who the heck knows what kind of virus...

View previous topic View next topic Go down

who the heck knows what kind of virus...

Post by Mandi on Thu Jun 24, 2010 1:46 am

I have absoƖute no idea what kind of virus has wormed its way onto my computer....but I can tell there is something definitely wrong.

I've run a ComboFix...and below is the text from the log. Can anyone help???????

ComboFix 09-10-19.04 - Administrator 06/23/2010 20:26.4.1 - NTFSx86 MINIMAL
Running from: F:\ComboFix.exe
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((( Files Created from 2010-05-24 to 2010-06-24 )))))))))))))))))))))))))))))))
.

2010-06-24 01:22 . 2010-06-24 01:22 45488 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-23 01:22 . 2010-06-23 01:22 50176 ----a-w- c:\windows\system32\ernel32.dll
2010-06-23 01:21 . 2010-06-23 01:21 0 ----a-w- c:\windows\Pgogi.bin
2010-06-23 01:21 . 2010-06-23 01:21 120 ----a-w- c:\windows\Shaqaxu.dat
2010-06-23 01:21 . 2010-06-23 01:21 -------- d-----w- c:\documents and settings\Mandi Mooney\Local Settings\Application Data\{DF4F9B8C-BAB5-4CCB-BF10-CD7EAF5F858F}
2010-06-23 01:17 . 2010-06-23 01:17 116 ----a-w- c:\windows\system32\fjhdyfhsn.bat
2010-06-23 01:17 . 2010-06-23 01:17 47104 ----a-w- c:\windows\system32\DSndclip.dll.vir

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-23 01:22 . 2010-06-23 01:22 50176 ----a-w- c:\documents and settings\Mandi Mooney\Application Data\9c6d8b14.exe
2010-06-23 01:16 . 2010-06-23 01:16 16 ----a-w- c:\documents and settings\NetworkService\Application Data\qcopjv.dat
2010-06-23 01:15 . 2010-06-23 01:15 4 ----a-w- c:\documents and settings\Mandi Mooney\Application Data\avdrn.dat
2005-10-31 02:09 . 2005-10-31 02:06 20921040 ----a-w- c:\program files\AdbeRdr705_enu_full.exe
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-23 01:22 . 2010-06-23 01:22 50176 c:\windows\system32\spool\prtprocs\w32x86\Q5w55.dll
+ 2007-05-30 22:26 . 2010-05-26 00:37 84507 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2010-06-23 01:17 . 2010-06-23 01:17 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2010-06-23 01:17 . 2010-06-23 01:17 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2001-08-18 02:36 . 2007-03-08 15:36 65024 c:\windows\msninte2.dll
+ 2009-10-27 22:10 . 2009-10-25 11:11 77312 c:\windows\MBR.exe
+ 2009-12-30 23:09 . 2009-12-30 23:09 49664 c:\windows\Installer\f0ef065.msi
+ 2001-08-18 02:36 . 2007-03-08 15:36 181248 c:\windows\upesabejuko.dll
+ 2010-01-27 00:58 . 2010-01-27 00:58 256280 c:\windows\system32\Macromed\Flash\FlashUtil10e.exe
+ 2001-09-17 02:04 . 2010-06-23 01:17 2654208 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2001-09-17 02:04 . 2009-10-20 23:07 2654208 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-12-30 23:09 . 2009-12-30 23:09 15709696 c:\windows\Installer\f0ef06b.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-07-28 4841472]
"WCOLOREAL"="c:\program files\COMPAQ\Coloreal\coloreal.exe" [2002-01-22 131072]
"CPQEASYACC"="c:\program files\Compaq\Easy Access Button Support\StartEAK.exe" [2001-12-14 32768]
"srmclean"="c:\cpqs\Scom\srmclean.exe" [2001-07-24 36864]
"Smapp"="c:\program files\Analog Devices\SoundMAX\Smtray.exe" [2001-10-12 69632]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-09-28 26112]
"Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2000-07-13 311350]
"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [2000-07-13 28739]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-02-10 1420560]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-10 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-01-15 267048]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-08-03 1295632]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-10-17 111952]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2007-10-25 136512]
"Xjatubi"="c:\windows\upesabejuko.dll" [2007-03-08 181248]
"CARPService"="carpserv.exe" - c:\windows\system32\carpserv.exe [2002-07-08 4608]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2003-07-28 323584]

c:\documents and settings\Mandi Mooney\Start Menu\Programs\Startup\
Adobe Media Player.lnk - c:\program files\Adobe Media Player\Adobe Media Player.exe [2008-9-24 260096]
siszpe32.exe [2004-8-4 26112]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2008-4-15 303104]
Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-7-13 24633]
office.exe [2009-10-16 102678]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-09-18 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-09-18 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-09-18 297752]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 C4C_BSC2;C4C_BSC2;c:\windows\system32\DRIVERS\C4C_BSC2.sys [2002-07-08 84788]
R4 WinDefend;Windows Defender Service;c:\program files\Windows Defender\MsMpEng.exe [2006-02-10 45840]

.
Contents of the 'Scheduled Tasks' folder

2010-06-23 c:\windows\Tasks\9c6d8b14.job
- c:\documents and settings\Mandi Mooney\Application Data\9c6d8b14.exe [2010-06-23 01:22]

2010-06-23 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-02-10 21:27]

2005-10-03 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\System32\OOBE\oobebaln.exe [2001-08-18 07:56]

2005-09-28 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\System32\OOBE\oobebaln.exe [2001-08-18 07:56]

2005-10-13 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\System32\OOBE\oobebaln.exe [2001-08-18 07:56]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
TCP: {17CF90DC-202E-4A96-B8AB-5F246F2E4F6E} = 93.188.162.54,93.188.161.184
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -

HKCU-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil9f.exe
HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil9f.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-06-23 20:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-06-24 20:31
ComboFix-quarantined-files.txt 2010-06-24 01:31
ComboFix2.txt 2009-10-27 22:48
ComboFix3.txt 2009-10-25 21:18
ComboFix4.txt 2009-10-21 00:13

Pre-Run: 59,957,448,704 bytes free
Post-Run: 60,021,280,768 bytes free

- - End Of File - - F6A63C7760598A5BB52226F8C899FE3A

Mandi
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-08-29
OS OS : XP
Points Points : 26583
# Likes # Likes : 0

View user profile

Back to top Go down

Re: who the heck knows what kind of virus...

Post by Dr Jay on Thu Jun 24, 2010 3:13 am

ComboFix should not be run without the guidance of a helper. It is a powerful tool and is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private or regular use. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

See [You must be registered and logged in to see this link.] to get more info on why it is dangerous.

Please run a free online scan with the [You must be registered and logged in to see this link.]
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302069
# Likes # Likes : 10

View user profile

Back to top Go down

Re: who the heck knows what kind of virus...

Post by Mandi on Thu Jun 24, 2010 3:21 am

everytime i try to open that link, it just says the page cannot be displayed.

Mandi
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-08-29
OS OS : XP
Points Points : 26583
# Likes # Likes : 0

View user profile

Back to top Go down

Re: who the heck knows what kind of virus...

Post by Dr Jay on Thu Jun 24, 2010 6:33 pm



Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302069
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum