I had a virus but did a system restore and now...

View previous topic View next topic Go down

I had a virus but did a system restore and now...

Post by dlg2114 on Wed 06 Jul 2011, 7:29 am

Yesterday, while browsing the internet this message popped up "Hard drive failure the system has detected a problem with one or more installed ide sata hard disks". After researching I found its a Windows Diagnostic virus. It then asked me to restart my computer and I did. When I turned my computer back on the screen was black and it wanted me to purchase something. I restarted in safe mode and was able to do a system restore. I restored the system to a month earlier. Everything was working but I wanted to do a little cleaning. I first downloaded avg and did a scan. It found four threats and fixed them. Now I'm trying to use Spybot Search & Destroy. I've done the scan, which took nearly five hours, in Spybot but now I keep getting this pop up asking to allow or deny change. I've clicked allow nearly 30 times and it continues to come back. My computer is slow as ever now and I don't know if its because of avg or spybot. I was told by somone to use these programs in this order Avg, Spotbot and then Crap cleaner (CCleaner). Could you explain if I'm doing something wrong? Thanks

dlg2114

Newbie Surfer
Newbie Surfer

Posts : 32
Joined : 2009-06-04
Operating System : XP

View user profile

Back to top Go down

Re: I had a virus but did a system restore and now...

Post by Superdave on Wed 06 Jul 2011, 11:58 am

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
**************************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!


Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
****************************************
Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
************************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

Superdave
Tech Staff


Tech Staff

Posts : 4192
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: I had a virus but did a system restore and now...

Post by dlg2114 on Wed 06 Jul 2011, 7:10 pm

SUPERAntiSpyware Scan Log
[You must be registered and logged in to see this link.]

Generated 07/06/2011 at 00:40 AM

Application Version : 4.55.1000

Core Rules Database Version : 7376
Trace Rules Database Version: 5188

Scan type : Complete Scan
Total Scan Time : 02:33:24

Memory items scanned : 257
Memory threats detected : 0
Registry items scanned : 7533
Registry threats detected : 0
File items scanned : 154802
File threats detected : 226

Adware.Tracking Cookie
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@realmedia[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@interclick[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@media6degrees[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adserver.adtechus[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@kontera[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.pointroll[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@statcounter[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@counters.gigya[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@insightexpressai[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@pro-market[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.nba[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad.yieldmanager[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@lucidmedia[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@[You must be registered and logged in to see this link.]
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6aelocodjgeo.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@questionmarket[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@bs.serving-sys[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@segment-pixel.invitemedia[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ru4[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@login.tracking101[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@foxinteractivemedia.122.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@media.adfrontiers[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@technologyquestions[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@cdn1.trafficmp[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@content.yieldmanager[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@atdmt[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@in.getclicky[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@cdn.mediatakeout[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.pubmatic[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@revsci[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@stats.paypal[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@lfstmedia[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tacoda.at.atwola[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@trafficmp[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.worldstarhiphop[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@specificclick[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@content.yieldmanager[6].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@paypal.112.2o7[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@[You must be registered and logged in to see this link.]
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mediaplex[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@invitemedia[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@pointroll[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6aekiklajsap.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@a1.interclick[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wnl4ugdpchp.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjk4ckdjcaq.stats.esomniture[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ar.atwola[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@imrworldwide[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@247realmedia[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@r1-ads.ace.advertising[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@serving-sys[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mediatakeout[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6aekiaic5mko.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@[You must be registered and logged in to see this link.]
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mediabrandsww[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@[You must be registered and logged in to see this link.]
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mediaplex[4].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wmmiajcjmlp.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@[You must be registered and logged in to see this link.]
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.pointroll[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@[You must be registered and logged in to see this link.]
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tribalfusion[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@beacon.dmsinsights[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@content.yieldmanager[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad.yieldmanager[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@burstbeacon[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wdliwhaziao.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@[You must be registered and logged in to see this link.]
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjloujazcdo.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adinterax[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adxpose[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@burstnet[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@advertising[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@advertising[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@at.atwola[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@content.yieldmanager[4].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6aekicjajmhp.stats.esomniture[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@[You must be registered and logged in to see this link.]
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.undertone[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@yieldmanager[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad.wsod[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adbrite[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@pointroll[4].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@legolas-media[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@apmebf[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wdmiclajchq.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wnliuocjwbp.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.pgatour[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@fastclick[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@richmedia.yahoo[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@statcounter[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@xiti[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@electronicarts.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@collective-media[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@microsoftwlsearchcrm.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@doubleclick[1].txt
msntest.serving-sys.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\DRWBQA8M ]
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@bs.serving-sys[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-bestbuy.hitbox[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@hitbox[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@msnportal.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@statcounter[1].txt
bannerfarm.ace.advertising.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\HWF7NR78 ]
cdn4.specificclick.net [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\HWF7NR78 ]
core.insightexpressai.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\HWF7NR78 ]
ds.serving-sys.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\HWF7NR78 ]
gay.porntube.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\HWF7NR78 ]
ia.media-imdb.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\HWF7NR78 ]
interclick.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\HWF7NR78 ]
m1.2mdn.net [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\HWF7NR78 ]
macromedia.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\HWF7NR78 ]
media.heavy.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\HWF7NR78 ]
media.jambocast.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\HWF7NR78 ]
media.kyte.tv [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\HWF7NR78 ]
media.mtvnservices.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\HWF7NR78 ]
media.mtvu.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\HWF7NR78 ]
media.scanscout.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\HWF7NR78 ]
media.socialvibe.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\HWF7NR78 ]
media.thewb.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\HWF7NR78 ]
media01.kyte.tv [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\HWF7NR78 ]
media1.break.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\HWF7NR78 ]
msnbcmedia.msn.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\HWF7NR78 ]
naiadsystems.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\HWF7NR78 ]
objects.tremormedia.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\HWF7NR78 ]
pornotube.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\HWF7NR78 ]
s0.2mdn.net [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\HWF7NR78 ]
secure-us.imrworldwide.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\HWF7NR78 ]
serving-sys.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\HWF7NR78 ]
spe.atdmt.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\HWF7NR78 ]
udn.specificclick.net [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\HWF7NR78 ]
vcdn.glammedia.co.uk [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\HWF7NR78 ]
vidii.hardsextube.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\HWF7NR78 ]
[You must be registered and logged in to see this link.] [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\HWF7NR78 ]
[You must be registered and logged in to see this link.] [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\HWF7NR78 ]
[You must be registered and logged in to see this link.] [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\HWF7NR78 ]
[You must be registered and logged in to see this link.] [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\HWF7NR78 ]
[You must be registered and logged in to see this link.] [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\HWF7NR78 ]
[You must be registered and logged in to see this link.] [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\HWF7NR78 ]
[You must be registered and logged in to see this link.] [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\HWF7NR78 ]
wwwstatic.megaporn.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\HWF7NR78 ]
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad.yieldmanager[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad.yieldmanager[4].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad.yieldmanager[5].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.basal[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.worldstarhiphop[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@advertising[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@cdn.mediatakeout[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@content.yieldmanager[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@lucidmedia[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@media6degrees[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mediabrandsww[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mediaplex[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mediaplex[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mediatakeout[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@overture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@pointroll[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@pointroll[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tacoda.at.atwola[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tribalfusion[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\temp\Cookies\hp_administrator@2o7[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\temp\Cookies\hp_administrator@a1.interclick[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\temp\Cookies\hp_administrator@ad.m5prod[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\temp\Cookies\hp_administrator@ad.yieldmanager[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\temp\Cookies\hp_administrator@adbrite[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\temp\Cookies\hp_administrator@adlegend[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\temp\Cookies\hp_administrator@ads.4shared[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\temp\Cookies\hp_administrator@ads.bridgetrack[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\temp\Cookies\hp_administrator@ads.lucidmedia[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\temp\Cookies\hp_administrator@ads.pointroll[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\temp\Cookies\hp_administrator@ads.predictad[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\temp\Cookies\hp_administrator@adserver.adreactor[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\temp\Cookies\hp_administrator@adserver.adtechus[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\temp\Cookies\hp_administrator@advertising[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\temp\Cookies\hp_administrator@apmebf[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\temp\Cookies\hp_administrator@at.atwola[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\temp\Cookies\hp_administrator@atdmt[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\temp\Cookies\hp_administrator@atwola[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\temp\Cookies\hp_administrator@bs.serving-sys[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\temp\Cookies\hp_administrator@burstnet[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\temp\Cookies\hp_administrator@casalemedia[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\temp\Cookies\hp_administrator@chitika[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\temp\Cookies\hp_administrator@counter14.sextracker[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\temp\Cookies\hp_administrator@doubleclick[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\temp\Cookies\hp_administrator@e-2dj6wjk4oiczwgp.stats.esomniture[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\temp\Cookies\hp_administrator@eas.apm.emediate[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\temp\Cookies\hp_administrator@electronicarts.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\temp\Cookies\hp_administrator@f.blogads[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\temp\Cookies\hp_administrator@fastclick[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\temp\Cookies\hp_administrator@insightexpressai[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\temp\Cookies\hp_administrator@interclick[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\temp\Cookies\hp_administrator@kontera[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\temp\Cookies\hp_administrator@media6degrees[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\temp\Cookies\hp_administrator@mediaplex[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\temp\Cookies\hp_administrator@openxxx.viragemedia[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\temp\Cookies\hp_administrator@overture[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\temp\Cookies\hp_administrator@paypal.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\temp\Cookies\hp_administrator@qksrv[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\temp\Cookies\hp_administrator@questionmarket[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\temp\Cookies\hp_administrator@realmedia[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\temp\Cookies\hp_administrator@revsci[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\temp\Cookies\hp_administrator@richmedia.yahoo[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\temp\Cookies\hp_administrator@serving-sys[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\temp\Cookies\hp_administrator@sextracker[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\temp\Cookies\hp_administrator@socialmedia[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\temp\Cookies\hp_administrator@specificclick[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\temp\Cookies\hp_administrator@specificmedia[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\temp\Cookies\hp_administrator@statcounter[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\temp\Cookies\hp_administrator@stats.paypal[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\temp\Cookies\hp_administrator@tacoda[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\temp\Cookies\hp_administrator@teenspot[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\temp\Cookies\hp_administrator@trafficmp[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\temp\Cookies\hp_administrator@tribalfusion[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\temp\Cookies\hp_administrator@viacom.adbureau[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\temp\Cookies\hp_administrator@videoegg.adbureau[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\temp\Cookies\hp_administrator@[You must be registered and logged in to see this link.]
C:\Documents and Settings\HP_Administrator\Local Settings\temp\Cookies\hp_administrator@[You must be registered and logged in to see this link.]
C:\Documents and Settings\HP_Administrator\Local Settings\temp\Cookies\hp_administrator@yadro[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\temp\Cookies\hp_administrator@yieldmanager[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\temp\Cookies\hp_administrator@zedo[1].txt

Trojan.Agent/Gen-FakeAV
C:\SYSTEM VOLUME INFORMATION\_RESTORE{106CF321-99A3-4E3A-9103-1BD027606A99}\RP664\A0094553.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{106CF321-99A3-4E3A-9103-1BD027606A99}\RP664\A0094554.EXE

Rogue.Agent/Gen-Nullo[BIN]
C:\WINDOWS\SYSTEM32\15869V9ZUSE.BIN

dlg2114

Newbie Surfer
Newbie Surfer

Posts : 32
Joined : 2009-06-04
Operating System : XP

View user profile

Back to top Go down

Re: I had a virus but did a system restore and now...

Post by dlg2114 on Wed 06 Jul 2011, 7:11 pm

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4052

Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18702

7/6/2011 3:03:17 AM
mbam-log-2011-07-06 (03-03-17).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 278216
Time elapsed: 52 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

dlg2114

Newbie Surfer
Newbie Surfer

Posts : 32
Joined : 2009-06-04
Operating System : XP

View user profile

Back to top Go down

Re: I had a virus but did a system restore and now...

Post by Superdave on Thu 07 Jul 2011, 6:32 am

I will need to see the DDS logs also.

Superdave
Tech Staff


Tech Staff

Posts : 4192
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: I had a virus but did a system restore and now...

Post by dlg2114 on Thu 07 Jul 2011, 10:42 am

How do I get those?

dlg2114

Newbie Surfer
Newbie Surfer

Posts : 32
Joined : 2009-06-04
Operating System : XP

View user profile

Back to top Go down

Re: I had a virus but did a system restore and now...

Post by Superdave on Thu 07 Jul 2011, 10:57 am

How do I get those? .
By following the directions at the bottom of my first post. Here it is again.

Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

Superdave
Tech Staff


Tech Staff

Posts : 4192
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: I had a virus but did a system restore and now...

Post by dlg2114 on Thu 07 Jul 2011, 10:59 am

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by HP_Administrator at 18:46:27 on 2011-07-06
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.447.85 [GMT -5:00]
.
AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton Internet Security 2006 *Enabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Worm Protection *Disabled*
FW: Norton Internet Security 2006 *Disabled*
FW: AVG Firewall *Enabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\AVG\AVG10\avgfws.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgam.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1159822766\ee\AOLSoftware.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\ATT-SST\McciTrayApp.exe
C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\program files\common files\aol\1159822766\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\DISC\DiscStreamHub.exe
c:\program files\common files\aol\1159822766\ee\aolsoftware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iTunes\iPod\bin\iPodService.exe
c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = [You must be registered and logged in to see this link.]
uSearch Page = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
mSearchAssistant = [You must be registered and logged in to see this link.]
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: CNavExtBho Class: {a8f38d8d-e480-4d52-b7a2-731bb6995fdd} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Norton AntiVirus: {c4069e3a-68f1-403e-b40e-20066696354b} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
TB: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [DISCover] c:\program files\disc\DISCover.exe
mRun: [DiscUpdateManager] c:\program files\disc\DiscUpdMgr.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] c:\program files\hp\hp software update\HPwuSchd2.exe
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [HostManager] c:\program files\common files\aol\1159822766\ee\AOLSoftware.exe
mRun: [Pure Networks Port Magic] "c:\progra~1\purene~1\portma~1\PortAOL.exe" -Run
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe
mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"
mRun: [ISW.exe] "c:\program files\at&t\internet security wizard\ISW.exe" /AUTORUN
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: 0.0.0.0
Trusted Zone: motive.com\patttbc.att
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{1E14F599-5B6E-46C9-9A03-AA9A45B9DA53} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 SAVRTPEL;SAVRTPEL;c:\program files\norton internet security\norton antivirus\Savrtpel.sys [2005-8-26 53896]
R2 avgfws;AVG Firewall;c:\program files\avg\avg10\avgfws.exe [2011-3-9 2708024]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-9-16 192112]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2005-9-16 202352]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-9-16 169584]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton internet security\norton antivirus\navapsvc.exe [2005-12-30 133792]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20060216.009\NAVENG.Sys [2006-5-14 77864]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20060216.009\NavEx15.Sys [2006-5-14 750952]
R3 SAVRT;SAVRT;c:\program files\norton internet security\norton antivirus\savrt.sys [2005-8-26 334984]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-14 135664]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-14 135664]
.
=============== Created Last 30 ================
.
2011-07-06 02:25:03 -------- d-----w- c:\documents and settings\hp_administrator\application data\SUPERAntiSpyware.com
2011-07-06 02:25:03 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-07-06 02:23:51 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-07-05 07:11:22 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-07-05 07:11:22 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-07-05 04:40:33 -------- d--h--w- C:\$AVG
2011-07-05 03:41:53 -------- d-----w- c:\documents and settings\hp_administrator\application data\AVG10
2011-07-05 03:36:46 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2011-07-05 03:26:20 -------- d-----w- c:\windows\system32\drivers\AVG
2011-07-05 03:26:20 -------- d-----w- c:\documents and settings\all users\application data\AVG10
2011-07-05 03:25:20 -------- d-----w- c:\program files\AVG
2011-07-05 03:13:02 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-07-05 02:58:47 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-07-05 02:58:47 -------- d-----w- c:\windows\system32\wbem\Repository
2011-06-17 18:42:36 -------- d-sh--w- C:\found.001
.
==================== Find3M ====================
.
2011-04-15 02:28:42 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
.
============= FINISH: 18:49:19.42 ===============

dlg2114

Newbie Surfer
Newbie Surfer

Posts : 32
Joined : 2009-06-04
Operating System : XP

View user profile

Back to top Go down

Re: I had a virus but did a system restore and now...

Post by dlg2114 on Thu 07 Jul 2011, 11:00 am

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/24/2006 5:38:26 PM
System Uptime: 7/6/2011 11:39:33 AM (7 hours ago)
.
Motherboard: Hewleet-Packard | | Asterope2
Processor: Intel(R) Pentium(R) 4 CPU 3.06GHz | CPU 1 | 3065/133mhz
Processor: Intel(R) Pentium(R) 4 CPU 3.06GHz | CPU 1 | 3065/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 224 GiB total, 191.477 GiB free.
D: is FIXED (FAT32) - 9 GiB total, 0.442 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP588: 4/8/2011 3:35:20 AM - System Checkpoint
RP589: 4/9/2011 5:01:17 AM - System Checkpoint
RP590: 4/10/2011 5:35:13 AM - System Checkpoint
RP591: 4/11/2011 6:35:14 AM - System Checkpoint
RP592: 4/12/2011 7:35:16 AM - System Checkpoint
RP593: 4/13/2011 7:59:17 AM - System Checkpoint
RP594: 4/14/2011 3:00:22 AM - Software Distribution Service 3.0
RP595: 4/15/2011 3:47:18 AM - System Checkpoint
RP596: 4/16/2011 5:13:18 AM - System Checkpoint
RP597: 4/17/2011 5:47:19 AM - System Checkpoint
RP598: 4/18/2011 5:59:12 AM - System Checkpoint
RP599: 4/19/2011 6:59:18 AM - System Checkpoint
RP600: 4/20/2011 7:59:14 AM - System Checkpoint
RP601: 4/21/2011 8:37:15 AM - System Checkpoint
RP602: 4/22/2011 9:35:18 AM - System Checkpoint
RP603: 4/23/2011 10:23:18 AM - System Checkpoint
RP604: 4/24/2011 10:47:18 AM - System Checkpoint
RP605: 4/27/2011 3:00:27 AM - Software Distribution Service 3.0
RP606: 5/1/2011 3:04:23 AM - System Checkpoint
RP607: 5/2/2011 3:33:59 AM - System Checkpoint
RP608: 5/3/2011 3:47:49 AM - System Checkpoint
RP609: 5/4/2011 4:11:47 AM - System Checkpoint
RP610: 5/5/2011 4:35:46 AM - System Checkpoint
RP611: 5/6/2011 4:46:01 AM - System Checkpoint
RP612: 5/7/2011 4:58:24 AM - System Checkpoint
RP613: 5/8/2011 4:58:38 AM - System Checkpoint
RP614: 5/9/2011 6:09:53 AM - System Checkpoint
RP615: 5/10/2011 6:22:37 AM - System Checkpoint
RP616: 5/11/2011 3:00:21 AM - Software Distribution Service 3.0
RP617: 5/12/2011 4:01:39 AM - System Checkpoint
RP618: 5/13/2011 4:10:24 AM - System Checkpoint
RP619: 5/18/2011 11:58:59 AM - System Checkpoint
RP620: 5/19/2011 12:58:21 PM - System Checkpoint
RP621: 5/20/2011 1:36:45 PM - System Checkpoint
RP622: 5/21/2011 1:46:15 PM - System Checkpoint
RP623: 5/22/2011 2:12:09 PM - System Checkpoint
RP624: 5/23/2011 4:14:33 PM - System Checkpoint
RP625: 5/24/2011 4:44:23 PM - System Checkpoint
RP626: 5/25/2011 5:32:54 PM - System Checkpoint
RP627: 5/26/2011 7:25:39 PM - System Checkpoint
RP628: 5/29/2011 6:30:12 PM - System Checkpoint
RP629: 5/30/2011 7:18:28 PM - System Checkpoint
RP630: 5/31/2011 7:53:58 PM - System Checkpoint
RP631: 6/1/2011 8:19:22 PM - System Checkpoint
RP632: 6/2/2011 11:22:39 PM - System Checkpoint
RP633: 6/3/2011 11:37:27 PM - System Checkpoint
RP634: 6/5/2011 1:43:53 AM - System Checkpoint
RP635: 6/6/2011 4:35:06 PM - System Checkpoint
RP636: 6/7/2011 5:58:12 PM - System Checkpoint
RP637: 6/8/2011 6:58:08 PM - System Checkpoint
RP638: 6/9/2011 7:14:36 PM - System Checkpoint
RP639: 6/10/2011 7:30:14 PM - System Checkpoint
RP640: 6/11/2011 8:27:58 PM - System Checkpoint
RP641: 6/12/2011 9:18:22 PM - System Checkpoint
RP642: 6/13/2011 9:44:34 PM - System Checkpoint
RP643: 6/14/2011 9:56:32 PM - System Checkpoint
RP644: 6/15/2011 10:55:48 PM - System Checkpoint
RP645: 6/16/2011 11:09:53 PM - System Checkpoint
RP646: 6/17/2011 3:00:19 AM - Software Distribution Service 3.0
RP647: 6/18/2011 4:11:53 AM - System Checkpoint
RP648: 6/19/2011 5:57:58 AM - System Checkpoint
RP649: 6/20/2011 6:32:47 AM - System Checkpoint
RP650: 6/21/2011 6:45:26 AM - System Checkpoint
RP651: 6/22/2011 2:33:11 PM - System Checkpoint
RP652: 6/23/2011 3:00:16 PM - System Checkpoint
RP653: 6/24/2011 4:20:15 PM - System Checkpoint
RP654: 6/25/2011 5:59:16 PM - System Checkpoint
RP655: 6/26/2011 6:19:15 PM - System Checkpoint
RP656: 6/27/2011 7:10:19 PM - System Checkpoint
RP657: 6/28/2011 7:37:39 PM - System Checkpoint
RP658: 6/29/2011 7:47:39 PM - System Checkpoint
RP659: 6/30/2011 10:21:44 PM - System Checkpoint
RP660: 7/1/2011 12:05:14 AM - Installed Java(TM) 6 Update 26
RP661: 7/2/2011 12:39:51 AM - System Checkpoint
RP662: 7/3/2011 1:39:52 AM - System Checkpoint
RP663: 7/4/2011 2:05:20 AM - System Checkpoint
RP664: 7/4/2011 9:55:11 PM - Restore Operation
RP665: 7/4/2011 10:24:52 PM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
RP666: 7/4/2011 10:25:18 PM - Installed AVG 2011
RP667: 7/4/2011 10:26:04 PM - Installed AVG 2011
RP668: 7/5/2011 3:02:27 AM - Software Distribution Service 3.0
RP669: 7/6/2011 3:32:24 PM - System Checkpoint
.
==== Installed Programs ======================
.
1400
1400_Help
1400Trb
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0.5
AiO_Scan
AiO_Scan_CDA
AiOSoftware
AiOSoftwareNPI
Alien Outbreak 2
Ancient Sudoku
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AT&T Internet Security Wizard 1.5.11
AT&T Service & Support Tool
AT&T Toolbar
AT&T Yahoo! Internet Mail
ATI Control Panel
ATI Display Driver
ATT-PRT22
Audacity 1.2.6
AVG 2011
Bejeweled 2 Deluxe
Big Kahuna Reef
Blackhawk Striker 2
Blasterball 2 Remix
Blasterball 2 Revolution
Bonjour
Bookworm Deluxe
Bounce Symphony
BufferChm
CameraDrivers
CameraUserGuides
CC_ccProxyExt
ccCommon
ccPxyCore
Chuzzle Deluxe
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
CueTour
Customer Experience Enhancement
CustomerResearchQFolder
Data Fax SoftModem with SmartCP
Destinations
DeviceManagementQFolder
Diner Dash
DISCover
DocProc
DocumentViewer
Easy Internet Sign-up
Enhanced Multimedia Keyboard Solution
Fairies
Family Feud
FATE
Fax
Fax_CDA
Flip Words
GemMaster Mystic
GIMP 2.6.10
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB888111
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Boot Optimizer
HP Deskjet Printer Preload
HP DigitalMedia Archive
HP Document Viewer 6.1
HP DVD Play 2.1
HP Extended Capabilities 5.3
HP Game Console
HP Image Zone Express
HP Imaging Device Functions 7.0
HP Photosmart Cameras 6.0
HP Photosmart for Media Center PC
HP Photosmart Premier Software 6.5
HP PSC & OfficeJet 5.3.B
HP PSC & OfficeJet 6.1.A
HP Rhapsody
HP Software Update
HP Solution Center and Imaging Support Tools 6.1
HP Web Helper
hpiCamDrvQFolder
HPPhotoSmartExpress
HPProductAssistant
HpSdpAppCoreApp
Insaniquarium Deluxe
InstantShareDevices
iPod for Windows 2006-01-10
iTunes
Jewel Quest
LAME v3.98.2 for Audacity
LightScribe 1.4.84.1
LiveUpdate 2.7 (Symantec Corporation)
Magic DVD Ripper V5.4.2
Mah Jong Quest
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Away Mode
Microsoft Money 2006
Microsoft Office Standard Edition 2003
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Movies2iPhone .74b
MSN
MSRedist
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MUSICMATCH® Jukebox
muvee autoProducer 5.0
muvee autoProducer unPlugged 2.0
Mystery Case Files
NewCopy
NewCopy_CDA
Norton AntiSpam
Norton AntiVirus 2006
Norton Internet Security
Norton Internet Security 2006 (Symantec Corporation)
Norton Protection Center
Norton WMI Update
OptionalContentQFolder
Otto
PanoStandAlone
PhotoGallery
Poker Superstars
Polar Bowler
Polar Golfer
ProductContext
ProductContextNPI
Pure Networks Port Magic
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Quicken 2006
QuickTime
RandMap
Readme
RealPlayer
Realtek High Definition Audio Driver
Ricochet Lost Worlds
Scan
ScannerCopy
SCRABBLE
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
SkinsHP1
SlideShow
SlideShowMusic
Slingo Deluxe
Snowy The Bears Adventure
SolutionCenter
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
SPBBC
Spybot - Search & Destroy
Status
Super Granny
SUPERAntiSpyware
SymNet
Tennis Titans
Toolbox
Tornado Jockey
Tradewinds
TrayApp
Unload
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update Rollup 2 for Windows XP Media Center Edition 2005
Updates from HP (remove only)
Viewpoint Media Player
WebFldrs XP
WebReg
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Media Format Runtime
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892050
Windows XP Hotfix - KB893066
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB912067
Windows XP Media Center Edition 2005 KB973768
Yahoo! Install Manager
.
==== Event Viewer Messages From Past Week ========
.
7/6/2011 1:10:27 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
7/5/2011 9:57:16 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Software Updater service to connect.
7/5/2011 9:57:06 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
7/5/2011 2:48:39 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
7/5/2011 2:04:04 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 eeCtrl Fips intelppm SAVRTPEL SPBBCDrv SYMTDI
7/5/2011 12:24:22 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Pml Driver HPZ12 service to connect.
7/5/2011 12:24:22 AM, error: Service Control Manager [7000] - The Pml Driver HPZ12 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/5/2011 10:02:10 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 eeCtrl Fips intelppm SASDIFSV SASKUTIL SAVRTPEL SPBBCDrv SYMTDI
7/5/2011 1:56:09 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the COM+ System Application service to connect.
7/5/2011 1:56:09 PM, error: Service Control Manager [7000] - The COM+ System Application service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/5/2011 1:56:09 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service COMSysApp with arguments "" in order to run the server: {ECABAFBC-7F19-11D2-978E-0000F8757E2A}
7/5/2011 1:55:43 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
7/5/2011 1:55:38 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/5/2011 1:55:37 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
7/5/2011 1:53:51 PM, error: Service Control Manager [7022] - The AVGIDSAgent service hung on starting.
7/4/2011 9:55:13 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/4/2011 9:54:57 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eeCtrl Fips intelppm SAVRTPEL SPBBCDrv SYMTDI
7/4/2011 10:57:57 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service NSCService with arguments "" in order to run the server: {09B7ADDC-8BF0-409B-8571-43E8EA2AAFA3}
7/4/2011 10:57:43 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Norton Protection Center Service service to connect.
7/4/2011 10:52:22 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/4/2011 10:52:17 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
.
==== End Of File ===========================

dlg2114

Newbie Surfer
Newbie Surfer

Posts : 32
Joined : 2009-06-04
Operating System : XP

View user profile

Back to top Go down

Re: I had a virus but did a system restore and now...

Post by Superdave on Thu 07 Jul 2011, 11:40 am

You have Viewpoint installed.

Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

More information:

* ViewMgr.exe - Useless
* Viewpoint to Plunge Into Adware

It is suggested to remove the program now. Go to Start > Control Panel > Add/Remove Programs - (Vista & Win7 is Programs and Features) and remove the following programs if present.

* Viewpoint
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
* Viewpoint Experience Technology

**********************************************
Download OTL to your desktop.

* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code:
:OTL
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
Trusted Zone: 0.0.0.0
Trusted Zone: motive.com\patttbc.att

:Files
C:\found.001

:COMMANDS
[resethosts]
[purity]
[emptytemp]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
**************************************************************
The logs show that you have two Anti-Virus programs on your computer; AVG Internet Security 2011 and Norton Internet Security 2006. It appears the the subscription for Norton has run out and you should uninstall it. Since this next scanner will not run with AVG on your computer. You can uninstall it and re-install it after the scan or you can download and install another one from the list below.

Remember to only install one antivirus!

1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
4-a) Microsoft Security Essentials for Windows XP
5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
*************************************************
Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

and save it to your Desktop.
It would be easiest to download using Internet Explorer.
If you insist on using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Double click ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

Superdave
Tech Staff


Tech Staff

Posts : 4192
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: I had a virus but did a system restore and now...

Post by dlg2114 on Thu 07 Jul 2011, 1:08 pm

All processes killed
========== OTL ==========
========== FILES ==========
C:\found.001\dir0000.chk folder moved successfully.
C:\found.001 folder moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 204952 bytes
->Flash cache emptied: 539 bytes

User: All Users

User: Default User
->Temp folder emptied: 31612 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: HP_Administrator
->Temp folder emptied: 528810925 bytes
->Temporary Internet Files folder emptied: 332964483 bytes
->Java cache emptied: 7607132 bytes
->Flash cache emptied: 293175 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 6025679 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 95547115 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 744230 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 12438 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 927.00 mb


OTL by OldTimer - Version 3.2.26.0 log created on 07062011_205409

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\YF8RDUFU\;sz=1x200;agr=3;gen=F;page=11013005;pos=leaderboard;tvvc=5;tvvid=50835093;tvch=32279026;lbl=2;mc=32279026;len=t;u=tvch=32279026,tvvid=50835093,page=11013005,lbl=2;tile=1[1].asx not found!
File\Folder C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\YF8RDUFU\click2,AAAAAObCAgBXSScAAAAAAJaOCwAAAAAAAgBQAAIAAAAAAP8AAAADGMrvBQAAAAAAF3EQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABrjwEAAAAAAAIAAgAAAAAAyR[1] not found!
File\Folder C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\WDQFA70P\;lf=1;nt=g;cc=us;ec=ron;p=0;!c=b;al=attp;al=bell;al=cin;al=fri;al=net;ctr=ll;ctr=ls;ec=tf;ec=ts;ec=ttre;ia=pc;pec=f;rmt=ov;vec=st;vpec=st;pt=0;atf=0;dt=b;!c=hagl;!c=hagn[1] not found!
File\Folder C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\WDQFA70P\rchName%3Dsexuality+%26searchmode%3D2%26searchName%3Dsexuality+%26searchDescription%3D%26searchExtention%3D%26sizeCriteria%3Datleast%26sizevalue%3D10%26start%3D0&ua=Mozilla&fip= not found!
File\Folder C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\WDQFA70P\shoes;sz=300x250;u=50d370b1a3f34b9a972cfcaca0b461c5;ord=14QRR52EP97YBHA6RTDD;s=54;s=67;s=25;s=32;s=k67;s=k7;s=k303;s=k151;s=k29;s=m4;s=m1;z=432;z=383;z=1435;tile=1[1].htm not found!
File\Folder C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\ST2ZWX2B\;sz=1x200;agr=3;gen=F;page=11013005;pos=leaderboard;tvvc=5;tvvid=49303112;tvch=32279026;lbl=2;mc=32279026;len=t;u=tvch=32279026,tvvid=49303112,page=11013005,lbl=2;tile=1[1].asx not found!
File\Folder C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\PDKCHRKM\D1%26sortmode%3D2%26searchName%3Dsos%2Brihana%26searchmode%3D2%26searchName%3Dsos%2Brihana%26searchDescription%3D%26searchExtention%3D%26sizeCriteria%3Datleast%26sizevalue%3&r=0 not found!
File\Folder C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\PDKCHRKM\main_6;sz=480x70;mpvid=AARwDykzTHRCEZGS;kl=N;!c=6;k2=589;k2=35;kvid=Zm_4LwyiMw4;shortform=1;k4=35;kpid=6;kga=1001;kar=3;kgg=1;kcr=us;khd=0;klg=en;kpu=asianboriqua;kr=F;k[1].asx not found!
File\Folder C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\OTIJOP6V\;sz=1x200;agr=3;gen=F;page=11013005;pos=leaderboard;tvvc=5;tvvid=49303113;tvch=32279026;lbl=2;mc=32279026;len=t;u=tvch=32279026,tvvid=49303113,page=11013005,lbl=2;tile=1[1].asx not found!
File\Folder C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\OTIJOP6V\;sz=1x200;agr=3;gen=F;page=11013005;pos=leaderboard;tvvc=5;tvvid=49303113;tvch=32279026;lbl=2;mc=32279026;len=t;u=tvch=32279026,tvvid=49303113,page=11013005,lbl=2;tile=1[2].asx not found!
File\Folder C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\M6YP9T4M\;lf=1;nt=g;cc=us;ec=ron;p=0;!c=b;al=attp;al=bell;al=cin;al=fri;al=net;ctr=ll;ctr=ls;ec=tf;ec=ts;ec=ttre;ia=pc;p=1;pec=f;rmt=ov;vec=st;vpec=st;atf=1;atf=s;dt=s;!c=hagl;!c[1] not found!
File\Folder C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\M6YP9T4M\;lf=1;nt=g;cc=us;ec=ron;p=0;!c=b;al=attp;al=bell;al=cin;al=fri;al=net;ctr=ll;ctr=ls;ec=tf;ec=ts;ec=ttre;ia=pc;p=1;pec=f;rmt=ov;vec=st;vpec=st;atf=p;dt=s;!c=hagl;!c=hagn;[1] not found!
File\Folder C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\M6YP9T4M\blowout_music;sz=728x90;u=1ed6ef4906bb412b86ba42bdec4c255f;ord=1188E6Y1K4RDH6S18CCC;s=54;s=67;s=25;s=32;s=k278;s=k67;s=k131;s=k9;s=k25;s=m4;s=m1;z=330;z=351;z=1260;z=350[1].htm not found!
File\Folder C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\M6YP9T4M\clubsnightlife;sz=300x250;kl=N;kga=1001;kar=3;kgg=1;kcr=us;klg=en;kgender=m;kr=R;kage=18;kt=U;kw=gay+teen+dance;dc_dedup=1;kmyd=ad_creative_1;tile=1;dcopt=ist;ord=19332100[1].7 not found!
File\Folder C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\M6YP9T4M\clubsnightlife;sz=300x250;kl=N;kga=1001;kar=3;kgg=1;kcr=us;klg=en;kgender=m;kr=R;kage=18;kt=U;kw=gay+teens+dance;dc_dedup=1;kmyd=ad_creative_1;tile=1;dcopt=ist;ord=82772[1] not found!
File\Folder C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\M6YP9T4M\default;sz=300x250;kl=N;kga=1001;kar=3;kgg=1;kcr=us;klg=en;kgender=m;kr=F;kage=18;kt=U;kw=crazy+in+love+lyrics;dc_dedup=1;kmyd=ad_creative_1;tile=1;dcopt=ist;ord=9577693[1] not found!
File\Folder C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\M6YP9T4M\default;sz=300x250;kl=N;kga=1001;kar=3;kgg=1;kcr=us;klg=en;kgender=m;kr=R;kage=18;kt=U;kw=gay+teens;dc_dedup=1;kmyd=ad_creative_1;tile=1;dcopt=ist;ord=6948586430264946[1] not found!
File\Folder C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\M6YP9T4M\main_2262;sz=450x60;mpvid=AARwN8AGkRH_yW4U;kl=N;!c=2262;k2=113;kvid=C1J62FHFSWc;shortform=1;kpid=2262;kga=1001;kar=3;kgg=1;kcr=us;khd=0;klg=en;kpu=thorthewhore;kr=A;kgen[1].asx not found!
File\Folder C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\M6YP9T4M\shoes;sz=728x90;u=062754e797de4397a5f27add3a3abed4;ord=14QRR52EP97YBHA6RTDD;s=54;s=67;s=25;s=32;s=k67;s=k7;s=k303;s=k151;s=k29;s=m4;s=m1;z=432;z=383;z=1435;tile=2[1].htm not found!
File\Folder C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\LCX1F5HZ\clubsnightlife;sz=300x250;kl=N;kga=1001;kar=3;kgg=1;kcr=us;klg=en;kgender=m;kr=F;kage=18;kt=U;kw=gay+dance;dc_dedup=1;kmyd=ad_creative_1;tile=1;dcopt=ist;ord=65794177527[1] not found!
File\Folder C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\LCX1F5HZ\main_2262;sz=300x250;mpvid=AARwN8AGkRH_yW4U;kl=N;!c=2262;k2=113;kvid=C1J62FHFSWc;shortform=1;kpid=2262;kga=1001;kar=3;kgg=1;kcr=us;khd=0;klg=en;kpu=thorthewhore;kr=A;kge[1].htm not found!
File\Folder C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\LCX1F5HZ\main_2262;sz=480x70;mpvid=AARwN8AGkRH_yW4U;kl=N;!c=2262;k2=113;kvid=C1J62FHFSWc;shortform=1;kpid=2262;kga=1001;kar=3;kgg=1;kcr=us;khd=0;klg=en;kpu=thorthewhore;kr=A;kgen[1].asx not found!
File\Folder C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\LCX1F5HZ\music_lyricstabs;sz=300x250;kl=N;kga=1001;kar=3;kgg=1;kcr=us;klg=en;kgender=m;kr=F;kage=18;kt=U;kw=crazy+in+love+lyrics;dc_dedup=1;kmyd=ad_creative_1;tile=1;dcopt=ist;ord=[1].5 not found!
File\Folder C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\LCX1F5HZ\r_and_b;sz=300x250;u=f07d95182692420c9df251a3acc66005;ord=1188E6Y1K4RDH6S18CCC;s=54;s=67;s=25;s=32;s=k278;s=k67;s=k131;s=k9;s=k25;s=m1;s=m4;z=351;z=1260;z=350;z=330;z=32[1].htm not found!
File\Folder C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\LCX1F5HZ\_default;sz=960x250,960x110;kl=N;kga=1001;kar=3;klg=en;kage=18;kgg=1;kt=U;kcr=us;kgender=m;dc_dedup=1;kmyd=ad_creative_1;tile=1;dcopt=ist;ord=2720347570332146[1].htm not found!
File\Folder C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\K1MJOXUF\;sz=1x200;agr=3;gen=F;page=11013005;pos=leaderboard;tvvc=5;tvvid=49303112;tvch=32279026;lbl=2;mc=32279026;len=t;u=tvch=32279026,tvvid=49303112,page=11013005,lbl=2;tile=1[1].asx not found!
File\Folder C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\K1MJOXUF\;sz=1x200;agr=3;gen=F;page=11013005;pos=leaderboard;tvvc=5;tvvid=50835093;tvch=32279026;lbl=2;mc=32279026;len=t;u=tvch=32279026,tvvid=50835093,page=11013005,lbl=2;tile=1[1].asx not found!
File\Folder C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\K1MJOXUF\click2,AAAAAObCAgBkSScAAAAAAJqOCwAAAAAAAgBEAAYAAAAAAP8AAAADGMrvBQAAAAAAG3EQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABrjwEAAAAAAAIAAgAAAAAA8K[1] not found!
File\Folder C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\K1MJOXUF\click2,AAAAAObCAgBXSScAAAAAAJaOCwAAAAAAAgBEAAIAAAAAAP8AAAADGMrvBQAAAAAAF3EQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABrjwEAAAAAAAIAAgAAAAAA56[1] not found!
File\Folder C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\K1MJOXUF\dref=http%253A%252F%252Fmessaging.myspace.com%252Findex.cfm%253Ffuseaction%253Dmail[1].reply%2526friendId%253D328448011%2526type%253DInbox%2526messageID%253D144773397 not found!
File\Folder C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\G92L6L2X\3Dhollister%2Bshorts%2B32%26l%3DN%26rand%3D1249101416%26pd_id%3DnY%252BsHZ2PrBmdj6wVnY%252BsEZ2PrA2dj6wCk4qoCpGCpwSdj6x9nY%252BseQ%253D%253D%26f%3D97553738%26pd_x%3D1f%26sig&r=0 not found!
File\Folder C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\G92L6L2X\hName%3Dsos+rihanna%26searchmode%3D2%26searchName%3Dsos+rihanna%26searchDescription%3D%26searchExtention%3D%26sizeCriteria%3Datleast%26sizevalue%3D10%26start%3D0&ua=Mozilla&fip= not found!
File\Folder C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\G92L6L2X\main_6;sz=450x60;mpvid=AARwDykzTHRCEZGS;kl=N;!c=6;k2=589;k2=35;kvid=Zm_4LwyiMw4;shortform=1;k4=35;kpid=6;kga=1001;kar=3;kgg=1;kcr=us;khd=0;klg=en;kpu=asianboriqua;kr=F;k[1].asx not found!
File\Folder C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\G92L6L2X\newsnetworks;sz=300x250;kl=N;kga=1001;kar=3;kgg=1;kcr=us;klg=en;kgender=m;kr=F;kage=18;kt=U;kw=hottchyna+cnn;dc_dedup=1;kmyd=ad_creative_1;tile=1;dcopt=ist;ord=826146010[1] not found!
File\Folder C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\F7HXP1L6\;lf=1;nt=g;cc=us;ec=ron;p=0;!c=b;al=attp;al=bell;al=cin;al=fri;al=net;ctr=ll;ctr=ls;ec=tf;ec=ts;ec=ttre;ia=pc;p=1;pec=f;rmt=ov;vec=st;vpec=st;atf=u;dt=s;!c=hagl;!c=hagn;[1] not found!
File\Folder C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\F7HXP1L6\default;sz=300x250;kl=N;kga=1001;kar=3;kgg=1;kcr=us;klg=en;kgender=m;kr=R;kage=18;kt=U;kw=gay+teens;dc_dedup=1;kmyd=ad_creative_1;tile=1;dcopt=ist;ord=2119063153653165[1] not found!
File\Folder C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\F7HXP1L6\international;sz=300x250;u=6056cccb2a75455caccc2126c05854f1;ord=023HJSPAF7D33FEPVZN4;s=32;s=k153;s=k278;s=k131;s=k130;s=k9;s=m4;s=m1;z=344;z=1260;z=350;z=351;z=328;tile=[1].htm not found!
File\Folder C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\F7HXP1L6\r_and_b;sz=728x90;u=58b08a61d6c2421eb1f1a4332b80e336;ord=023HJSPAF7D33FEPVZN4;s=32;s=k153;s=k278;s=k131;s=k130;s=k9;s=m4;s=m1;z=351;z=1260;z=350;z=344;z=328;tile=2[1].htm not found!
File\Folder C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\E1KXW303\adlink%2F5113%2F674681%2F0%2F170%2FAdId%3D393375%3BBnId%3D1%3Bitime%3D110435604%3Bkvmn%3D93234030%3Bkvtid%3D154nk8o0cqqbj7%3Bkvseg%3D99999%3A61165%3A60185%3Bnodecode%3Dy[2] not found!
File\Folder C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\B1IS2ISU\main_6;sz=300x250;mpvid=AARwDykzTHRCEZGS;kl=N;!c=6;k2=589;k2=35;kvid=Zm_4LwyiMw4;shortform=1;k4=35;kpid=6;kga=1001;kar=3;kgg=1;kcr=us;khd=0;klg=en;kpu=asianboriqua;kr=F;[1].htm not found!
File\Folder C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\4XCBWV8J\click2,5jBaABK4CQDDOSoAAAAAADkMDAAAAAAAAgACeAIAAAAAAP8AAAABFyM1BAAAAAAAfRgRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA[1].com%2F,;dcopt=rcl;mtfIFPath=nofile;ord=1249875238 not found!
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\IadHide5.dll moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_cc4.dat moved successfully.

Registry entries deleted on Reboot...

dlg2114

Newbie Surfer
Newbie Surfer

Posts : 32
Joined : 2009-06-04
Operating System : XP

View user profile

Back to top Go down

Re: I had a virus but did a system restore and now...

Post by dlg2114 on Thu 07 Jul 2011, 2:11 pm

ComboFix 11-07-06.04 - HP_Administrator 07/06/2011 21:21:50.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.447.178 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\HP_Administrator\Local Settings\temp\IadHide5.dll
c:\documents and settings\HP_Administrator\WINDOWS
c:\windows\system32\config\systemprofile\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2011-06-07 to 2011-07-07 )))))))))))))))))))))))))))))))
.
.
2011-07-07 01:54 . 2011-07-07 01:54 -------- d-----w- C:\_OTL
2011-07-06 02:25 . 2011-07-06 02:25 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2011-07-06 02:25 . 2011-07-06 02:25 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-07-06 02:23 . 2011-07-06 02:25 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-07-05 07:48 . 2011-07-05 07:48 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-07-05 07:11 . 2011-07-05 11:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-07-05 07:11 . 2011-07-05 07:12 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-07-05 04:40 . 2011-07-05 04:40 -------- d-----w- C:\$AVG
2011-07-05 03:41 . 2011-07-05 03:41 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AVG10
2011-07-05 03:36 . 2011-07-05 03:36 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-07-05 03:26 . 2011-07-07 01:59 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2011-07-05 03:25 . 2011-07-05 03:25 -------- d-----w- c:\program files\AVG
2011-07-05 03:13 . 2011-07-07 01:47 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-07-05 02:58 . 2011-07-05 02:58 -------- d-----w- c:\windows\system32\wbem\Repository
2011-07-01 05:07 . 2011-07-01 05:07 -------- d-----w- c:\program files\Common Files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-06 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-09 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 16010240]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 77312]
"DISCover"="c:\program files\DISC\DISCover.exe" [2006-03-16 1077248]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdMgr.exe" [2006-03-16 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-12-15 49152]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-05-14 180269]
"HostManager"="c:\program files\Common Files\AOL\1159822766\ee\AOLSoftware.exe" [2006-09-26 50736]
"Pure Networks Port Magic"="c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-04-05 99480]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2005-03-08 176128]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2010-07-27 1573888]
"ISW.exe"="c:\program files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 2061816]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 90112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-5-14 36903]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-5-14 27136]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1159822766\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\America Online 9.0a\\waol.exe"=
"c:\\Program Files\\ATT-HSI\\McciBrowser.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/14/2010 10:40 PM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/14/2010 10:40 PM 135664]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
Trusted Zone: 0.0.0.0
Trusted Zone: motive.com\patttbc.att
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-07-06 21:38
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(636)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3488)
c:\windows\system32\WININET.dll
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\arservice.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\ehome\mcrdsvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\ARPWRMSG.EXE
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\eHome\ehmsas.exe
c:\program files\DISC\DiscStreamHub.exe
c:\program files\common files\aol\1159822766\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\iTunes\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\hp\KBD\KBD.EXE
.
**************************************************************************
.
Completion time: 2011-07-06 21:51:53 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-07 02:51
.
Pre-Run: 207,318,106,112 bytes free
Post-Run: 207,277,694,976 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - AB1E62AB73D2CDDFCA1E6B23C82B6C2C

dlg2114

Newbie Surfer
Newbie Surfer

Posts : 32
Joined : 2009-06-04
Operating System : XP

View user profile

Back to top Go down

Re: I had a virus but did a system restore and now...

Post by Superdave on Fri 08 Jul 2011, 6:16 am

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
*****************************************************
Re-running ComboFix to remove infections:


  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:

    KillAll::

    Firefox::
    Trusted Zone: 0.0.0.0
    Trusted Zone: motive.com\patttbc.att

  • Save this as CFScript.txt, in the same location as ComboFix.exe



  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • I don't need to see the log from this script.

*******************************************************
* Download the following tool: RootRepeal - Rootkit Detector
* Direct download link is here: RootRepeal.zip

* Close all programs and temporarily disable your anti-virus, Firewall and any anti-malware real-time protection before performing a scan.
* Click this link to see a list of such programs and how to disable them.

* Extract the program file to a new folder such as C:\RootRepeal
* Run the program RootRepeal.exe and go to the REPORT tab and click on the Scan button.
* Select ALL of the checkboxes and then click OK and it will start scanning your system.
* If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
* When done, click on Save Report
* Save it to the same location where you ran it from, such as C:RootRepeal
* Save it as rootrepeal.txt
* Then open that log and select all and copy/paste it back on your next reply please.
* Close RootRepeal.

Superdave
Tech Staff


Tech Staff

Posts : 4192
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: I had a virus but did a system restore and now...

Post by dlg2114 on Fri 08 Jul 2011, 7:08 am

Results of screen317's Security Check version 0.99.17
Windows XP Service Pack 2
Out of date service pack!!
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Adobe Flash Player
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````

dlg2114

Newbie Surfer
Newbie Surfer

Posts : 32
Joined : 2009-06-04
Operating System : XP

View user profile

Back to top Go down

Re: I had a virus but did a system restore and now...

Post by dlg2114 on Fri 08 Jul 2011, 8:10 am

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2011/07/07 15:56
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP2
==================================================

Drivers
-------------------
Name: catchme.sys
Image Path: C:\ComboFix\catchme.sys
Address: 0xF7836000 Size: 31744 File Visible: No Signed: -
Status: -

Name: Combo-Fix.sys
Image Path: Combo-Fix.sys
Address: 0xF75C6000 Size: 60416 File Visible: No Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF1CDD000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7A7A000 Size: 8192 File Visible: No Signed: -
Status: -

Name: PROCEXP113.SYS
Image Path: C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
Address: 0xF7AE2000 Size: 7872 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEE9C3000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\program files\updates from hp\9972322\users\default\data\d0000000.fcs
Status: Allocation size mismatch (API: 512, Raw: 0)

==EOF==

dlg2114

Newbie Surfer
Newbie Surfer

Posts : 32
Joined : 2009-06-04
Operating System : XP

View user profile

Back to top Go down

Re: I had a virus but did a system restore and now...

Post by Superdave on Fri 08 Jul 2011, 9:15 am

Looking over your log it seems you don't have any antivirus software.

Before we continue download and install a free antivirus.

Remember to only install one antivirus!

1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
4-a) Microsoft Security Essentials for Windows XP
5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
************************************************
You only SP 2. Please visit the MicroSoft site and download SP3.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Superdave
Tech Staff


Tech Staff

Posts : 4192
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: I had a virus but did a system restore and now...

Post by dlg2114 on Sat 09 Jul 2011, 3:52 am

C:\Program Files\Common Files\AOL\Backup\ACS\Current\Suite\comps\acslang.exe probably a variant of Win32/StartPage.HSZAKFT trojan deleted - quarantined
C:\Program Files\Common Files\AOL\Backup\ACS\Current\US\acslang.exe probably a variant of Win32/StartPage.HSZAKFT trojan deleted - quarantined
C:\Program Files\Common Files\AOL\Backup\ACS\Current\US\acssetup.exe probably a variant of Win32/StartPage.HSZAKFT trojan deleted - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP675\A0104367.exe probably a variant of Win32/StartPage.HSZAKFT trojan deleted - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP675\A0104368.exe probably a variant of Win32/StartPage.HSZAKFT trojan deleted - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP675\A0104370.exe probably a variant of Win32/StartPage.HSZAKFT trojan deleted - quarantined

dlg2114

Newbie Surfer
Newbie Surfer

Posts : 32
Joined : 2009-06-04
Operating System : XP

View user profile

Back to top Go down

Re: I had a virus but did a system restore and now...

Post by Superdave on Sat 09 Jul 2011, 9:13 am

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Superdave
Tech Staff


Tech Staff

Posts : 4192
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: I had a virus but did a system restore and now...

Post by dlg2114 on Sat 09 Jul 2011, 12:57 pm

Results of screen317's Security Check version 0.99.17
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
ESET Online Scanner v3
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Adobe Flash Player
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
``````````End of Log````````````

dlg2114

Newbie Surfer
Newbie Surfer

Posts : 32
Joined : 2009-06-04
Operating System : XP

View user profile

Back to top Go down

Re: I had a virus but did a system restore and now...

Post by Superdave on Sun 10 Jul 2011, 5:35 am

Ok. If there are no other issues, we can do some cleanup.

To uninstall ComboFix


  • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  • In the field, type in ComboFix /uninstall




(Note: Make sure there's a space between the word ComboFix and the forward-slash.)


  • Then, press Enter, or click OK.
  • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

****************************************************
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
****************************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
*****************************************************
Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
*******************************************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Superdave
Tech Staff


Tech Staff

Posts : 4192
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: I had a virus but did a system restore and now...

Post by Sponsored content Today at 2:54 pm


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum