Got some type of virus..

View previous topic View next topic Go down

Got some type of virus..

Post by fognlx on Sun 11 Jul 2010, 5:26 am

i scanned my computer with mbam and it found some and got rid of them, but when i search on google and click the links i get redirected to a new google search page, and i cant get to mcafee.com or malwarebytes.org, so im pretty sure i still have a virus.
heres my otl log.

Code:
OTL logfile created on: 7/10/2010 2:24:31 PM - Run 2
OTL by OldTimer - Version 3.2.9.0    Folder = C:\Program Files\OTL
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 59.01 Gb Total Space | 30.58 Gb Free Space | 51.82% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 76.69 Gb Total Space | 10.68 Gb Free Space | 13.93% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Drive H: | 872.50 Gb Total Space | 241.29 Gb Free Space | 27.65% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
 
Computer Name: DESKTOP
Current User Name: desktop
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2010/07/10 14:20:26 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Program Files\OTL\OTL.exe
PRC - [2010/07/02 14:22:57 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/07/02 14:22:54 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/02 20:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/04/27 17:16:24 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2009/11/23 21:23:34 | 002,326,920 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2009/10/07 19:28:52 | 000,573,904 | ---- | M] (Orb Networks) -- C:\Program Files\Orb Networks\Orb\bin\OrbLauncher.exe
PRC - [2009/10/07 19:26:06 | 000,182,784 | ---- | M] (Orb Networks, Inc.) -- C:\Program Files\Orb Networks\Orb\bin\Orb.exe
PRC - [2009/09/12 17:31:36 | 000,357,384 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009/09/12 17:31:30 | 000,660,520 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009/09/12 17:30:48 | 005,048,488 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2009/02/05 14:43:26 | 000,068,136 | ---- | M] () -- C:\Program Files\Gigabyte\EasySaver\essvr.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/05/12 00:33:52 | 000,479,232 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - [2010/07/10 14:20:26 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Program Files\OTL\OTL.exe
MOD - [2008/04/14 08:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/04/27 17:16:24 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/04/27 17:16:24 | 000,141,792 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/11/23 21:23:34 | 002,326,920 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2009/09/12 17:31:30 | 000,660,520 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/02/05 14:43:26 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\mfendisk.sys -- (mfendiskmp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\mfendisk.sys -- (mfendisk)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\desktop\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/07/09 18:48:11 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2010/04/27 17:16:24 | 000,385,880 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/04/27 17:16:24 | 000,055,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/03/17 16:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 16:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/12/30 12:20:54 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/12/22 01:53:22 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009/11/23 21:23:35 | 000,159,168 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)
DRV - [2009/11/23 21:23:32 | 000,902,432 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm251.sys -- (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251)
DRV - [2009/11/23 21:23:32 | 000,570,016 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009/11/23 21:23:26 | 000,157,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2009/07/15 00:20:10 | 004,407,808 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/07/10 13:01:06 | 000,025,856 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motoandroid.sys -- (androidusb)
DRV - [2009/06/02 09:26:28 | 000,099,856 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009/05/08 11:56:12 | 000,042,752 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motodrv.sys -- (MotDev)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/01/20 06:53:06 | 005,027,840 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/12/25 05:32:32 | 003,721,664 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtKHDMI.sys -- (RTHDMIAzAudService)
DRV - [2008/10/30 09:14:20 | 000,117,888 | R--- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/04/14 08:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/04/16 17:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://webmail.verizon.net/signin/
IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll (DeviceVM Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.19
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:7
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
 
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/04/10 15:14:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/06 11:33:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/10 14:18:31 | 000,000,000 | ---D | M]
 
[2009/11/19 02:26:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\desktop\Application Data\Mozilla\Extensions
[2010/07/10 14:09:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\desktop\Application Data\Mozilla\Firefox\Profiles\teufqk9d.default\extensions
[2009/12/22 14:16:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\desktop\Application Data\Mozilla\Firefox\Profiles\teufqk9d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/13 13:31:19 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Documents and Settings\desktop\Application Data\Mozilla\Firefox\Profiles\teufqk9d.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010/03/30 21:14:52 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Documents and Settings\desktop\Application Data\Mozilla\Firefox\Profiles\teufqk9d.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2010/07/01 23:45:44 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\desktop\Application Data\Mozilla\Firefox\Profiles\teufqk9d.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/07/10 14:18:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/10 14:18:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/02/21 06:22:32 | 000,712,704 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2010/07/10 14:18:23 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
 
O1 HOSTS File: ([2009/12/22 01:30:25 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - F:\Program Files\BitComet\tools\BitCometBHO_1.4.1.27.dll (BitComet)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Orb] C:\Program Files\Orb Networks\Orb\bin\OrbLauncher.exe (Orb Networks)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &D&ownload &with BitComet - F:\Program Files\BitComet\BitComet.exe ([You must be registered and logged in to see this link.]
O8 - Extra context menu item: &D&ownload all video with BitComet - F:\Program Files\BitComet\BitComet.exe ([You must be registered and logged in to see this link.]
O8 - Extra context menu item: &D&ownload all with BitComet - F:\Program Files\BitComet\BitComet.exe ([You must be registered and logged in to see this link.]
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - F:\Program Files\BitComet\tools\BitCometBHO_1.4.1.27.dll (BitComet)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon%20High%20Speed%20Internet%20Installer.cab (Support.com Configuration Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\desktop\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\desktop\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/19 01:40:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{eb99618c-d54a-11de-9b87-00241dd6d8f6}\Shell\AutoRun\command - "" = G:\1thes92p.exe -- File not found
O33 - MountPoints2\{eb99618c-d54a-11de-9b87-00241dd6d8f6}\Shell\open\Command - "" = G:\1thes92p.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

fognlx

Newbie Surfer
Newbie Surfer

Posts : 22
Joined : 2009-11-28
Operating System : XP

View user profile

Back to top Go down

Re: Got some type of virus..

Post by fognlx on Sun 11 Jul 2010, 5:27 am

here's the rest...

Code:

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010/07/10 14:18:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/07/10 14:18:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/07/10 14:18:37 | 000,000,000 | ---D | C] -- C:\Program Files\Sun
[2010/07/10 14:18:31 | 000,423,656 | ---- | C] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll
[2010/07/10 14:18:31 | 000,153,376 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaws.exe
[2010/07/10 14:18:31 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaw.exe
[2010/07/10 14:18:31 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\java.exe
[2010/07/10 14:18:31 | 000,073,728 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl
[2010/07/06 17:56:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\$regcmp$
[2010/07/06 17:54:38 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\desktop\Recent
[2010/07/06 00:48:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/07/04 20:46:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\desktop\Local Settings\Application Data\Ahead
[2010/07/04 20:25:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\desktop\Application Data\Ahead
[2010/07/04 18:56:59 | 000,016,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010/07/04 18:56:37 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2010/07/04 18:55:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2010/07/01 23:45:47 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/06/29 23:58:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/06/27 18:40:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/06/24 19:23:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\desktop\My Documents\The KMPlayer
[2010/06/24 19:22:25 | 000,000,000 | ---D | C] -- C:\Program Files\The KMPlayer
[2010/06/19 18:35:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\parks
[2010/06/16 00:03:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\call the cops - self-titled 2010
[2010/06/15 15:18:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\desktop\Desktop\Ubuntu Netbook
[2010/06/15 00:00:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\desktop\Desktop\Sage Francis - Li(f)e (2010)
[2010/06/13 14:59:21 | 000,014,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll
[2010/06/13 14:56:37 | 001,112,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfcoinstaller01007.dll
[2010/06/13 14:56:37 | 000,025,856 | ---- | C] (Motorola) -- C:\WINDOWS\System32\drivers\motoandroid.sys
[2010/06/13 14:56:35 | 000,042,752 | ---- | C] (Motorola Inc) -- C:\WINDOWS\System32\drivers\motodrv.sys
[2010/06/13 14:56:35 | 000,015,616 | ---- | C] (Motorola) -- C:\WINDOWS\System32\mot_ci.dll
[2010/06/13 14:56:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motorola Shared
[2010/06/13 14:51:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\desktop\.android
[2010/06/13 13:35:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\desktop\Local Settings\Application Data\WMTools Downloaded Files
[2010/06/13 13:33:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\desktop\Application Data\PriceGong
[2010/06/13 13:31:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\desktop\Local Settings\Application Data\Conduit
[2010/06/13 13:31:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\desktop\Local Settings\Application Data\DVDVideoSoftTB
[2010/06/13 13:31:21 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/06/13 13:31:20 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoftTB
[2010/06/13 13:23:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\desktop\Desktop\phone movies
[2010/06/13 13:22:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\desktop\My Documents\DVDVideoSoft
[2010/06/13 13:22:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010/07/10 14:24:27 | 007,602,176 | ---- | M] () -- C:\Documents and Settings\desktop\ntuser.dat
[2010/07/10 14:18:23 | 000,423,656 | ---- | M] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll
[2010/07/10 14:18:23 | 000,153,376 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaws.exe
[2010/07/10 14:18:23 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaw.exe
[2010/07/10 14:18:23 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\java.exe
[2010/07/10 14:18:23 | 000,073,728 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl
[2010/07/10 13:59:25 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\Orb Index when idle.job
[2010/07/09 18:52:32 | 000,570,544 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/09 18:52:32 | 000,475,270 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/09 18:52:32 | 000,084,894 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/09 18:48:17 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/09 18:48:11 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\gdrv.sys
[2010/07/09 18:48:09 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/09 18:48:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/09 18:47:11 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\desktop\ntuser.ini
[2010/07/07 18:20:16 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/07/07 18:20:15 | 000,041,472 | ---- | M] () -- C:\Documents and Settings\desktop\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/06 17:48:58 | 000,000,095 | ---- | M] () -- C:\WINDOWS\System32\productregistry
[2010/07/06 12:31:54 | 000,103,878 | ---- | M] () -- C:\Documents and Settings\desktop\My Documents\cc_20100706_123148.reg
[2010/07/06 11:36:43 | 000,000,572 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/04 21:41:44 | 000,014,771 | ---- | M] () -- C:\Documents and Settings\desktop\My Documents\LIQUID  TRANSPORT FUEL  JULY, 2010 CON'T.xlsx
[2010/07/04 19:53:47 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\desktop\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/07/04 18:56:51 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/07/04 18:56:51 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/07/04 18:56:47 | 000,000,648 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/04 18:56:05 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/07/04 18:55:32 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/07/04 10:52:01 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\desktop\My Documents\LIQUID  TRANSPORT FUEL TAXES JULY, 2010..xls
[2010/07/04 10:40:39 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\desktop\My Documents\LIQUID  TRANSPORT FUEL  JULY, 2010.xls
[2010/07/03 18:22:28 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/06/29 23:39:11 | 000,298,864 | ---- | M] () -- C:\Documents and Settings\desktop\My Documents\cc_20100629_233834.reg
[2010/06/24 21:10:36 | 000,214,816 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010/06/20 19:02:43 | 000,012,616 | ---- | M] () -- C:\Documents and Settings\desktop\My Documents\anthro paper 2.docx
[2010/06/20 18:36:31 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\desktop\Desktop\Microsoft Office Word 2007 (2).lnk
[2010/06/16 17:15:21 | 386,523,135 | ---- | M] () -- C:\SMOKIN_ACES_2_ASSASSINS_BALL.ISO
[2010/06/13 14:59:26 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motoandroid_01007.Wdf
[2010/06/13 14:59:25 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010/07/06 12:31:52 | 000,103,878 | ---- | C] () -- C:\Documents and Settings\desktop\My Documents\cc_20100706_123148.reg
[2010/07/06 11:36:43 | 000,000,572 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/04 18:55:32 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/07/03 18:22:28 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/06/29 23:38:42 | 000,298,864 | ---- | C] () -- C:\Documents and Settings\desktop\My Documents\cc_20100629_233834.reg
[2010/06/22 01:21:09 | 007,602,176 | ---- | C] () -- C:\Documents and Settings\desktop\ntuser.dat
[2010/06/20 18:51:51 | 000,012,616 | ---- | C] () -- C:\Documents and Settings\desktop\My Documents\anthro paper 2.docx
[2010/06/16 16:56:41 | 386,523,135 | ---- | C] () -- C:\SMOKIN_ACES_2_ASSASSINS_BALL.ISO
[2010/06/13 14:59:26 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motoandroid_01007.Wdf
[2010/06/13 14:59:25 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010/05/27 20:09:00 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/03/15 22:34:25 | 000,000,162 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/01/18 11:17:44 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2010/01/18 11:15:14 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2010/01/13 15:18:01 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/12/25 03:36:35 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Q3version.ini
[2009/12/25 03:27:17 | 000,000,897 | ---- | C] () -- C:\WINDOWS\Qiii.INI
[2009/11/23 02:08:59 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/11/19 02:47:36 | 000,139,336 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/11/19 02:07:59 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2001/07/06 16:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
< End of report >

fognlx

Newbie Surfer
Newbie Surfer

Posts : 22
Joined : 2009-11-28
Operating System : XP

View user profile

Back to top Go down

Re: Got some type of virus..

Post by Sneakyone on Sun 11 Jul 2010, 5:29 am

Hi,

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Got some type of virus..

Post by Sponsored content Today at 7:34 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum