novice

Status :
Online
Offline

Posts : 5
Joined : 2009-10-24
OS : XP SP3

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum