GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

Mega Virus

View previous topic View next topic Go down

Mega Virus

Post by TrIggA on Wed Feb 10, 2010 9:51 am

I think it came in the form of a .PDF, I was just surfing the web, and when I clicked a link it opened some sort of .pdf. Now it keeps saying that I have a virus, I can't open my AVG Free antivirus, or any other program, like taskmanager, system restore, etc. I get popups from Windows Security alert, which I don't download what it tells to, because I know it's bogus, then I get other popups saying Antivirus software alert: Infiltration alert. Your computer is being attacked by an internet virus. It could be a password-stealing, a trojan - dropper or similar: DETAILS: Attack from: 112.24.185.117, port 851: Attacked port: 23514: Threat: Win32/Nuqel.E, and it comes up with a different threat every time, such as BankerFox.A, or anything like that. And every link from EVERYTHING is bringing me to -removed- , which claims to be an Anti-Virus purchase of "Antivirus Soft." But yeah, I can't open anything. If I try to open task manager, it opens for a split second, then it says that it's infected. So I have no idea what to do, if I could get remote assistance or ANYTHING, I'd be EXTREMELY greatful.

TrIggA
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2010-02-10
Gender : Male
OS : Windows XP Professional, SP3
Points : 25291
# Likes : 0

View user profile

Back to top Go down

Re: Mega Virus

Post by TrIggA on Wed Feb 10, 2010 10:43 am

EDIT: I think I may have fixed it, I downloaded the Malwarebytes' Anti-Malware and removed the viruses it found, that antivirus soft thing or whatever. Anyway, if you find anything other than the antivirus soft thing in the log, please get back to me.

ORIGINAL POST:
I figured out how to stop the "That program is infected" thing, so that I can run programs, and it seems my computer is fine when I close the file. I had to open task manager right when I logged on, before the virus loaded, so I could end the process. I got ComboFix and followed the guide, here's the log. Thanks.

ComboFix 10-02-09.04 - Josh 02/10/2010 10:28:02.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2564 [GMT -5:00]
Running from: c:\documents and settings\Josh\Desktop\commy.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\HP Image Zone .lnk
C:\install.exe

.
((((((((((((((((((((((((( Files Created from 2010-01-10 to 2010-02-10 )))))))))))))))))))))))))))))))
.

2010-02-10 15:23 . 2010-02-10 15:25 -------- d-----w- C:\commy
2010-02-10 13:45 . 2010-02-10 13:45 -------- d-----w- c:\documents and settings\Josh\Local Settings\Application Data\dwxaqn
2010-01-28 16:52 . 2010-01-28 16:53 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2010-01-24 15:59 . 2010-01-24 15:59 -------- d-----w- c:\documents and settings\Rich\Application Data\Apple Computer
2010-01-23 21:47 . 2010-01-23 21:47 -------- d-----w- c:\documents and settings\Nicole.PRATT\Local Settings\Application Data\Apple
2010-01-22 17:40 . 2010-01-22 17:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-01-22 01:33 . 2010-01-22 01:33 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-01-16 19:19 . 1998-09-01 07:25 299520 ----a-w- c:\windows\uninst.exe
2010-01-13 02:47 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-13 02:14 . 2010-01-13 02:14 90284 ---ha-w- c:\windows\system32\mlfcache.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-10 15:15 . 2009-05-30 03:36 -------- d-----w- c:\documents and settings\Josh\Application Data\Hamachi
2010-02-10 15:15 . 2009-03-26 23:07 -------- d-----w- c:\documents and settings\Josh\Application Data\Xfire
2010-02-10 14:14 . 2010-01-23 01:49 0 ----a-w- c:\documents and settings\Josh\ntuser.tmp
2010-02-10 08:07 . 2009-08-25 17:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-10 03:55 . 2009-03-26 22:35 138784 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-10 03:55 . 2009-03-26 22:35 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-03 22:12 . 2009-12-29 22:34 -------- d-----w- c:\program files\Bonjour
2010-01-31 05:00 . 2009-04-27 18:58 -------- d-----w- c:\documents and settings\Josh\Application Data\TeamViewer
2010-01-31 04:59 . 2009-04-27 18:58 -------- d-----w- c:\program files\TeamViewer
2010-01-28 16:54 . 2009-10-31 03:42 -------- d-----w- c:\program files\Google
2010-01-22 08:19 . 2009-09-28 22:11 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-17 16:37 . 2009-03-30 01:28 171520 ----a-w- c:\documents and settings\Marge\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-16 21:35 . 2009-04-20 18:28 171520 ----a-w- c:\documents and settings\Nicole.PRATT\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-16 20:00 . 2009-12-29 22:35 -------- d-----w- c:\documents and settings\Josh\Application Data\Apple Computer
2010-01-16 19:57 . 2009-11-26 01:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-01-16 19:55 . 2009-03-26 21:30 171520 ----a-w- c:\documents and settings\Josh\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-16 19:24 . 2009-03-26 22:40 171520 ----a-w- c:\documents and settings\Rich\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-16 19:20 . 2010-01-16 19:20 -------- d-----w- c:\program files\CreataCard
2010-01-11 22:28 . 2009-04-06 21:49 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-01-09 01:10 . 2009-07-25 22:36 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-08 00:12 . 2010-01-08 00:12 -------- d-----w- c:\program files\Paint.NET
2010-01-03 02:08 . 2009-12-24 15:15 -------- d-----w- c:\documents and settings\Josh\Application Data\TS3Client
2009-12-31 16:50 . 2003-03-31 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-29 22:35 . 2009-12-29 22:35 -------- d-----w- c:\program files\iTunes
2009-12-29 22:35 . 2009-12-29 22:35 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-29 22:35 . 2009-12-29 22:35 -------- d-----w- c:\program files\iPod
2009-12-29 22:35 . 2009-11-26 01:12 -------- d-----w- c:\program files\Common Files\Apple
2009-12-29 22:35 . 2009-11-26 01:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-12-23 11:55 . 2009-05-15 15:03 -------- d-----w- c:\documents and settings\Rich\Application Data\U3
2009-12-22 05:21 . 2003-03-31 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2009-12-22 05:20 . 2004-08-04 07:56 81920 ------w- c:\windows\system32\ieencode.dll
2009-12-21 20:12 . 2009-08-30 16:02 -------- d-----w- c:\documents and settings\Josh\Application Data\U3
2009-12-21 12:05 . 2009-07-25 22:36 -------- d-----w- c:\documents and settings\Josh\Application Data\Publish Providers
2009-12-18 19:58 . 2009-12-18 19:58 -------- d-----w- c:\program files\Valve
2009-12-16 18:43 . 2009-03-26 21:55 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2003-03-31 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:26 . 2003-03-31 12:00 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2002-08-29 01:04 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2003-03-31 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:11 . 2003-03-31 12:00 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:11 . 2001-08-17 22:36 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2003-03-31 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2003-03-31 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2003-03-31 12:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2001-08-17 22:36 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-21 15:51 . 2003-03-31 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-12 22:07 . 2009-11-12 22:07 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\documents and settings\josh\my documents\steam\steam.exe" [2009-11-17 1217808]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-05-15 484904]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-09-03 3342336]
"Aim"="c:\program files\AIM\aim.exe" [2009-10-01 3634024]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"mdtalhrf"="c:\documents and settings\Josh\Local Settings\Application Data\dwxaqn\mfnfsftav.exe" [2010-02-10 254720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-12 2043160]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 16126464]
"SkyTel"="SkyTel.EXE" [2007-04-06 1822720]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-21 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-05-08 1953792]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-28 12669544]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-10-28 110184]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-06 198160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"mdtalhrf"="c:\documents and settings\Josh\Local Settings\Application Data\dwxaqn\mfnfsftav.exe" [2010-02-10 254720]

c:\documents and settings\Rich\Start Menu\Programs\Startup\
Event Minder Reminders.lnk - c:\hallmark\EMREMIND.EXE [2009-5-10 6240]

c:\documents and settings\Josh\Start Menu\Programs\Startup\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2009-5-29 625952]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
Xfire.lnk - c:\documents and settings\Josh\My Documents\Xfire\Xfire.exe [2010-1-21 3188624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Event Planner Reminder 2008.lnk - c:\windows\Installer\{747A6A10-DA58-48C2-A1F0-C15514419C8A}\Shortcut_EventPlan_5D0DF1BBD82E4FB2B98E4FDE42EF7EBB.exe [2009-8-30 1718]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-11 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-28 12:03 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqwded.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Xfire\\Xfire.exe"=
"c:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqw.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\garrysmod\\hl2.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\synergy\\hl2.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\source sdk base\\hl2.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\half-life deathmatch source\\hl2.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\Steam.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\half-life blue shift\\hl.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\half-life\\hl.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\opposing force\\hl.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\team fortress classic\\hl.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\EA GAMES\\Command & Conquer The First Decade\\Command & Conquer(tm) Generals Zero Hour\\generals.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Bittorrent\\bittorrent.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Sony Vegas\\Actual\\VegSrv80.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\EA GAMES\\Command & Conquer The First Decade\\Command & Conquer(tm) Tiberian Sun(tm)\\SUN\\Game.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.9\\cnc3game.dat"=
"c:\\Program Files\\EA GAMES\\Command & Conquer The First Decade\\Command & Conquer Renegade(tm)\\Renegade\\Game.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\far cry 2\\bin\\FarCry2.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\far cry 2\\bin\\FC2Editor.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\far cry 2\\bin\\FC2BenchmarkTool.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\far cry 2\\bin\\FC2ServerLauncher.exe"=
"c:\\Program Files\\id Software\\Return to Castle Wolfenstein222\\WolfMP.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Wolfenstein\\MP\\Wolf2MP.exe"=
"c:\\Program Files\\Activision\\Wolfenstein\\MP\\Wolf2MPLite.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\left 4 dead 2 demo\\left4dead2.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\left 4 dead\\bin\\SDKLauncher.exe"=
"c:\\srcds\\orangebox\\srcds.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\killingfloor\\System\\KillingFloor.exe"=
"c:\\srcds\\CSS\\srcds.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\left 4 dead 2\\bin\\SDKLauncher.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\synergy dedicated server\\srcds.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/26/2009 5:05 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/26/2009 5:05 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [3/26/2009 5:05 PM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/26/2009 5:05 PM 297752]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [3/26/2009 5:04 PM 38656]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/30/2009 10:42 PM 133104]
S3 cpuz130;cpuz130;\??\c:\docume~1\Josh\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Josh\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 qcserxp;HTC Diagnostic Port (PID 0B03);c:\windows\system32\drivers\qcserxp.sys [9/16/2009 6:48 PM 92800]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - IDSVC

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-05-15 21:08 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-02-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-31 03:42]

2010-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-31 03:42]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Josh\Application Data\Mozilla\Firefox\Profiles\4zaz1pob.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\documents and settings\Josh\Application Data\Mozilla\Firefox\Profiles\4zaz1pob.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\Josh\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-nwiz - nwiz.exe
AddRemove-City 14 - c:\program files\Valve\Steam\SteamApps\SourceMods\Cite 14\Uninstal.exe
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
AddRemove-Xvid_is1 - c:\documents and settings\Josh\My Documents\CSS Fix\addons\sourcemod\Xvid\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-02-10 10:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-343818398-179605362-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ca,b3,8b,20,6d,69,ea,a1,6d,b8,63,54,40,ad,10,73,14,2a,c4,61,95,55,d1,
45,30,81,ee,48,20,ee,9f,04,7d,0b,e1,d3,af,7f,c6,8a,1b,10,f3,19,56,41,37,01,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d

[HKEY_USERS\S-1-5-21-343818398-179605362-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:2b,04,8f,17,62,f4,1b,34,5c,58,be,82,dc,fe,17,c1,99,3f,a9,de,82,
fb,30,eb,95,fe,01,06,d4,ac,1b,84,22,bb,ab,bd,30,f3,2a,c7,d3,a6,a1,5c,06,a8,\
"rkeysecu"=hex:2a,88,e8,4c,c3,e4,9d,0f,17,5a,2d,d2,b5,09,c3,65
.
Completion time: 2010-02-10 10:40:13
ComboFix-quarantined-files.txt 2010-02-10 15:40

Pre-Run: 64,011,202,560 bytes free
Post-Run: 74,532,347,904 bytes free

- - End Of File - - 280DDD32FA1FE2F73099F498BBC2C15A

TrIggA
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2010-02-10
Gender : Male
OS : Windows XP Professional, SP3
Points : 25291
# Likes : 0

View user profile

Back to top Go down

Re: Mega Virus

Post by Belahzur on Wed Feb 10, 2010 1:54 pm

Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    Folder::
    c:\documents and settings\Josh\Local Settings\Application Data\dwxaqn

    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "mdtalhrf"=-
    "mdtalhrf"=-

    DDS::
    uInternet Settings,ProxyServer = http=127.0.0.1:5555
    uInternet Settings,ProxyOverride =
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Mega Virus

Post by TrIggA on Wed Feb 10, 2010 2:12 pm

Alright


ComboFix 10-02-10.01 - Josh 02/10/2010 13:58:29.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2858 [GMT -5:00]
Running from: c:\documents and settings\Josh\Desktop\commy.exe
Command switches used :: c:\documents and settings\Josh\Desktop\CFscript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Josh\Local Settings\Application Data\dwxaqn
c:\documents and settings\Josh\Local Settings\Application Data\dwxaqn\mfnfsftav.exe

.
((((((((((((((((((((((((( Files Created from 2010-01-10 to 2010-02-10 )))))))))))))))))))))))))))))))
.

2010-02-10 16:14 . 2010-02-10 16:14 -------- d-----w- c:\documents and settings\Josh\Application Data\Malwarebytes
2010-02-10 16:14 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-10 16:14 . 2010-02-10 16:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-10 16:14 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-10 15:27 . 2010-02-10 15:40 -------- d-----w- C:\commy3882c
2010-02-10 15:23 . 2010-02-10 15:25 -------- d-----w- C:\commy
2010-01-28 16:52 . 2010-01-28 16:53 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2010-01-24 15:59 . 2010-01-24 15:59 -------- d-----w- c:\documents and settings\Rich\Application Data\Apple Computer
2010-01-23 21:47 . 2010-01-23 21:47 -------- d-----w- c:\documents and settings\Nicole.PRATT\Local Settings\Application Data\Apple
2010-01-22 17:40 . 2010-01-22 17:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-01-22 01:33 . 2010-01-22 01:33 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-01-16 19:19 . 1998-09-01 07:25 299520 ----a-w- c:\windows\uninst.exe
2010-01-13 02:47 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-13 02:14 . 2010-01-13 02:14 90284 ---ha-w- c:\windows\system32\mlfcache.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-10 16:24 . 2009-05-30 03:36 -------- d-----w- c:\documents and settings\Josh\Application Data\Hamachi
2010-02-10 16:24 . 2009-03-26 23:07 -------- d-----w- c:\documents and settings\Josh\Application Data\Xfire
2010-02-10 14:14 . 2010-01-23 01:49 0 ----a-w- c:\documents and settings\Josh\ntuser.tmp
2010-02-10 08:07 . 2009-08-25 17:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-10 03:55 . 2009-03-26 22:35 138784 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-10 03:55 . 2009-03-26 22:35 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-03 22:12 . 2009-12-29 22:34 -------- d-----w- c:\program files\Bonjour
2010-01-31 05:00 . 2009-04-27 18:58 -------- d-----w- c:\documents and settings\Josh\Application Data\TeamViewer
2010-01-31 04:59 . 2009-04-27 18:58 -------- d-----w- c:\program files\TeamViewer
2010-01-28 16:54 . 2009-10-31 03:42 -------- d-----w- c:\program files\Google
2010-01-22 08:19 . 2009-09-28 22:11 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-17 16:37 . 2009-03-30 01:28 171520 ----a-w- c:\documents and settings\Marge\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-16 21:35 . 2009-04-20 18:28 171520 ----a-w- c:\documents and settings\Nicole.PRATT\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-16 20:00 . 2009-12-29 22:35 -------- d-----w- c:\documents and settings\Josh\Application Data\Apple Computer
2010-01-16 19:57 . 2009-11-26 01:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-01-16 19:55 . 2009-03-26 21:30 171520 ----a-w- c:\documents and settings\Josh\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-16 19:24 . 2009-03-26 22:40 171520 ----a-w- c:\documents and settings\Rich\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-16 19:20 . 2010-01-16 19:20 -------- d-----w- c:\program files\CreataCard
2010-01-11 22:28 . 2009-04-06 21:49 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-01-09 01:10 . 2009-07-25 22:36 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-08 00:12 . 2010-01-08 00:12 -------- d-----w- c:\program files\Paint.NET
2010-01-03 02:08 . 2009-12-24 15:15 -------- d-----w- c:\documents and settings\Josh\Application Data\TS3Client
2009-12-31 16:50 . 2003-03-31 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-29 22:35 . 2009-12-29 22:35 -------- d-----w- c:\program files\iTunes
2009-12-29 22:35 . 2009-12-29 22:35 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-29 22:35 . 2009-12-29 22:35 -------- d-----w- c:\program files\iPod
2009-12-29 22:35 . 2009-11-26 01:12 -------- d-----w- c:\program files\Common Files\Apple
2009-12-29 22:35 . 2009-11-26 01:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-12-23 11:55 . 2009-05-15 15:03 -------- d-----w- c:\documents and settings\Rich\Application Data\U3
2009-12-22 05:21 . 2003-03-31 12:00 667136 ------w- c:\windows\system32\wininet.dll
2009-12-22 05:20 . 2004-08-04 07:56 81920 ------w- c:\windows\system32\ieencode.dll
2009-12-21 20:12 . 2009-08-30 16:02 -------- d-----w- c:\documents and settings\Josh\Application Data\U3
2009-12-21 12:05 . 2009-07-25 22:36 -------- d-----w- c:\documents and settings\Josh\Application Data\Publish Providers
2009-12-18 19:58 . 2009-12-18 19:58 -------- d-----w- c:\program files\Valve
2009-12-16 18:43 . 2009-03-26 21:55 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2003-03-31 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:26 . 2003-03-31 12:00 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2002-08-29 01:04 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2003-03-31 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:11 . 2003-03-31 12:00 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:11 . 2001-08-17 22:36 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2003-03-31 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2003-03-31 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2003-03-31 12:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2001-08-17 22:36 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-21 15:51 . 2003-03-31 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-12 22:07 . 2009-11-12 22:07 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-10 16:23 . 2010-02-10 16:23 16384 c:\windows\Temp\Perflib_Perfdata_880.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\documents and settings\josh\my documents\steam\steam.exe" [2009-11-17 1217808]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-05-15 484904]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-09-03 3342336]
"Aim"="c:\program files\AIM\aim.exe" [2009-10-01 3634024]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-12 2043160]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 16126464]
"SkyTel"="SkyTel.EXE" [2007-04-06 1822720]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-21 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-05-08 1953792]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-28 12669544]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-10-28 110184]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-06 198160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

c:\documents and settings\Josh\Start Menu\Programs\Startup\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2009-5-29 625952]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
Xfire.lnk - c:\documents and settings\Josh\My Documents\Xfire\Xfire.exe [2010-1-21 3188624]

c:\documents and settings\Rich\Start Menu\Programs\Startup\
Event Minder Reminders.lnk - c:\hallmark\EMREMIND.EXE [2009-5-10 6240]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Event Planner Reminder 2008.lnk - c:\windows\Installer\{747A6A10-DA58-48C2-A1F0-C15514419C8A}\Shortcut_EventPlan_5D0DF1BBD82E4FB2B98E4FDE42EF7EBB.exe [2009-8-30 1718]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-11 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-28 12:03 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqwded.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Xfire\\Xfire.exe"=
"c:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqw.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\garrysmod\\hl2.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\synergy\\hl2.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\source sdk base\\hl2.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\half-life deathmatch source\\hl2.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\Steam.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\half-life blue shift\\hl.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\half-life\\hl.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\opposing force\\hl.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\team fortress classic\\hl.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\EA GAMES\\Command & Conquer The First Decade\\Command & Conquer(tm) Generals Zero Hour\\generals.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Bittorrent\\bittorrent.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Sony Vegas\\Actual\\VegSrv80.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\EA GAMES\\Command & Conquer The First Decade\\Command & Conquer(tm) Tiberian Sun(tm)\\SUN\\Game.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.9\\cnc3game.dat"=
"c:\\Program Files\\EA GAMES\\Command & Conquer The First Decade\\Command & Conquer Renegade(tm)\\Renegade\\Game.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\far cry 2\\bin\\FarCry2.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\far cry 2\\bin\\FC2Editor.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\far cry 2\\bin\\FC2BenchmarkTool.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\far cry 2\\bin\\FC2ServerLauncher.exe"=
"c:\\Program Files\\id Software\\Return to Castle Wolfenstein222\\WolfMP.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Wolfenstein\\MP\\Wolf2MP.exe"=
"c:\\Program Files\\Activision\\Wolfenstein\\MP\\Wolf2MPLite.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\left 4 dead 2 demo\\left4dead2.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\left 4 dead\\bin\\SDKLauncher.exe"=
"c:\\srcds\\orangebox\\srcds.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\killingfloor\\System\\KillingFloor.exe"=
"c:\\srcds\\CSS\\srcds.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\left 4 dead 2\\bin\\SDKLauncher.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\synergy dedicated server\\srcds.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/26/2009 5:05 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/26/2009 5:05 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [3/26/2009 5:05 PM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/26/2009 5:05 PM 297752]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [3/26/2009 5:04 PM 38656]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/30/2009 10:42 PM 133104]
S3 cpuz130;cpuz130;\??\c:\docume~1\Josh\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Josh\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 qcserxp;HTC Diagnostic Port (PID 0B03);c:\windows\system32\drivers\qcserxp.sys [9/16/2009 6:48 PM 92800]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-05-15 21:08 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-02-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-31 03:42]

2010-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-31 03:42]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Josh\Application Data\Mozilla\Firefox\Profiles\4zaz1pob.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\documents and settings\Josh\Application Data\Mozilla\Firefox\Profiles\4zaz1pob.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\Josh\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-02-10 14:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-343818398-179605362-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ca,b3,8b,20,6d,69,ea,a1,6d,b8,63,54,40,ad,10,73,14,2a,c4,61,95,55,d1,
45,30,81,ee,48,20,ee,9f,04,7d,0b,e1,d3,af,7f,c6,8a,1b,10,f3,19,56,41,37,01,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d

[HKEY_USERS\S-1-5-21-343818398-179605362-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:2b,04,8f,17,62,f4,1b,34,5c,58,be,82,dc,fe,17,c1,99,3f,a9,de,82,
fb,30,eb,95,fe,01,06,d4,ac,1b,84,22,bb,ab,bd,30,f3,2a,c7,d3,a6,a1,5c,06,a8,\
"rkeysecu"=hex:2a,88,e8,4c,c3,e4,9d,0f,17,5a,2d,d2,b5,09,c3,65
.
Completion time: 2010-02-10 14:11:59
ComboFix-quarantined-files.txt 2010-02-10 19:11
ComboFix2.txt 2010-02-10 15:40

Pre-Run: 74,527,567,872 bytes free
Post-Run: 74,519,666,688 bytes free

- - End Of File - - 6DE46641E6F61A5314A306FC8DA16800

TrIggA
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2010-02-10
Gender : Male
OS : Windows XP Professional, SP3
Points : 25291
# Likes : 0

View user profile

Back to top Go down

Re: Mega Virus

Post by TrIggA on Mon Mar 01, 2010 4:43 pm

Well, no one seems to have answered my post, and I've been getting horrible FPS in games ever since this little shenanigan happened. It's not my graphics card, or ram, I have 4 GB of RAM and GeForce 250 GTS. Anyway, I did the log file like you said to, with the CFG you said to use. I just ran it again today, to see if I have any more problems.

Here it is:

ComboFix 10-03-01.01 - Josh 03/01/2010 16:24:34.3.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2417 [GMT -5:00]
Running from: c:\documents and settings\Josh\Desktop\commy.exe
Command switches used :: c:\documents and settings\Josh\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Dealio Toolbar
c:\program files\Dealio Toolbar\FF\chrome.manifest
c:\program files\Dealio Toolbar\FF\chrome\content\chevron.js
c:\program files\Dealio Toolbar\FF\chrome\content\chevron.xul
c:\program files\Dealio Toolbar\FF\chrome\content\login.js
c:\program files\Dealio Toolbar\FF\chrome\content\login.xul
c:\program files\Dealio Toolbar\FF\chrome\content\parser.js
c:\program files\Dealio Toolbar\FF\chrome\content\RssTickerWidget.js
c:\program files\Dealio Toolbar\FF\chrome\content\searchbox.js
c:\program files\Dealio Toolbar\FF\chrome\content\searchbox.xul
c:\program files\Dealio Toolbar\FF\chrome\content\widgichevron.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgicomm.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgihandling.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgilisteners.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.xul
c:\program files\Dealio Toolbar\FF\chrome\content\widgiui.js
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\searchbox.dtd
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.dtd
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\yahoo-search.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\amazon.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\apple.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\barnes.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\bestbuy.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\chevron.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\dealio_logo.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\ebay.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\icon_settings.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\macys.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\newegg.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\overstock.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-button-hover.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-button.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-chevron-hover.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-chevron.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_amazon.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_dealio.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_ebay.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_yahoo.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\searchbox.css
c:\program files\Dealio Toolbar\FF\chrome\skin\separator.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\target.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\walmart.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\widgitoolbarplugin.css
c:\program files\Dealio Toolbar\FF\components\config.ini
c:\program files\Dealio Toolbar\FF\components\dealioToolbarFF.dll
c:\program files\Dealio Toolbar\FF\components\IFBHOHelperWidgiToolbar.xpt
c:\program files\Dealio Toolbar\FF\components\IFBHOWidgiToolbar.xpt
c:\program files\Dealio Toolbar\FF\install.rdf
c:\program files\Dealio Toolbar\IE\4.0.2\config.ini
c:\program files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
c:\program files\Dealio Toolbar\Res\amazon.gif
c:\program files\Dealio Toolbar\Res\apple.gif
c:\program files\Dealio Toolbar\Res\barnes.gif
c:\program files\Dealio Toolbar\Res\bestbuy.gif
c:\program files\Dealio Toolbar\Res\dealio_logo.gif
c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\Res\ebay.gif
c:\program files\Dealio Toolbar\Res\icon_settings.gif
c:\program files\Dealio Toolbar\Res\macys.gif
c:\program files\Dealio Toolbar\Res\newegg.gif
c:\program files\Dealio Toolbar\Res\overstock.gif
c:\program files\Dealio Toolbar\Res\search-button-hover.gif
c:\program files\Dealio Toolbar\Res\search-button.gif
c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif
c:\program files\Dealio Toolbar\Res\search-chevron.gif
c:\program files\Dealio Toolbar\Res\search_amazon.gif
c:\program files\Dealio Toolbar\Res\search_dealio.gif
c:\program files\Dealio Toolbar\Res\search_ebay.gif
c:\program files\Dealio Toolbar\Res\search_yahoo.gif
c:\program files\Dealio Toolbar\Res\target.gif
c:\program files\Dealio Toolbar\Res\walmart.gif
c:\program files\Dealio Toolbar\Res\widgets.xml
c:\program files\Dealio Toolbar\WidgiHelper.exe
c:\program files\Search Settings
c:\program files\Search Settings\FF\chrome.manifest
c:\program files\Search Settings\FF\chrome\content\plugin.js
c:\program files\Search Settings\FF\chrome\content\plugin.xul
c:\program files\Search Settings\FF\chrome\content\protection.js
c:\program files\Search Settings\FF\chrome\content\utils.js
c:\program files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.dtd
c:\program files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.properties
c:\program files\Search Settings\FF\components\IFBHOSearch.xpt
c:\program files\Search Settings\FF\components\IFBHOSearchHelperEngine.xpt
c:\program files\Search Settings\FF\components\IFHelperPreferences.xpt
c:\program files\Search Settings\FF\components\SearchSettingsFF.dll
c:\program files\Search Settings\FF\install.rdf
c:\program files\Search Settings\SearchSettings.dll
c:\program files\Search Settings\SearchSettings.exe
c:\program files\Search Settings\SearchSettingsRes409.dll

.
((((((((((((((((((((((((( Files Created from 2010-02-01 to 2010-03-01 )))))))))))))))))))))))))))))))
.

2010-03-01 20:11 . 2010-03-01 20:11 -------- d-----w- c:\program files\Steam
2010-02-24 22:49 . 2010-02-24 22:51 -------- d-----w- c:\documents and settings\Marge\Application Data\Apple Computer
2010-02-22 10:33 . 2010-02-22 10:33 -------- d-----w- c:\documents and settings\Rich\Application Data\Malwarebytes
2010-02-22 03:14 . 2010-02-22 03:14 -------- d-----w- c:\documents and settings\Rich\Application Data\acccore
2010-02-22 03:14 . 2010-02-22 03:14 -------- d-----w- c:\documents and settings\Rich\Local Settings\Application Data\AIM
2010-02-22 03:14 . 2010-02-22 03:14 -------- d-----w- c:\documents and settings\Rich\Local Settings\Application Data\AOL
2010-02-19 16:22 . 2010-02-19 16:22 -------- d-----w- c:\documents and settings\Nicole.PRATT\Application Data\Search Settings
2010-02-19 16:21 . 2010-02-19 16:21 -------- d-----w- c:\documents and settings\Nicole.PRATT\Application Data\Dealio
2010-02-19 12:03 . 2010-02-19 12:03 -------- d-----w- c:\program files\iPod
2010-02-19 12:03 . 2010-02-19 12:03 -------- d-----w- c:\program files\iTunes
2010-02-15 22:04 . 2010-02-15 22:04 -------- d-----w- c:\documents and settings\Marge\Application Data\Search Settings
2010-02-15 22:04 . 2010-02-15 22:04 -------- d-----w- c:\documents and settings\Marge\Application Data\Dealio
2010-02-14 16:15 . 2010-02-14 16:15 -------- d-----w- c:\documents and settings\Josh\Application Data\Search Settings
2010-02-14 16:15 . 2010-02-14 16:15 -------- d-----w- c:\documents and settings\Josh\Application Data\Dealio
2010-02-14 15:10 . 2010-02-14 15:10 -------- d-----w- c:\documents and settings\Rich\Application Data\Search Settings
2010-02-14 15:10 . 2010-02-14 15:10 -------- d-----w- c:\documents and settings\Rich\Application Data\Dealio
2010-02-14 15:09 . 2010-02-14 15:09 -------- d-----w- c:\program files\Application Updater
2010-02-14 15:09 . 2006-07-11 23:06 544768 ----a-w- c:\windows\system32\msvcr71d.dll
2010-02-14 15:09 . 2000-10-02 00:00 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2010-02-14 15:09 . 1998-07-13 04:00 59904 ----a-w- c:\windows\system32\Mscc2fr.dll
2010-02-14 15:09 . 1998-07-13 04:00 21504 ----a-w- c:\windows\system32\TABCTFR.DLL
2010-02-14 15:09 . 1998-07-13 04:00 15360 ----a-w- c:\windows\system32\inetfr.DLL
2010-02-14 15:09 . 1998-07-13 04:00 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2010-02-14 15:09 . 2010-02-14 15:09 -------- d-----w- c:\documents and settings\Rich\Application Data\FreeIPODConverter
2010-02-14 15:09 . 1998-07-13 05:00 20992 ----a-w- c:\windows\system32\CMCT2FR.DLL
2010-02-14 15:09 . 1998-07-13 00:00 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2010-02-14 15:08 . 2010-02-14 15:09 -------- d-----w- C:\Video to ipod converter
2010-02-13 14:19 . 2010-02-13 15:41 -------- d-----w- c:\documents and settings\Rich\Application Data\AVS4YOU
2010-02-13 14:19 . 2010-02-13 14:19 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2010-02-13 14:18 . 2010-02-14 14:35 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-02-13 14:18 . 2010-02-14 14:35 -------- d-----w- c:\program files\AVS4YOU
2010-02-13 14:18 . 2008-08-13 15:22 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-02-11 03:16 . 2010-02-11 03:16 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-02-10 18:57 . 2010-02-10 19:12 -------- d-----w- C:\commy26360c
2010-02-10 16:14 . 2010-02-10 16:14 -------- d-----w- c:\documents and settings\Josh\Application Data\Malwarebytes
2010-02-10 16:14 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-10 16:14 . 2010-02-10 16:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-10 16:14 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-10 15:27 . 2010-02-10 15:40 -------- d-----w- C:\commy3882c
2010-02-10 15:23 . 2010-02-10 15:25 -------- d-----w- C:\commy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-01 02:33 . 2009-07-25 22:36 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-28 22:41 . 2009-03-26 22:35 138784 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-28 22:41 . 2009-03-26 22:35 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-25 22:16 . 2002-01-01 04:18 -------- d-----w- c:\program files\NVIDIA Corporation
2010-02-25 22:15 . 2009-03-27 00:35 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-25 22:14 . 2009-03-27 00:35 -------- d-----w- c:\program files\AGEIA Technologies
2010-02-22 19:46 . 2009-03-26 23:07 -------- d-----w- c:\documents and settings\Josh\Application Data\Xfire
2010-02-22 19:45 . 2009-05-30 03:36 -------- d-----w- c:\documents and settings\Josh\Application Data\Hamachi
2010-02-19 12:03 . 2009-11-26 01:12 -------- d-----w- c:\program files\Common Files\Apple
2010-02-19 11:59 . 2010-02-19 11:59 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-12 20:03 . 2010-01-24 15:59 -------- d-----w- c:\documents and settings\Rich\Application Data\Apple Computer
2010-02-10 08:07 . 2009-08-25 17:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-03 22:12 . 2009-12-29 22:34 -------- d-----w- c:\program files\Bonjour
2010-01-31 05:00 . 2009-04-27 18:58 -------- d-----w- c:\documents and settings\Josh\Application Data\TeamViewer
2010-01-31 04:59 . 2009-04-27 18:58 -------- d-----w- c:\program files\TeamViewer
2010-01-28 16:54 . 2009-10-31 03:42 -------- d-----w- c:\program files\Google
2010-01-22 17:40 . 2010-01-22 17:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-01-22 08:19 . 2009-09-28 22:11 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-17 16:37 . 2009-03-30 01:28 171520 ----a-w- c:\documents and settings\Marge\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-16 21:35 . 2009-04-20 18:28 171520 ----a-w- c:\documents and settings\Nicole.PRATT\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-16 20:00 . 2009-12-29 22:35 -------- d-----w- c:\documents and settings\Josh\Application Data\Apple Computer
2010-01-16 19:57 . 2009-11-26 01:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-01-16 19:55 . 2009-03-26 21:30 171520 ----a-w- c:\documents and settings\Josh\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-16 19:24 . 2009-03-26 22:40 171520 ----a-w- c:\documents and settings\Rich\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-16 19:20 . 2010-01-16 19:20 -------- d-----w- c:\program files\CreataCard
2010-01-13 02:14 . 2010-01-13 02:14 90284 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-12 03:17 . 2010-01-12 03:17 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-01-12 03:17 . 2010-01-12 03:17 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-01-12 03:17 . 2010-01-12 03:17 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-01-12 03:17 . 2010-01-12 03:17 13666408 ----a-w- c:\windows\system32\nvcpl.dll
2010-01-12 03:17 . 2010-01-12 03:17 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-01-12 03:17 . 2010-01-12 03:17 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-01-11 22:28 . 2009-04-06 21:49 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-01-08 00:12 . 2010-01-08 00:12 -------- d-----w- c:\program files\Paint.NET
2010-01-03 02:08 . 2009-12-24 15:15 -------- d-----w- c:\documents and settings\Josh\Application Data\TS3Client
2009-12-31 16:50 . 2003-03-31 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-22 05:21 . 2003-03-31 12:00 667136 ------w- c:\windows\system32\wininet.dll
2009-12-22 05:20 . 2004-08-04 07:56 81920 ------w- c:\windows\system32\ieencode.dll
2009-12-16 18:43 . 2009-03-26 21:55 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2003-03-31 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:26 . 2003-03-31 12:00 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2002-08-29 01:04 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2003-03-31 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-25 22:18 . 2010-02-25 22:18 16384 c:\windows\Temp\Perflib_Perfdata_36c.dat
+ 2009-03-26 21:42 . 2010-01-23 08:11 46080 c:\windows\system32\tzchange.exe
- 2009-03-26 21:42 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange.exe
+ 2010-02-25 22:13 . 2009-10-28 04:41 69632 c:\windows\system32\ReinstallBackups\0021\DriverFiles\OpenCL.dll
+ 2009-11-03 13:45 . 2010-01-12 04:03 61440 c:\windows\system32\OpenCL.dll
+ 2009-03-26 22:26 . 2010-02-14 23:09 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
- 2009-03-26 22:26 . 2010-01-16 05:46 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2010-02-25 00:52 . 2010-02-25 00:52 22528 c:\windows\Installer\a4a53d7.msi
+ 2010-02-14 15:09 . 2010-02-14 15:09 10134 c:\windows\Installer\{C878CD69-85DB-426B-81A3-E71175AAEB91}\ARPPRODUCTICON.exe
+ 2010-02-14 15:09 . 2010-02-14 15:09 10134 c:\windows\Installer\{5F05C28D-DEA9-4AD6-A73A-064175988EAB}\ARPPRODUCTICON.exe
+ 2008-03-04 08:17 . 2008-03-04 08:17 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30304.0_x-ww_003f2b36\msvcr90.dll
+ 2008-03-04 08:17 . 2008-03-04 08:17 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30304.0_x-ww_003f2b36\msvcp90.dll
+ 2008-03-04 02:52 . 2008-03-04 02:52 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30304.0_x-ww_003f2b36\msvcm90.dll
+ 1998-06-18 04:00 . 1999-03-26 00:00 101888 c:\windows\system32\VB6STKIT.DLL
+ 2010-02-25 22:13 . 2009-10-28 04:41 588392 c:\windows\system32\ReinstallBackups\0021\DriverFiles\nvudisp.exe
+ 2010-02-25 22:13 . 2009-10-28 04:41 170600 c:\windows\system32\ReinstallBackups\0021\DriverFiles\nvcod.dll
+ 2009-03-26 22:12 . 2009-11-20 02:42 592488 c:\windows\system32\NVUNINST.EXE
+ 2009-03-26 22:13 . 2010-01-12 04:03 592488 c:\windows\system32\nvudisp.exe
+ 2007-06-28 16:43 . 2010-01-12 04:03 182888 c:\windows\system32\nvcodins.dll
+ 2007-06-28 16:43 . 2010-01-12 04:03 182888 c:\windows\system32\nvcod.dll
+ 2010-01-27 01:07 . 2010-01-27 01:07 256280 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2010-02-14 15:09 . 2010-02-14 15:09 734720 c:\windows\Installer\8ba71e6.msi
+ 2010-02-19 12:04 . 2010-02-19 12:04 102400 c:\windows\Installer\{81063354-9060-42B2-A000-1EBE96778AA9}\iTunesIco.exe
+ 2010-02-25 22:13 . 2009-10-28 04:41 2293286 c:\windows\system32\ReinstallBackups\0021\DriverFiles\nvdata.bin
+ 2010-02-25 22:13 . 2009-10-28 04:41 2259560 c:\windows\system32\ReinstallBackups\0021\DriverFiles\nvcuvid.dll
+ 2010-02-25 22:13 . 2009-10-28 04:41 1989224 c:\windows\system32\ReinstallBackups\0021\DriverFiles\nvcuvenc.dll
+ 2010-02-25 22:13 . 2009-10-28 04:41 4034560 c:\windows\system32\ReinstallBackups\0021\DriverFiles\nvcuda.dll
+ 2010-02-25 22:13 . 2009-10-28 04:41 1052672 c:\windows\system32\ReinstallBackups\0021\DriverFiles\nvapi.dll
+ 2010-02-25 22:13 . 2009-10-28 04:41 6277760 c:\windows\system32\ReinstallBackups\0021\DriverFiles\nv4_disp.dll
+ 2009-09-27 21:12 . 2010-01-12 04:03 2283526 c:\windows\system32\nvdata.bin
+ 2009-02-18 18:44 . 2010-01-12 04:03 2259560 c:\windows\system32\nvcuvid.dll
- 2009-02-18 18:44 . 2009-10-28 04:41 2259560 c:\windows\system32\nvcuvid.dll
+ 2009-09-27 21:12 . 2010-01-12 04:03 4077672 c:\windows\system32\nvcuvenc.dll
+ 2009-02-18 18:44 . 2010-01-12 04:03 4104192 c:\windows\system32\nvcuda.dll
+ 2007-06-28 16:43 . 2010-01-12 04:03 1081344 c:\windows\system32\nvapi.dll
+ 2004-08-04 07:56 . 2010-01-12 04:03 6359168 c:\windows\system32\nv4_disp.dll
+ 2010-01-27 01:07 . 2010-01-27 01:07 3884312 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2010-02-25 22:14 . 2010-02-25 22:14 1490432 c:\windows\Installer\edf7876.msi
+ 2010-02-14 15:09 . 2010-02-14 15:09 1715200 c:\windows\Installer\8ba71ed.msi
+ 2010-02-19 12:04 . 2010-02-19 12:04 4449280 c:\windows\Installer\6efd71b.msi
+ 2010-02-25 22:13 . 2009-10-28 04:41 13602816 c:\windows\system32\ReinstallBackups\0021\DriverFiles\nvoglnt.dll
+ 2010-02-25 22:13 . 2009-10-28 04:41 19384640 c:\windows\system32\ReinstallBackups\0021\DriverFiles\NvCplSetupEng.exe
+ 2010-02-25 22:13 . 2009-10-28 04:41 11374592 c:\windows\system32\ReinstallBackups\0021\DriverFiles\nvcompiler.dll
+ 2010-02-25 22:13 . 2009-10-28 04:41 10226208 c:\windows\system32\ReinstallBackups\0021\DriverFiles\nv4_mini.sys
+ 2007-06-28 16:43 . 2010-01-12 04:03 14458880 c:\windows\system32\nvoglnt.dll
+ 2009-11-03 13:45 . 2010-01-12 04:03 11632640 c:\windows\system32\nvcompiler.dll
+ 2004-08-04 05:29 . 2010-01-12 04:03 10276768 c:\windows\system32\drivers\nv4_mini.sys
+ 2004-08-04 05:29 . 2010-01-12 04:03 10276768 c:\windows\system32\dllcache\nv4_mini.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\documents and settings\josh\my documents\steam\steam.exe" [2010-02-20 1217872]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-05-15 484904]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-09-03 3342336]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-12 2043160]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 16126464]
"SkyTel"="SkyTel.EXE" [2007-04-06 1822720]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-21 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-05-08 1953792]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-06 198160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]
"nwiz"="nwiz.exe" [BU]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-12 13666408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-12 110696]

c:\documents and settings\Rich\Start Menu\Programs\Startup\
Event Minder Reminders.lnk - c:\hallmark\EMREMIND.EXE [2009-5-10 6240]

c:\documents and settings\Josh\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Event Planner Reminder 2008.lnk - c:\windows\Installer\{747A6A10-DA58-48C2-A1F0-C15514419C8A}\Shortcut_EventPlan_5D0DF1BBD82E4FB2B98E4FDE42EF7EBB.exe [2009-8-30 1718]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-28 12:03 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Josh^Start Menu^Programs^Startup^hamachi.lnk]
path=c:\documents and settings\Josh\Start Menu\Programs\Startup\hamachi.lnk
backup=c:\windows\pss\hamachi.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Josh^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\documents and settings\Josh\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqwded.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Xfire\\Xfire.exe"=
"c:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqw.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\garrysmod\\hl2.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\synergy\\hl2.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\source sdk base\\hl2.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\half-life deathmatch source\\hl2.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\Steam.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\half-life blue shift\\hl.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\half-life\\hl.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\opposing force\\hl.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\team fortress classic\\hl.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\EA GAMES\\Command & Conquer The First Decade\\Command & Conquer(tm) Generals Zero Hour\\generals.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Bittorrent\\bittorrent.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Sony Vegas\\Actual\\VegSrv80.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\EA GAMES\\Command & Conquer The First Decade\\Command & Conquer(tm) Tiberian Sun(tm)\\SUN\\Game.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.9\\cnc3game.dat"=
"c:\\Program Files\\EA GAMES\\Command & Conquer The First Decade\\Command & Conquer Renegade(tm)\\Renegade\\Game.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\far cry 2\\bin\\FarCry2.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\far cry 2\\bin\\FC2Editor.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\far cry 2\\bin\\FC2BenchmarkTool.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\far cry 2\\bin\\FC2ServerLauncher.exe"=
"c:\\Program Files\\id Software\\Return to Castle Wolfenstein222\\WolfMP.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Wolfenstein\\MP\\Wolf2MP.exe"=
"c:\\Program Files\\Activision\\Wolfenstein\\MP\\Wolf2MPLite.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\left 4 dead 2 demo\\left4dead2.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\srcds\\orangebox\\srcds.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\killingfloor\\System\\KillingFloor.exe"=
"c:\\srcds\\CSS\\srcds.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\synergy dedicated server\\srcds.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\left 4 dead 2\\bin\\SDKLauncher.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\left 4 dead\\bin\\SDKLauncher.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/26/2009 5:05 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/26/2009 5:05 PM 108552]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [12/16/2009 5:38 PM 375296]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [3/26/2009 5:05 PM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/26/2009 5:05 PM 297752]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [3/26/2009 5:04 PM 38656]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/30/2009 10:42 PM 133104]
S3 cpuz130;cpuz130;\??\c:\docume~1\Josh\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Josh\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 qcserxp;HTC Diagnostic Port (PID 0B03);c:\windows\system32\drivers\qcserxp.sys [9/16/2009 6:48 PM 92800]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-05-15 21:08 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-02-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-31 03:42]

2010-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-31 03:42]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Josh\Application Data\Mozilla\Firefox\Profiles\4zaz1pob.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\documents and settings\Josh\Application Data\Mozilla\Firefox\Profiles\4zaz1pob.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\Josh\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - c:\program files\Search Settings\SearchSettings.dll
BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
BHO-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - c:\program files\Search Settings\SearchSettings.dll
Toolbar-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-03-01 16:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-343818398-179605362-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ca,b3,8b,20,6d,69,ea,a1,6d,b8,63,54,40,ad,10,73,14,2a,c4,61,95,55,d1,
45,30,81,ee,48,20,ee,9f,04,7d,0b,e1,d3,af,7f,c6,8a,1b,10,f3,19,56,41,37,01,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d

[HKEY_USERS\S-1-5-21-343818398-179605362-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:2b,04,8f,17,62,f4,1b,34,5c,58,be,82,dc,fe,17,c1,99,3f,a9,de,82,
fb,30,eb,95,fe,01,06,d4,ac,1b,84,22,bb,ab,bd,30,f3,2a,c7,d3,a6,a1,5c,06,a8,\
"rkeysecu"=hex:2a,88,e8,4c,c3,e4,9d,0f,17,5a,2d,d2,b5,09,c3,65
.
Completion time: 2010-03-01 16:39:48
ComboFix-quarantined-files.txt 2010-03-01 21:39
ComboFix2.txt 2010-02-10 19:11
ComboFix3.txt 2010-02-10 15:40

Pre-Run: 65,862,983,680 bytes free
Post-Run: 66,701,246,464 bytes free

- - End Of File - - 4AB4C01935185A15838927C9E4DD5201

TrIggA
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2010-02-10
Gender : Male
OS : Windows XP Professional, SP3
Points : 25291
# Likes : 0

View user profile

Back to top Go down

Re: Mega Virus

Post by Belahzur on Mon Mar 01, 2010 6:55 pm

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTM.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :files
    c:\documents and settings\Marge\Application Data\Search Settings
    c:\documents and settings\Marge\Application Data\Dealio
    c:\documents and settings\Josh\Application Data\Search Settings
    c:\documents and settings\Josh\Application Data\Dealio
    c:\documents and settings\Rich\Application Data\Search Settings
    c:\documents and settings\Rich\Application Data\Dealio


  • Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Mega Virus

Post by TrIggA on Mon Mar 01, 2010 7:12 pm

Thanks.


========== FILES ==========
c:\documents and settings\Marge\Application Data\Search Settings\kb130\temp folder moved successfully.
c:\documents and settings\Marge\Application Data\Search Settings\kb130 folder moved successfully.
c:\documents and settings\Marge\Application Data\Search Settings folder moved successfully.
c:\documents and settings\Marge\Application Data\Dealio\temp folder moved successfully.
c:\documents and settings\Marge\Application Data\Dealio\res folder moved successfully.
c:\documents and settings\Marge\Application Data\Dealio folder moved successfully.
c:\documents and settings\Josh\Application Data\Search Settings\kb130\temp folder moved successfully.
c:\documents and settings\Josh\Application Data\Search Settings\kb130 folder moved successfully.
c:\documents and settings\Josh\Application Data\Search Settings folder moved successfully.
c:\documents and settings\Josh\Application Data\Dealio\temp folder moved successfully.
c:\documents and settings\Josh\Application Data\Dealio\res folder moved successfully.
c:\documents and settings\Josh\Application Data\Dealio folder moved successfully.
c:\documents and settings\Rich\Application Data\Search Settings\kb130\temp folder moved successfully.
c:\documents and settings\Rich\Application Data\Search Settings\kb130 folder moved successfully.
c:\documents and settings\Rich\Application Data\Search Settings folder moved successfully.
c:\documents and settings\Rich\Application Data\Dealio\temp folder moved successfully.
c:\documents and settings\Rich\Application Data\Dealio\res folder moved successfully.
c:\documents and settings\Rich\Application Data\Dealio folder moved successfully.

OTM by OldTimer - Version 3.1.10.0 log created on 03012010_191154

TrIggA
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2010-02-10
Gender : Male
OS : Windows XP Professional, SP3
Points : 25291
# Likes : 0

View user profile

Back to top Go down

Re: Mega Virus

Post by Belahzur on Tue Mar 02, 2010 8:37 am

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Mega Virus

Post by TrIggA on Wed Mar 03, 2010 3:28 pm

It said no threats detected.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=8bb626952adf91459757dcd365a220ce
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-03-02 09:12:30
# local_time=2010-03-02 04:12:30 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1028 16777173 100 97 0 29370916 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=136168
# found=0
# cleaned=0
# scan_time=1930
# version=7
# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=8bb626952adf91459757dcd365a220ce
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-03-03 02:03:40
# local_time=2010-03-03 09:03:40 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1028 16777173 100 97 0 29427897 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=350499
# found=0
# cleaned=0
# scan_time=5619

TrIggA
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2010-02-10
Gender : Male
OS : Windows XP Professional, SP3
Points : 25291
# Likes : 0

View user profile

Back to top Go down

Re: Mega Virus

Post by Belahzur on Wed Mar 03, 2010 7:34 pm

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Mega Virus

Post by TrIggA on Wed Mar 03, 2010 7:56 pm

Well, the machine is fine, internet speed is fine, no signs of any viruses, but ever since I got the virus, games have been really bad. I could run Call of Duty 6: MW2 on full settings with perfect FPS, now I can't even run Team Fortress 2 on full settings without getting an FPS as low as 9 at some parts of the maps. This shouldn't happen, I have GeForce 250 GTS, so it should work fine. But thanks a bunch, if you have anymore suggestions, please tell me!

TrIggA
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2010-02-10
Gender : Male
OS : Windows XP Professional, SP3
Points : 25291
# Likes : 0

View user profile

Back to top Go down

Re: Mega Virus

Post by Belahzur on Wed Mar 03, 2010 8:06 pm

Hello.

Please remember malware is capable of damaging an OS so that things don't work properly, we can always try and fix it, but not all attempts succeed.

Lets do some housekeeping.

Please download [You must be registered and logged in to see this link.] to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
[You must be registered and logged in to see this link.]

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found [You must be registered and logged in to see this link.].

Hopefully this should take care of your problems! Good luck. Big Grin


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum