Need to remove Win32 and maybe some other viruses.

View previous topic View next topic Go down

Need to remove Win32 and maybe some other viruses.

Post by la femdom on Thu Jan 07, 2010 7:07 pm

I received a virus today and it won't let me open and operate a lot of programs (thank God for Firefox) When I download virus removers it blocks them and has pop up porn and such. I keep getting a windows security alert and when i click it stuff pop up trying to get me to buy virus removers.

la femdom
Novice
Novice

Posts Posts : 17
Joined Joined : 2010-01-07
OS OS : Windows XP
Points Points : 25444
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need to remove Win32 and maybe some other viruses.

Post by la femdom on Thu Jan 07, 2010 7:24 pm

Ok so I realized IDK what I'm talking about and it is actually system guard 2009 that is giving me the problem. I'm still trying to remove it.

la femdom
Novice
Novice

Posts Posts : 17
Joined Joined : 2010-01-07
OS OS : Windows XP
Points Points : 25444
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need to remove Win32 and maybe some other viruses.

Post by la femdom on Thu Jan 07, 2010 7:27 pm

Ok...Never mind. I'm not sure what in the world I have anymore.

la femdom
Novice
Novice

Posts Posts : 17
Joined Joined : 2010-01-07
OS OS : Windows XP
Points Points : 25444
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need to remove Win32 and maybe some other viruses.

Post by la femdom on Thu Jan 07, 2010 9:02 pm

I tried using the safemode and malware bytes method which found 8 viruses and I removed them and then when I restarted my computer I was still having problems.

la femdom
Novice
Novice

Posts Posts : 17
Joined Joined : 2010-01-07
OS OS : Windows XP
Points Points : 25444
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need to remove Win32 and maybe some other viruses.

Post by Dr Jay on Thu Jan 07, 2010 9:18 pm

Please visit this webpage for instructions for downloading and running ComboFix:

[You must be registered and logged in to see this link.]

Post the log from ComboFix when you've accomplished that.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Need to remove Win32 and maybe some other viruses.

Post by la femdom on Thu Jan 07, 2010 9:21 pm

Is this the same as spyware doctor? Because that's whats now installed.

la femdom
Novice
Novice

Posts Posts : 17
Joined Joined : 2010-01-07
OS OS : Windows XP
Points Points : 25444
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need to remove Win32 and maybe some other viruses.

Post by la femdom on Thu Jan 07, 2010 9:27 pm

Nvm. i see I was Dlin' the wrong thing.

la femdom
Novice
Novice

Posts Posts : 17
Joined Joined : 2010-01-07
OS OS : Windows XP
Points Points : 25444
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need to remove Win32 and maybe some other viruses.

Post by la femdom on Thu Jan 07, 2010 9:31 pm

I tried downloading combofix but it says I cant rename combofix as "combofix (1)" and the box just disappears without giving me a chance to try naming combofix again.

la femdom
Novice
Novice

Posts Posts : 17
Joined Joined : 2010-01-07
OS OS : Windows XP
Points Points : 25444
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need to remove Win32 and maybe some other viruses.

Post by Dr Jay on Thu Jan 07, 2010 11:25 pm

Download as is. Then run it by double-clicking on it.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Need to remove Win32 and maybe some other viruses.

Post by la femdom on Sun Jan 10, 2010 4:13 pm

Here we are....


((((((((((((((((((((((((( Files Created from 2009-12-10 to 2010-01-10 )))))))))))))))))))))))))))))))
.

2010-01-07 21:21 . 2009-11-10 15:26 767952 ----a-w- c:\windows\BDTSupport.dll
2010-01-07 21:20 . 2009-11-10 15:28 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-01-07 21:20 . 2009-11-10 15:28 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-01-07 21:20 . 2009-11-10 15:28 1640400 ----a-w- c:\windows\PCTBDCore.dll
2010-01-07 21:20 . 2009-10-28 06:36 1152444 ----a-w- c:\windows\UDB.zip
2010-01-07 21:20 . 2008-11-26 17:08 131 ----a-w- c:\windows\IDB.zip
2010-01-07 21:20 . 2010-01-07 21:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\PC Tools
2010-01-07 20:38 . 2010-01-07 20:38 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2010-01-07 20:25 . 2010-01-07 20:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-01-07 20:25 . 2010-01-07 20:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-07 20:20 . 2010-01-07 20:20 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-01-07 20:20 . 2010-01-07 20:20 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-01-07 18:23 . 2009-10-30 16:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-01-07 18:23 . 2009-11-09 16:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-01-07 18:23 . 2009-10-06 21:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-01-07 18:23 . 2009-09-03 14:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-01-07 18:23 . 2010-01-09 23:18 -------- d-----w- c:\program files\Spyware Doctor
2010-01-07 18:23 . 2010-01-07 21:53 -------- d-----w- c:\program files\Common Files\PC Tools
2010-01-07 18:23 . 2010-01-07 18:23 -------- d-----w- c:\documents and settings\User\Application Data\PC Tools
2010-01-07 18:23 . 2010-01-07 18:23 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-01-07 18:15 . 2009-12-16 19:42 872960 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\8vfd0b8i.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-01-07 18:15 . 2009-12-16 19:42 43008 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\8vfd0b8i.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-01-07 18:15 . 2009-12-16 19:42 340480 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\8vfd0b8i.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-01-07 18:15 . 2009-12-16 19:41 346624 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\8vfd0b8i.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-12-24 12:22 . 2009-12-31 23:21 -------- d-----w- c:\documents and settings\User\Application Data\passionuptoolbar
2009-12-21 00:49 . 2009-12-21 00:49 -------- d-----w- c:\documents and settings\Guest\Application Data\passionuptoolbar
2009-12-14 23:02 . 2009-12-14 23:12 19517 ----a-w- c:\windows\hpqins13.dat
2009-12-14 21:06 . 2009-12-28 15:46 -------- d-----w- c:\temp\DMTemp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-10 15:50 . 2009-04-28 20:35 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-01-10 12:01 . 2009-04-28 19:30 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-09 19:02 . 2010-01-08 03:45 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-07 22:09 . 2009-11-03 21:59 -------- d-----w- c:\documents and settings\User\Application Data\Skype
2010-01-07 22:03 . 2009-11-03 22:02 -------- d-----w- c:\documents and settings\User\Application Data\skypePM
2010-01-07 11:22 . 2009-04-28 19:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-01-05 16:45 . 2009-11-10 16:29 79488 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-01 20:03 . 2009-04-28 19:29 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-12-24 12:23 . 2009-12-05 13:20 -------- d-----w- c:\program files\passionuptoolbar
2009-12-24 12:22 . 2009-12-05 13:20 -------- d-----w- c:\program files\Free Offers from Freeze.com
2009-12-21 13:28 . 2009-12-11 14:05 2066200 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-12-19 05:52 . 2009-04-28 19:28 -------- d-----w- c:\program files\Google
2009-12-05 13:21 . 2009-12-05 13:21 -------- d-----w- c:\documents and settings\All Users\Application Data\EmailNotifier
2009-12-03 00:47 . 2009-12-03 00:47 33558 ----a-w- c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\Firefox_Toolbar_Uninstaller.exe
2009-12-02 22:28 . 2009-10-11 21:57 -------- d-----w- c:\program files\MSECache
2009-11-29 04:31 . 2009-09-13 16:15 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-11-03 22:02 . 2009-11-03 22:02 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-11-02 17:52 . 2008-05-21 20:06 22392 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-29 07:45 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2006-02-28 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2006-02-28 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2006-02-28 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2006-02-28 12:00 270336 ----a-w- c:\windows\system32\oakley.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2A1998DF-70D2-4b25-B59E-868FBCA20BA1}]
2009-09-25 14:33 91608 ----a-w- c:\program files\passionuptoolbar\passionupdx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9A782146-1AEF-4ebc-9641-D4309F8A67A4}]
2009-10-20 15:47 258008 ----a-w- c:\program files\passionuptoolbar\auxi\passionuptoolbAu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-09 279944]
"{2A1998DF-70D2-4b25-B59E-868FBCA20BA1}"= "c:\program files\passionuptoolbar\passionupdx.dll" [2009-09-25 91608]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{2a1998df-70d2-4b25-b59e-868fbca20ba1}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-09 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"NetZero_uoltray"="c:\program files\NetZero\exec.exe" [2008-05-07 1701376]
"cdloader"="c:\documents and settings\User\Application Data\mjusbsp\cdloader2.exe" [2009-04-10 50520]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-28 39408]
"Google Update"="c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-20 133104]
"eFax 4.4"="c:\program files\eFax Messenger 4.4\J2GDllCmd.exe" [2008-10-07 95744]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"untd_recovery"="c:\program files\NetZero\qsacc\x1exec.exe" [2005-06-28 241664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-05 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-05 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-05 114688]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2006-01-13 196608]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hp 1000 firmware"="c:\program files\hp LaserJet 1000\fwdl.exe" [2001-12-15 36864]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-04-28 68592]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-11 2043160]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-11-18 1243088]

c:\documents and settings\User\Start Menu\Programs\Startup\
eFax 4.4.lnk - c:\program files\eFax Messenger 4.4\J2GTray.exe [2008-10-7 656896]
FrostWire On Startup.lnk - c:\program files\FrostWire\FrostWire.exe [2008-9-3 114688]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-30 12:53 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdAuxService]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdCoreService"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Documents and Settings\\User\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [1/7/2010 1:23 PM 207792]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/28/2009 3:36 PM 108552]
R2 sdauxservice;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [1/7/2010 1:23 PM 359624]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/28/2009 3:36 PM 335240]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [4/28/2009 3:35 PM 297752]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [1/7/2010 4:21 PM 112592]
S2 gupdate1c9f021dfccbd36;Google Update Service (gupdate1c9f021dfccbd36);c:\program files\Google\Update\GoogleUpdate.exe [6/18/2009 9:34 AM 133104]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [5/20/2008 3:11 PM 20160]
S3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [6/14/2008 9:26 AM 18864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-01-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-28 19:28]

2010-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-18 14:33]

2010-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-18 14:33]

2010-01-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-117609710-839522115-1003Core.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-20 11:21]

2010-01-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-117609710-839522115-1003UA.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-20 11:21]

2010-01-01 c:\windows\Tasks\Norton Security Scan for User.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-07-17 20:45]

2010-01-07 c:\windows\Tasks\User_Feed_Synchronization-{1D49D00C-5343-4779-9534-E4BCCE4C4AAB}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Display All Images with Full Quality - "c:\program files\NetZero\qsacc\appres.dll/228"
IE: Display Image with Full Quality - "c:\program files\NetZero\qsacc\appres.dll/227"
TCP: {371D348B-9F92-4365-80DB-72C60FDD627B} = 192.168.1.254
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\8vfd0b8i.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\8vfd0b8i.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Mozilla Firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - plugin: c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-vnxrqfnh - c:\documents and settings\User\Local Settings\Application Data\iisvgg\ejnxsysguard.exe
HKLM-Run-HPHmon03 - c:\windows\system32\hphmon03.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-01-10 11:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
Completion time: 2010-01-10 11:09:16
ComboFix-quarantined-files.txt 2010-01-10 16:08

Pre-Run: 63,847,583,744 bytes free
Post-Run: 65,289,359,360 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 61A6621FC9BDEABD1BE7D63287C28657

la femdom
Novice
Novice

Posts Posts : 17
Joined Joined : 2010-01-07
OS OS : Windows XP
Points Points : 25444
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need to remove Win32 and maybe some other viruses.

Post by Dr Jay on Sun Jan 10, 2010 5:18 pm

You are missing the top section of the log. Please locate the log (C:\combofix.txt or similar file name) and post the full version in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Need to remove Win32 and maybe some other viruses.

Post by la femdom on Sun Jan 10, 2010 5:19 pm

Top section:
ComboFix 10-01-04.01 - User 01/10/2010 10:57:45.1.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.197 [GMT -5:00]
Running from: c:\documents and settings\User\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\~WRD3746.tmp
c:\documents and settings\User\Local Settings\Application Data\iisvgg
c:\documents and settings\User\Local Settings\Application Data\iisvgg\ejnxsysguard.exe
c:\windows\system32\UACqvnyikcebatjbui.log

la femdom
Novice
Novice

Posts Posts : 17
Joined Joined : 2010-01-07
OS OS : Windows XP
Points Points : 25444
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need to remove Win32 and maybe some other viruses.

Post by Dr Jay on Sun Jan 10, 2010 5:39 pm

So, ComboFix did not warn you about these:
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    SecCenter::
    AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

    Folder::
    c:\program files\passionuptoolbar
    c:\program files\Free Offers from Freeze.com

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2A1998DF-70D2-4b25-B59E-868FBCA20BA1}]

    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9A782146-1AEF-4ebc-9641-D4309F8A67A4}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=-
    "{2A1998DF-70D2-4b25-B59E-868FBCA20BA1}"=-

    [-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [-HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

    [-HKEY_CLASSES_ROOT\clsid\{2a1998df-70d2-4b25-b59e-868fbca20ba1}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"=-

    [-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [-HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Need to remove Win32 and maybe some other viruses.

Post by la femdom on Sun Jan 10, 2010 6:32 pm

I cannot..for the life of me disable AVG 8.5. I even went as far as trying to delete it but it wouldn't delete I put it int he recycle bin and combofix is still having issues with it. Evil or enraged

la femdom
Novice
Novice

Posts Posts : 17
Joined Joined : 2010-01-07
OS OS : Windows XP
Points Points : 25444
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need to remove Win32 and maybe some other viruses.

Post by Dr Jay on Mon Jan 11, 2010 12:08 am

No biggie. Go ahead and post the ComboFix log, please.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Need to remove Win32 and maybe some other viruses.

Post by la femdom on Mon Jan 11, 2010 8:14 pm

ComboFix 10-01-11.01 - User 01/11/2010 15:07:02.3.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.160 [GMT -5:00]
Running from: c:\documents and settings\User\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\User\Desktop\CFscript.txt.lnk
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.

((((((((((((((((((((((((( Files Created from 2009-12-11 to 2010-01-11 )))))))))))))))))))))))))))))))
.

2010-01-08 03:45 . 2010-01-09 19:02 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-07 21:21 . 2009-11-10 15:26 767952 ----a-w- c:\windows\BDTSupport.dll
2010-01-07 21:20 . 2009-11-10 15:28 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-01-07 21:20 . 2009-11-10 15:28 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-01-07 21:20 . 2009-11-10 15:28 1640400 ----a-w- c:\windows\PCTBDCore.dll
2010-01-07 21:20 . 2009-10-28 06:36 1152444 ----a-w- c:\windows\UDB.zip
2010-01-07 21:20 . 2008-11-26 17:08 131 ----a-w- c:\windows\IDB.zip
2010-01-07 21:20 . 2010-01-07 21:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\PC Tools
2010-01-07 20:38 . 2010-01-07 20:38 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2010-01-07 20:25 . 2010-01-07 20:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-01-07 20:25 . 2010-01-07 20:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-07 20:20 . 2010-01-07 20:20 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-01-07 20:20 . 2010-01-07 20:20 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-01-07 18:23 . 2009-10-30 16:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-01-07 18:23 . 2009-11-09 16:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-01-07 18:23 . 2009-10-06 21:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-01-07 18:23 . 2009-09-03 14:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-01-07 18:23 . 2010-01-10 17:53 -------- d-----w- c:\program files\Spyware Doctor
2010-01-07 18:23 . 2010-01-07 21:53 -------- d-----w- c:\program files\Common Files\PC Tools
2010-01-07 18:23 . 2010-01-07 18:23 -------- d-----w- c:\documents and settings\User\Application Data\PC Tools
2010-01-07 18:23 . 2010-01-07 18:23 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-01-07 18:15 . 2009-12-16 19:42 872960 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\8vfd0b8i.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-01-07 18:15 . 2009-12-16 19:42 43008 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\8vfd0b8i.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-01-07 18:15 . 2009-12-16 19:42 340480 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\8vfd0b8i.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-01-07 18:15 . 2009-12-16 19:41 346624 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\8vfd0b8i.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-12-24 12:22 . 2009-12-31 23:21 -------- d-----w- c:\documents and settings\User\Application Data\passionuptoolbar
2009-12-21 00:49 . 2009-12-21 00:49 -------- d-----w- c:\documents and settings\Guest\Application Data\passionuptoolbar
2009-12-14 23:02 . 2009-12-14 23:12 19517 ----a-w- c:\windows\hpqins13.dat
2009-12-14 21:06 . 2009-12-28 15:46 -------- d-----w- c:\temp\DMTemp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-10 18:08 . 2009-04-28 20:35 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-01-10 17:53 . 2009-04-28 19:30 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-07 22:09 . 2009-11-03 21:59 -------- d-----w- c:\documents and settings\User\Application Data\Skype
2010-01-07 22:03 . 2009-11-03 22:02 -------- d-----w- c:\documents and settings\User\Application Data\skypePM
2010-01-07 11:22 . 2009-04-28 19:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-01-05 16:45 . 2009-11-10 16:29 79488 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-01 20:03 . 2009-04-28 19:29 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-12-24 12:23 . 2009-12-05 13:20 -------- d-----w- c:\program files\passionuptoolbar
2009-12-24 12:22 . 2009-12-05 13:20 -------- d-----w- c:\program files\Free Offers from Freeze.com
2009-12-21 13:28 . 2009-12-11 14:05 2066200 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-12-19 05:52 . 2009-04-28 19:28 -------- d-----w- c:\program files\Google
2009-12-05 13:21 . 2009-12-05 13:21 -------- d-----w- c:\documents and settings\All Users\Application Data\EmailNotifier
2009-12-03 00:47 . 2009-12-03 00:47 33558 ----a-w- c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\Firefox_Toolbar_Uninstaller.exe
2009-12-02 22:28 . 2009-10-11 21:57 -------- d-----w- c:\program files\MSECache
2009-11-29 04:31 . 2009-09-13 16:15 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-11-03 22:02 . 2009-11-03 22:02 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-11-02 17:52 . 2008-05-21 20:06 22392 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-29 07:45 . 2006-02-28 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2006-02-28 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2006-02-28 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2006-02-28 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2A1998DF-70D2-4b25-B59E-868FBCA20BA1}]
2009-09-25 14:33 91608 ----a-w- c:\program files\passionuptoolbar\passionupdx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9A782146-1AEF-4ebc-9641-D4309F8A67A4}]
2009-10-20 15:47 258008 ----a-w- c:\program files\passionuptoolbar\auxi\passionuptoolbAu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-09 279944]
"{2A1998DF-70D2-4b25-B59E-868FBCA20BA1}"= "c:\program files\passionuptoolbar\passionupdx.dll" [2009-09-25 91608]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{2a1998df-70d2-4b25-b59e-868fbca20ba1}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-09 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"NetZero_uoltray"="c:\program files\NetZero\exec.exe" [2008-05-07 1701376]
"cdloader"="c:\documents and settings\User\Application Data\mjusbsp\cdloader2.exe" [2009-04-10 50520]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-28 39408]
"Google Update"="c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-20 133104]
"eFax 4.4"="c:\program files\eFax Messenger 4.4\J2GDllCmd.exe" [2008-10-07 95744]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"untd_recovery"="c:\program files\NetZero\qsacc\x1exec.exe" [2005-06-28 241664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-05 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-05 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-05 114688]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2006-01-13 196608]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hp 1000 firmware"="c:\program files\hp LaserJet 1000\fwdl.exe" [2001-12-15 36864]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-04-28 68592]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]

c:\documents and settings\User\Start Menu\Programs\Startup\
eFax 4.4.lnk - c:\program files\eFax Messenger 4.4\J2GTray.exe [2008-10-7 656896]
FrostWire On Startup.lnk - c:\program files\FrostWire\FrostWire.exe [2008-9-3 114688]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-30 12:53 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdAuxService]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdCoreService"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Documents and Settings\\User\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [1/7/2010 1:23 PM 207792]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/28/2009 3:36 PM 108552]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/28/2009 3:36 PM 335240]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [4/28/2009 3:35 PM 297752]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [1/7/2010 4:21 PM 112592]
S2 gupdate1c9f021dfccbd36;Google Update Service (gupdate1c9f021dfccbd36);c:\program files\Google\Update\GoogleUpdate.exe [6/18/2009 9:34 AM 133104]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [5/20/2008 3:11 PM 20160]
S3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [6/14/2008 9:26 AM 18864]
S3 sdauxservice;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [1/7/2010 1:23 PM 359624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-01-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-28 19:28]

2010-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-18 14:33]

2010-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-18 14:33]

2010-01-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-117609710-839522115-1003Core.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-20 11:21]

2010-01-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-117609710-839522115-1003UA.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-20 11:21]

2010-01-01 c:\windows\Tasks\Norton Security Scan for User.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-07-17 20:45]

2010-01-07 c:\windows\Tasks\User_Feed_Synchronization-{1D49D00C-5343-4779-9534-E4BCCE4C4AAB}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Display All Images with Full Quality - "c:\program files\NetZero\qsacc\appres.dll/228"
IE: Display Image with Full Quality - "c:\program files\NetZero\qsacc\appres.dll/227"
TCP: {371D348B-9F92-4365-80DB-72C60FDD627B} = 192.168.1.254
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\8vfd0b8i.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\8vfd0b8i.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Mozilla Firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - plugin: c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-01-11 15:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1380)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2010-01-11 15:12:50
ComboFix-quarantined-files.txt 2010-01-11 20:12
ComboFix2.txt 2010-01-11 19:56
ComboFix3.txt 2010-01-10 16:09

Pre-Run: 65,117,786,112 bytes free
Post-Run: 65,106,337,792 bytes free

- - End Of File - - 89DD9DA3AB336051E5FEC4CD2ECCBFE4

la femdom
Novice
Novice

Posts Posts : 17
Joined Joined : 2010-01-07
OS OS : Windows XP
Points Points : 25444
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need to remove Win32 and maybe some other viruses.

Post by la femdom on Tue Jan 12, 2010 7:21 pm

Should I replace the old CFScript.txt?

la femdom
Novice
Novice

Posts Posts : 17
Joined Joined : 2010-01-07
OS OS : Windows XP
Points Points : 25444
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need to remove Win32 and maybe some other viruses.

Post by Dr Jay on Wed Jan 13, 2010 3:59 am

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2A1998DF-70D2-4b25-B59E-868FBCA20BA1}]

    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9A782146-1AEF-4ebc-9641-D4309F8A67A4}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=-
    "{2A1998DF-70D2-4b25-B59E-868FBCA20BA1}"=-

    [-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [-HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

    [-HKEY_CLASSES_ROOT\clsid\{2a1998df-70d2-4b25-b59e-868fbca20ba1}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"=-

    [-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [-HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Need to remove Win32 and maybe some other viruses.

Post by la femdom on Fri Jan 15, 2010 9:56 pm

ComboFix 10-01-15.01 - User 01/15/2010 16:40:24.4.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.145 [GMT -5:00]
Running from: c:\documents and settings\User\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\User\Desktop\CFscript.txt.lnk
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.

((((((((((((((((((((((((( Files Created from 2009-12-15 to 2010-01-15 )))))))))))))))))))))))))))))))
.

2010-01-08 03:45 . 2010-01-09 19:02 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-07 21:21 . 2009-11-10 15:26 767952 ----a-w- c:\windows\BDTSupport.dll
2010-01-07 21:20 . 2009-11-10 15:28 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-01-07 21:20 . 2009-11-10 15:28 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-01-07 21:20 . 2009-11-10 15:28 1640400 ----a-w- c:\windows\PCTBDCore.dll
2010-01-07 21:20 . 2009-10-28 06:36 1152444 ----a-w- c:\windows\UDB.zip
2010-01-07 21:20 . 2008-11-26 17:08 131 ----a-w- c:\windows\IDB.zip
2010-01-07 21:20 . 2010-01-07 21:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\PC Tools
2010-01-07 20:38 . 2010-01-07 20:38 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2010-01-07 20:25 . 2010-01-07 20:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-01-07 20:25 . 2010-01-07 20:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-07 20:20 . 2010-01-07 20:20 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-01-07 20:20 . 2010-01-07 20:20 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-01-07 18:23 . 2009-10-30 16:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-01-07 18:23 . 2009-11-09 16:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-01-07 18:23 . 2009-10-06 21:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-01-07 18:23 . 2009-09-03 14:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-01-07 18:23 . 2010-01-10 17:53 -------- d-----w- c:\program files\Spyware Doctor
2010-01-07 18:23 . 2010-01-07 21:53 -------- d-----w- c:\program files\Common Files\PC Tools
2010-01-07 18:23 . 2010-01-07 18:23 -------- d-----w- c:\documents and settings\User\Application Data\PC Tools
2010-01-07 18:23 . 2010-01-07 18:23 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-01-07 18:15 . 2009-12-16 19:42 872960 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\8vfd0b8i.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-01-07 18:15 . 2009-12-16 19:42 43008 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\8vfd0b8i.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-01-07 18:15 . 2009-12-16 19:42 340480 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\8vfd0b8i.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-01-07 18:15 . 2009-12-16 19:41 346624 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\8vfd0b8i.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-12-24 12:22 . 2009-12-31 23:21 -------- d-----w- c:\documents and settings\User\Application Data\passionuptoolbar
2009-12-21 00:49 . 2009-12-21 00:49 -------- d-----w- c:\documents and settings\Guest\Application Data\passionuptoolbar

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-10 18:08 . 2009-04-28 20:35 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-01-10 17:53 . 2009-04-28 19:30 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-07 22:09 . 2009-11-03 21:59 -------- d-----w- c:\documents and settings\User\Application Data\Skype
2010-01-07 22:03 . 2009-11-03 22:02 -------- d-----w- c:\documents and settings\User\Application Data\skypePM
2010-01-07 11:22 . 2009-04-28 19:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-01-05 16:45 . 2009-11-10 16:29 79488 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-01 20:03 . 2009-04-28 19:29 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-12-24 12:23 . 2009-12-05 13:20 -------- d-----w- c:\program files\passionuptoolbar
2009-12-24 12:22 . 2009-12-05 13:20 -------- d-----w- c:\program files\Free Offers from Freeze.com
2009-12-21 13:28 . 2009-12-11 14:05 2066200 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-12-19 05:52 . 2009-04-28 19:28 -------- d-----w- c:\program files\Google
2009-12-14 23:12 . 2009-12-14 23:02 19517 ----a-w- c:\windows\hpqins13.dat
2009-12-05 13:21 . 2009-12-05 13:21 -------- d-----w- c:\documents and settings\All Users\Application Data\EmailNotifier
2009-12-03 00:47 . 2009-12-03 00:47 33558 ----a-w- c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\Firefox_Toolbar_Uninstaller.exe
2009-12-02 22:28 . 2009-10-11 21:57 -------- d-----w- c:\program files\MSECache
2009-11-29 04:31 . 2009-09-13 16:15 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-11-03 22:02 . 2009-11-03 22:02 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-11-02 17:52 . 2008-05-21 20:06 22392 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-29 07:45 . 2006-02-28 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2006-02-28 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2006-02-28 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2006-02-28 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2A1998DF-70D2-4b25-B59E-868FBCA20BA1}]
2009-09-25 14:33 91608 ----a-w- c:\program files\passionuptoolbar\passionupdx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9A782146-1AEF-4ebc-9641-D4309F8A67A4}]
2009-10-20 15:47 258008 ----a-w- c:\program files\passionuptoolbar\auxi\passionuptoolbAu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-09 279944]
"{2A1998DF-70D2-4b25-B59E-868FBCA20BA1}"= "c:\program files\passionuptoolbar\passionupdx.dll" [2009-09-25 91608]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{2a1998df-70d2-4b25-b59e-868fbca20ba1}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-09 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"NetZero_uoltray"="c:\program files\NetZero\exec.exe" [2008-05-07 1701376]
"cdloader"="c:\documents and settings\User\Application Data\mjusbsp\cdloader2.exe" [2009-04-10 50520]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-28 39408]
"Google Update"="c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-20 133104]
"eFax 4.4"="c:\program files\eFax Messenger 4.4\J2GDllCmd.exe" [2008-10-07 95744]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"AdobeUpdater6"="c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe" [2009-01-08 2521464]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"untd_recovery"="c:\program files\NetZero\qsacc\x1exec.exe" [2005-06-28 241664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-05 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-05 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-05 114688]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2006-01-13 196608]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hp 1000 firmware"="c:\program files\hp LaserJet 1000\fwdl.exe" [2001-12-15 36864]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-04-28 68592]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]

c:\documents and settings\User\Start Menu\Programs\Startup\
eFax 4.4.lnk - c:\program files\eFax Messenger 4.4\J2GTray.exe [2008-10-7 656896]
FrostWire On Startup.lnk - c:\program files\FrostWire\FrostWire.exe [2008-9-3 114688]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-30 12:53 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdAuxService]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdCoreService"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Documents and Settings\\User\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [1/7/2010 1:23 PM 207792]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/28/2009 3:36 PM 108552]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/28/2009 3:36 PM 335240]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [4/28/2009 3:35 PM 297752]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [1/7/2010 4:21 PM 112592]
S2 gupdate1c9f021dfccbd36;Google Update Service (gupdate1c9f021dfccbd36);c:\program files\Google\Update\GoogleUpdate.exe [6/18/2009 9:34 AM 133104]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [5/20/2008 3:11 PM 20160]
S3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [6/14/2008 9:26 AM 18864]
S3 sdauxservice;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [1/7/2010 1:23 PM 359624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-01-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-28 19:28]

2010-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-18 14:33]

2010-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-18 14:33]

2010-01-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-117609710-839522115-1003Core.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-20 11:21]

2010-01-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-117609710-839522115-1003UA.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-20 11:21]

2010-01-01 c:\windows\Tasks\Norton Security Scan for User.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-07-17 20:45]

2010-01-07 c:\windows\Tasks\User_Feed_Synchronization-{1D49D00C-5343-4779-9534-E4BCCE4C4AAB}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Display All Images with Full Quality - "c:\program files\NetZero\qsacc\appres.dll/228"
IE: Display Image with Full Quality - "c:\program files\NetZero\qsacc\appres.dll/227"
TCP: {371D348B-9F92-4365-80DB-72C60FDD627B} = 192.168.1.254
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\8vfd0b8i.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\8vfd0b8i.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Mozilla Firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - plugin: c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-01-15 16:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(952)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2010-01-15 16:48:11
ComboFix-quarantined-files.txt 2010-01-15 21:47
ComboFix2.txt 2010-01-11 20:12
ComboFix3.txt 2010-01-11 19:56
ComboFix4.txt 2010-01-10 16:09

Pre-Run: 65,326,841,856 bytes free
Post-Run: 65,316,122,624 bytes free

- - End Of File - - 9097D8B45C94EFC03E1F49C0396D5105

la femdom
Novice
Novice

Posts Posts : 17
Joined Joined : 2010-01-07
OS OS : Windows XP
Points Points : 25444
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need to remove Win32 and maybe some other viruses.

Post by Dr Jay on Fri Jan 15, 2010 11:51 pm

Please run the [You must be registered and logged in to see this link.]

  • Follow the Instruction [You must be registered and logged in to see this link.] for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum