Open Cloud Security virus

View previous topic View next topic Go down

Solved Open Cloud Security virus

Post by pd138 on Tue 27 Sep 2011, 9:38 pm

I have a virus called open cloud security. I've downloaded the anti-malware in safe mode,however, when I try to run it, it starts to scan for about 5-10 seconds and then stops and disappears. This virus also changes my security settings and privacy settings.What to try next?

pd138

Newbie Surfer
Newbie Surfer

Posts : 5
Joined : 2011-09-27
Operating System : xp

View user profile

Back to top Go down

Solved Re: Open Cloud Security virus

Post by DragonMaster Jay on Tue 27 Sep 2011, 9:57 pm

Please visit this webpage for a tutorial on downloading and running ComboFix:

[You must be registered and logged in to see this link.]

See the area: Using ComboFix, and when done, post the log back here.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Solved Re: Open Cloud Security virus

Post by pd138 on Thu 29 Sep 2011, 7:32 pm

Thank you so much!!! I was able to download Combofix and it worked perfectly!! It ran for about 40 minutes to fix everything. So, I ran it a second time and then ran Malwarebytes' Anti-Malware. Thanks again!! What does post the log mean? Is that what was infected? and where would I find the log?

pd138

Newbie Surfer
Newbie Surfer

Posts : 5
Joined : 2011-09-27
Operating System : xp

View user profile

Back to top Go down

Solved Re: Open Cloud Security virus

Post by DragonMaster Jay on Fri 30 Sep 2011, 12:28 am

I need to seea copy of the log to verify the infection. It is located at C:\ComboFix.txt


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Solved Re: Open Cloud Security virus

Post by pd138 on Fri 30 Sep 2011, 2:16 am

ok. Thanks again, I will look there. Sorry, not too computer savy.....I'll try to copy and paste or maybe I can add it as an attachment?.....I was definately infected for a few days and that's the only fix that worked!!! You guys are gold...I will donate at next pay!!

pd138

Newbie Surfer
Newbie Surfer

Posts : 5
Joined : 2011-09-27
Operating System : xp

View user profile

Back to top Go down

Solved Re: Open Cloud Security virus

Post by pd138 on Fri 30 Sep 2011, 8:26 pm

Here it is



ComboFix 11-09-27.01 - Sam 09/27/2011 9:49.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.222 [GMT -4:00]
Running from: c:\documents and settings\Sam\My Documents\Downloads\ComboFix.exe
AV: McAfee VirusScan *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall Plus *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\StartNow Toolbar
c:\program files\StartNow Toolbar\Resources\images\engine_images.png
c:\program files\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files\StartNow Toolbar\Resources\images\engine_news.png
c:\program files\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files\StartNow Toolbar\Resources\images\engine_web.png
c:\program files\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files\StartNow Toolbar\Resources\images\icon_games.png
c:\program files\StartNow Toolbar\Resources\images\icon_msn.png
c:\program files\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files\StartNow Toolbar\Resources\installer.xml
c:\program files\StartNow Toolbar\Resources\protect\index.html
c:\program files\StartNow Toolbar\Resources\protect\NotIE6.css
c:\program files\StartNow Toolbar\Resources\protect\OnlyIE6.css
c:\program files\StartNow Toolbar\Resources\protect\SearchProtectIcon.png
c:\program files\StartNow Toolbar\Resources\protect\window.css
c:\program files\StartNow Toolbar\Resources\protect\window.js
c:\program files\StartNow Toolbar\Resources\reactivate\index.html
c:\program files\StartNow Toolbar\Resources\reactivate\LeftImage.png
c:\program files\StartNow Toolbar\Resources\reactivate\NotIE6.css
c:\program files\StartNow Toolbar\Resources\reactivate\OnlyIE6.css
c:\program files\StartNow Toolbar\Resources\reactivate\window.css
c:\program files\StartNow Toolbar\Resources\reactivate\window.js
c:\program files\StartNow Toolbar\Resources\skin\chevron_button.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_background.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_left.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
c:\program files\StartNow Toolbar\Resources\skin\separator.png
c:\program files\StartNow Toolbar\Resources\skin\splitter.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
c:\program files\StartNow Toolbar\Resources\toolbar.xml
c:\program files\StartNow Toolbar\Resources\update.xml
c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
c:\program files\StartNow Toolbar\ToOLbar32.dll
c:\program files\StartNow Toolbar\ToolbarUpdaterService.exe
c:\program files\StartNow Toolbar\uninstall.dat
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_Updater_Service_for_StartNow_Toolbar
-------\Legacy_Updater_Service_for_StartNow_Toolbar
-------\Service_Updater Service for StartNow Toolbar
-------\Service_Updater Service for StartNow Toolbar
.
.
((((((((((((((((((((((((( Files Created from 2011-08-27 to 2011-09-27 )))))))))))))))))))))))))))))))
.
.
2011-09-27 12:59 . 2008-04-13 19:21 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-09-27 12:59 . 2008-04-13 19:21 162816 ----a-w- c:\windows\system32\dllcache\netbt.sys
2011-09-27 12:02 . 2011-09-27 12:02 -------- d-----w- c:\windows\system32\wbem\Repository
2011-09-26 23:47 . 2011-09-26 23:47 9310 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(4)\TEXTBOX.JS
2011-09-26 21:33 . 2011-09-26 21:33 -------- d-----w- c:\documents and settings\Sam\Application Data\P0ycS1ivDoGaHsK
2011-09-26 21:02 . 2011-09-26 21:02 -------- d-----w- c:\documents and settings\Sam\Application Data\D7fEL8gTZjCkVNx
2011-09-26 18:44 . 2011-09-27 11:58 -------- d-s---w- c:\documents and settings\Administrator.FAMILYROOM.000
2011-09-05 17:04 . 2011-06-06 16:55 183696 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-03 10:17 . 2004-08-10 18:50 599040 ----a-w- c:\windows\system32\crypt32(3).dll
2011-07-15 13:29 . 2005-12-15 06:06 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2004-08-10 18:51 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 23:52 . 2010-07-11 11:27 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
.
.
((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-09-27 14:05 . 2011-09-27 14:05 16384 c:\windows\Temp\Perflib_Perfdata_560.dat
+ 2004-08-10 18:51 . 2008-04-14 00:12 367220 c:\windows\system32\dotipdrv32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-09 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\McUpdate.exe" [2005-08-26 212992]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\McAgent.exe" [2005-07-02 303104]
"MSKAGENTEXE"="c:\progra~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-07-13 110592]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-24 202256]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"ArcSoft MediaImpression Monitor"="c:\program files\Kodak\MediaImpression\ArcMonitor.exe" [2010-07-20 80384]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"MPFEXE"="c:\program files\McAfee.com\Personal Firewall\MPFTray.exe" [2005-08-18 999424]
"StartNowToolbarHelper"="c:\program files\StartNow Toolbar\ToolbarHelper.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"Macilai"= {924F4DA2-3D4D-4BDF-A0A9-1CD87D410811} - c:\windows\system32\botekcat.dll [2004-08-04 901120]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Sam^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\Sam\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-09-22 04:28 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bing Bar]
2010-03-24 20:26 243544 ----a-w- c:\program files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU]
2005-12-15 06:11 61440 -c--a-w- c:\dell\bldbubg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2005-08-31 17:06 106496 -c--a-w- c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2005-05-15 08:04 332800 -c--a-w- c:\program files\Dell Support\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2004-12-06 07:05 127035 -c--a-w- c:\windows\system32\dla\tfswctrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-04-06 01:19 77824 -c--a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2004-09-13 19:49 49152 -c--a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-04-06 01:22 94208 -c--a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-09-11 08:40 218032 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-09-11 08:40 86960 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 22:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
2005-07-02 01:22 303104 ----a-w- c:\progra~1\McAfee.com\Agent\mcagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
2005-08-26 20:26 212992 ----a-w- c:\progra~1\McAfee.com\Agent\mcupdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2009-11-11 21:43 288088 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
2005-09-09 01:20 8192 -c--a-w- c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2005-09-09 01:20 110592 -c--a-w- c:\progra~1\MUSICM~1\MUSICM~3\mm_tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
2005-08-18 23:52 999424 ----a-w- c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
2005-07-13 00:06 110592 ----a-w- c:\progra~1\McAfee\SPAMKI~1\MSKAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
2005-07-13 01:05 1117184 ----a-w- c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
2005-08-12 04:02 53248 ----a-w- c:\program files\McAfee.com\VSO\oasclnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2005-04-06 01:23 114688 -c--a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QBReminderFlash]
2004-11-11 16:26 26112 -c--a-w- c:\program files\Intuit\QuickBooks 2005\Atom\QBReminder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2010-08-24 12:11 488968 ----a-w- c:\program files\real\realplayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
2002-02-05 02:32 53248 -c----w- c:\program files\REGSHAVE\REGSHAVE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-15 01:42 1404928 -c--a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 15:43 248040 -c--a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-10-09 01:04 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-08-24 12:11 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
2005-08-10 18:49 163840 ----a-w- c:\progra~1\McAfee.com\VSO\mcvsshld.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
2005-07-09 00:18 151552 ----a-w- c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
.
R3 ArcCD;ArcCD Filter Driver Service;c:\windows\system32\drivers\ArcCD.sys [12/26/2010 5:01 PM 36224]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/8/2010 9:04 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/8/2010 9:04 PM 136176]
S4 ArcUdfs;ArcUdfs FileSystem Driver Service;c:\windows\system32\drivers\ArcUdfs.sys [12/26/2010 5:01 PM 134912]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - ArcRec
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
.
2011-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-09 01:04]
.
2011-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-09 01:04]
.
2011-05-20 c:\windows\Tasks\McAfee.com Scan for Viruses - My Computer (FAMILYROOM-Sam).job
- c:\program files\mcafee.com\vso\mcmnhdlr.exe [2005-12-15 00:18]
.
2011-09-27 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2241548719-1204121849-2049625453-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]
.
2011-09-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2241548719-1204121849-2049625453-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = [You must be registered and logged in to see this link.]
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: bing.com
Trusted Zone: doccentral.com
Trusted Zone: fnismls.com
Trusted Zone: getmedianow.com
Trusted Zone: live.com
Trusted Zone: rdesk.com
Trusted Zone: rexplorer.net
Trusted Zone: safemls.net
Trusted Zone: showingtime.com
Trusted Zone: sitexdata.com
Trusted Zone: spellchecker.net
Trusted Zone: transactionpoint.com
Trusted Zone: trpoint.com
Trusted Zone: xmlsweb.com
Trusted Zone: musicmatch.com\online
TCP: DhcpNameServer = 68.87.64.150 68.87.75.198
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-09-27 10:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
MPFEXE = "c:\program files\McAfee.com\Personal Firewall\MPFTray.exe"????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1776)
c:\windows\system32\WININET.dll
c:\progra~1\McAfee\SPAMKI~1\mskoeplg.dll
c:\progra~1\mcafee.com\vso\McVSSkt.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\botekcat.dll
c:\windows\system32\jobopcer.dll
c:\windows\system32\logerreg\dxadzap\seruhsrv.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\progra~1\mcafee.com\vso\mcshield.exe
c:\progra~1\mcafee.com\vso\OasClnt.exe
c:\progra~1\mcafee.com\agent\mctskshd.exe
c:\progra~1\McAfee.com\PERSON~1\MpfService.exe
c:\progra~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-09-27 10:14:13 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-27 14:14
ComboFix2.txt 2011-09-27 13:31
.
Pre-Run: 9,337,978,880 bytes free
Post-Run: 9,329,520,640 bytes free
.
- - End Of File - - 5C4562DD05C7CB0549124419A6D178DD

pd138

Newbie Surfer
Newbie Surfer

Posts : 5
Joined : 2011-09-27
Operating System : xp

View user profile

Back to top Go down

Solved Re: Open Cloud Security virus

Post by DragonMaster Jay on Sat 01 Oct 2011, 11:00 am

Please run the BitDefender QuickScan Beta, and once done, press the View Report link. Post that log in your next reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Solved Re: Open Cloud Security virus

Post by pd138 on Sat 01 Oct 2011, 9:03 pm

Here it is. Scan said I'm not infected.



QuickScan Beta 32-bit v0.9.9.99
-------------------------------
Scan date: Sat Oct 01 05:59:13 2011
Machine ID: F4241EC8



No infection found.
-------------------



Processes
---------
ArcMonitor 1684 C:\Program Files\Kodak\MediaImpression\ArcMonitor.exe
ArcSoft Connect 464 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
Bonjour 508 C:\Program Files\Bonjour\mDNSResponder.exe
HP PML 1004 C:\WINDOWS\system32\HPZipm12.exe
iTunes 2392 C:\Program Files\iPod\bin\iPodService.exe
iTunes 1656 C:\Program Files\iTunes\iTunesHelper.exe
Microsoft Search Client Server 2188 C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
Microsoft Search Enhancement Pack 1336 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
Microsoft® Windows Live ID 1780 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
Microsoft® Windows Live ID 2272 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
Microsoft® Windows® Operating System 1520 C:\WINDOWS\system32\spoolsv.exe
MobileDeviceService 476 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
RealPlayer (32-bit) 1636 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
(verified) GoogleToolbarNotifier 1832 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(verified) Java(TM) Platform SE 6 U20 800 C:\Program Files\Java\jre6\bin\jqs.exe
(verified) Microsoft® Windows® Operating System 1464 C:\WINDOWS\explorer.exe
(verified) Microsoft® Windows® Operating System 2772 C:\WINDOWS\system32\alg.exe
(verified) Microsoft® Windows® Operating System 600 C:\WINDOWS\system32\csrss.exe
(verified) Microsoft® Windows® Operating System 1880 C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System 680 C:\WINDOWS\system32\lsass.exe
(verified) Microsoft® Windows® Operating System 668 C:\WINDOWS\system32\services.exe
(verified) Microsoft® Windows® Operating System 552 C:\WINDOWS\system32\smss.exe
(verified) Microsoft® Windows® Operating System 1076 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1120 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 3356 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 2004 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 420 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 848 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 928 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1020 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 188 C:\WINDOWS\system32\wdfmgr.exe
(verified) Microsoft® Windows® Operating System 624 C:\WINDOWS\system32\winlogon.exe
(verified) Windows® Internet Explorer 2732 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 2368 C:\Program Files\Internet Explorer\iexplore.exe


Network activity
----------------
Process iexplore.exe (2732) connected on port 80 (HTTP) --> 69.63.190.14
Process iexplore.exe (2732) connected on port 80 (HTTP) --> 96.6.46.33
Process iexplore.exe (2732) connected on port 443 (HTTP over SSL) --> 72.14.204.95
Process iexplore.exe (2732) connected on port 80 (HTTP) --> 199.7.48.190
Process iexplore.exe (2732) connected on port 80 (HTTP) --> 96.6.46.42
Process iexplore.exe (2732) connected on port 80 (HTTP) --> 74.125.226.128

Process svchost.exe (928) listens on ports: 135 (RPC)
Process svchost.exe (1120) listens on ports: 2869 (SSDP event notification, UPNP)


Autoruns and critical files
---------------------------
Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Apple Software Update C:\Program Files\Apple Software Update\SoftwareUpdate.exe
ArcMonitor C:\Program Files\Kodak\MediaImpression\ArcMonitor.exe
ArcSoft Connect C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
botekcat.dll C:\WINDOWS\system32\botekcat.dll
Intel(R) Common User Interface C:\WINDOWS\system32\igfxdev.dll
iTunes C:\Program Files\iTunes\iTunesHelper.exe
McAfee SpamKiller C:\Program Files\McAfee\SpamKiller\MSKDetct.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\ssflwbox.scr
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll
MobileMe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
QuickTime C:\Program Files\QuickTime\qttask.exe
RealPlayer (32-bit) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
RealUpgrade C:\Program Files\Real\RealUpgrade\realupgrade.exe
(verified) Google Update C:\Program Files\Google\Update\GoogleUpdate.exe
(verified) GoogleToolbarNotifier C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
(verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll


Browser plugins
---------------
AcroIEHelperShim Library C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
Adobe Acrobat C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
Bing Bar c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll
BitDefender QuickScan C:\WINDOWS\Downloaded Program Files\qsax.dll
Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
Diagnostic Collection ActiveX control C:\WINDOWS\Downloaded Program Files\DiagCollectionControl.dll
Drive Letter Access Component c:\windows\system32\dla\tfswshx.dll
Google Earth Plugin C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
Google Toolbar for Internet Explorer c:\program files\google\google toolbar\googletoolbar_32.dll
Google Update C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
GoogleToolbarNotifier C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
Messenger C:\Program Files\Messenger\msmsgs.exe
MetaStream 3 Plugin C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
Microsoft Search Enhancement Pack C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
Microsoft® Windows Live ID C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll
npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
NPWebSLLauncher.dll C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
Panda3D Game Engine Plug-in 1.0.2 C:\WINDOWS\Downloaded Program Files\p3dactivex.ocx
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
RealJukebox NS Plugin c:\program files\real\realplayer\Netscape6\nprjplug.dll
RealPlayer Version Plugin c:\program files\real\realplayer\Netscape6\nprpjplug.dll
RealPlayer(tm) G2 LiveConnect-Enabled P c:\program files\real\realplayer\Netscape6\nppl3260.dll
RealPlayer(tm) HTML5VideoShim Plug-In ( C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
Shockwave for Director C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
Silverlight Plug-In c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll
Software Manager C:\WINDOWS\Downloaded Program Files\isusweb.dll
Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll
(verified) InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.dll
(verified) InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.exe
(verified) Java(TM) Platform SE 6 U20 C:\Program Files\Java\jre6\bin\jp2ssv.dll
(verified) Java(TM) Platform SE 6 U20 C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe


Missing files
-------------
File not found: C:\Program Files\StartNow Toolbar\ToolbarHelper.exe
--> HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"StartNowToolbarHelper"


Scan
----
MD5: 33e87713c7fe08c5f861e2819ed33a0e C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
MD5: 198bed114015c2671c88fdc32cdcb21d C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
MD5: 5f2917842d9fbb4cb11f76b0c00a1f5b C:\Program Files\Bonjour\mdnsNSP.dll
MD5: 673cf4f6bb1fbe09331b526802fbb892 C:\Program Files\Bonjour\mDNSResponder.exe
MD5: 6397ea2e883422f04527da68a6941f26 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
MD5: 8c4ac22616e77925135c221c46dc6307 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
MD5: 0cf54607b862bf6cdc7eb21be189be84 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
MD5: 47c1de0a890613ffcff1d67648eedf90 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MD5: dddd1d04d5f4360371bc99c7c476f70d C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
MD5: 56ff2d47d9f0e776431b40e4f76a4a68 C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.DLL
MD5: cef20cb83b36ec2dbb99d38dc80fc826 C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll
MD5: f64a630c746dcefb640fe724f911d317 C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll
MD5: 0eee814627f4384291687671f76419f6 C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll
MD5: 10a3be228f8c14be1e4fd716336e4889 C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll
MD5: 85d2a186afd93a318935791421efc605 C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MD5: 018857ead9a077a56aedfc0e5ef7a24a C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
MD5: bc485253d079f28ba398294465d13a21 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll
MD5: 66e027a0e2218523be046aa8d337db6b C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MD5: c5e65449110e63b051b36529b5e3eb77 C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll
MD5: a7810b302294793de88542aae177d1b1 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MD5: 5eb87ba0b93ca7e894fc8002e3ce4c2a C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
MD5: 60365d4c8743a4065b1c1b493bc29171 C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
MD5: 0f445b821549f9ff471bba56c69953d4 C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
MD5: c097df5cd7dcb95e0d95644a993ac7ec c:\program files\google\google toolbar\googletoolbar_32.dll
MD5: 872e0242259f0cdda05354dd1a5f3b89 C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\gtn.dll
MD5: a953e104137df406b70477d60bc29008 C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
MD5: 0d54bde041a1b094adb33648dce3fcfa C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
MD5: 02d0798f376fcbd0210eda58476d0b1b C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
MD5: 0a5f85374bd329c9ab20773b6a5ad367 C:\Program Files\Internet Explorer\ieproxy.dll
MD5: 198bed114015c2671c88fdc32cdcb21d C:\Program Files\Internet Explorer\plugins\nppdf32.dll
MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
MD5: 5ed9883ce71dad612db181e3dc6a1c66 C:\Program Files\internet explorer\xpshims.dll
MD5: 6e27978a4755f4789f912f5f49392f7c C:\Program Files\iPod\bin\iPodService.exe
MD5: 34f8523bfd9e89a31bb3d706439ffd07 C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.DLL
MD5: 977175a4ccc51185948def807fdf1974 C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL
MD5: 311f091bea2edf280be3ccc1352d45d3 C:\Program Files\iTunes\iTunesHelper.dll
MD5: e5b82ea4b98828d50c61137bfa8793f1 C:\Program Files\iTunes\iTunesHelper.exe
MD5: 319cdb50d8fe0204779264e35e0743a0 C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL
MD5: a9959df6551ef50b41073e1926c02796 C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL
MD5: 2658ce01d183bc62e7c46a1c9969632e C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
MD5: 6193d374835b57a2fff9feb0c2c42051 C:\Program Files\Kodak\MediaImpression\ArcMonitor.exe
MD5: a1d4f80f18d81e444d55d10bb3ada8f6 C:\Program Files\Kodak\MediaImpression\MagPCMac.dll
MD5: 59a6413fb2cc89fd8651b1d2962fb8b9 C:\Program Files\Kodak\MediaImpression\MSVCP60.dll
MD5: 5685f06fde6374256365af36f1984973 C:\Program Files\Kodak\MediaImpression\RctXMLBase.dll
MD5: 99e720dd6abccdc2c9af3b3ffff30653 C:\Program Files\Kodak\MediaImpression\USBStorageManager.dll
MD5: 60eac5ebbf0849010cb6941d44e39ab6 C:\Program Files\McAfee\SpamKiller\MSKDetct.exe
MD5: 3e930c641079443d4de036167a69caa2 C:\Program Files\Messenger\msmsgs.exe
MD5: 57ac9224296df9cb7acd5921d52c35d2 C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
MD5: f9ad22fb847a5a8b81dcfe974d3b1330 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll
MD5: 3e0cff5f0a9d23e327703d72cea5253f C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
MD5: 0c2861b22beaa4c71ebb16fe6d6549e5 C:\Program Files\Microsoft\Search Enhancement Pack\Search Box Extension\srchbxex.dll
MD5: 00fb480af6b1db5e05fcddd43b4043c8 C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
MD5: bbc210f8ef8d62edf2fa86fcdaaa3820 c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll
MD5: 9ae7c68f4a178ad6064cb40f3c5df4a5 C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
MD5: abb8bf63a793369ad7572e1ff00b2935 C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\stlport_vc7145.dll
MD5: afdae59fe562a7cdb44f9d4abedac316 C:\Program Files\QuickTime\QTSystem\QTCF.dll
MD5: 1d856e6e7490447fcfaa46e09a2bf9c9 C:\Program Files\QuickTime\QTSystem\QuickTime.qts
MD5: 0aee5668eb59912f32ff245bfa72465f C:\Program Files\QuickTime\qttask.exe
MD5: ae6e41e603ec3bec8afa2c7fec7f6a62 c:\program files\real\realplayer\Netscape6\nprjplug.dll
MD5: bf7fddf686d4d8f5ca9409222309632f c:\program files\real\realplayer\Netscape6\nprpjplug.dll
MD5: bcdff548f7d31a2bcf1cf98da7eb5445 C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
MD5: 310c15fd8358b2c4cd7a5b98a112883f C:\WINDOWS\AppPatch\AcGenral.DLL
MD5: ef061f50a12f6cbb4b9a37792c850bb0 C:\WINDOWS\Downloaded Program Files\DiagCollectionControl.dll
MD5: 713b6d8a41f8fb39cf12332ea8e17133 C:\WINDOWS\Downloaded Program Files\p3dactivex.ocx
MD5: 823451876778f382b23afe20ef2ddc20 C:\WINDOWS\Downloaded Program Files\qsax.dll
MD5: ab87eeffd18f2baafc274e7075ea6c67 c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
MD5: 5cb2c74f632f47f39071ad7487b0f825 C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
MD5: fda118351bf48147f9e1f0cb6d87a109 C:\WINDOWS\system32\botekcat.dll
MD5: 93afb83fbc1f9443cac722fca63d73bf C:\WINDOWS\system32\comctl32.dll
MD5: ed0c0df222209e43ad9afbf3fe87dde0 C:\WINDOWS\system32\comsvcs.dll
MD5: 8fcf03e4d7be9b5587ccf11719959006 C:\WINDOWS\system32\corpol.dll
MD5: be369da2dda97258303abf1b36b40fa4 C:\WINDOWS\system32\CRYPT32.dll
MD5: c14350fc0d47d806699c4f907fc6785b C:\WINDOWS\system32\cryptnet.dll
MD5: 515a7fae2070c2b0242b2353443e2f11 C:\WINDOWS\system32\cscdll.dll
MD5: 2a9e427681169f02274ad8c17d52fa2d C:\WINDOWS\system32\CSRSRV.dll
MD5: 56adb11f7d4d0816c0be1e701c1b5e52 C:\WINDOWS\system32\D3DIM700.DLL
MD5: e2092f0a1d7abc243f9c2362483d150d C:\WINDOWS\System32\dimsntfy.dll
MD5: 30698355067d07da5f9eb81132c9fdd6 C:\WINDOWS\system32\dla\tfsnboio.sys
MD5: fb9d825bb4a2abdf24600f7505050e2b C:\WINDOWS\system32\dla\tfsncofs.sys
MD5: cafd8cca11aa1e8b6d2ea1ba8f70ec33 C:\WINDOWS\system32\dla\tfsndrct.sys
MD5: 8db1e78fbf7c426d8ec3d8f1a33d6485 C:\WINDOWS\system32\dla\tfsndres.sys
MD5: b92f67a71cc8176f331b8aa8d9f555ad C:\WINDOWS\system32\dla\tfsnifs.sys
MD5: 85985faa9a71e2358fcc2edefc2a3c5c C:\WINDOWS\system32\dla\tfsnopio.sys
MD5: bba22094f0f7c210567efdaf11f64495 C:\WINDOWS\system32\dla\tfsnpool.sys
MD5: 81340bef80b9811e98ce64611e67e3ff C:\WINDOWS\system32\dla\tfsnudf.sys
MD5: c035fd116224ccc8325f384776b6a8bb C:\WINDOWS\system32\dla\tfsnudfa.sys
MD5: 37943b990d318145d1efcbeef8f9566a c:\windows\system32\dla\tfswshx.dll
MD5: 389496118b3b03c2328024af320132ac C:\WINDOWS\system32\DNSAPI.dll
MD5: 5f7e24fa9eab896051ffb87f840730d2 c:\windows\system32\dnsrslvr.dll
MD5: fe3ea6e9afc1a78e6edca121e006afb7 C:\WINDOWS\system32\drivers\Afc.sys
MD5: 355556d9e580915118cd7ef736653a89 C:\WINDOWS\System32\drivers\afd.sys
MD5: e814854e6b246ccf498874839ab64d77 C:\WINDOWS\system32\drivers\drvmcdb.sys
MD5: ee83a4ebae70bc93cf14879d062f548b C:\WINDOWS\system32\drivers\drvnddm.sys
MD5: 7d91dc6342248369f94d6eba0cf42e99 C:\WINDOWS\system32\DRIVERS\e100b325.sys
MD5: 9f1d80908658eb7f1bf70809e0b51470 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
MD5: f7e3e9d50f9cd3de28085a8fdaa0a1c3 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
MD5: cf1b7951b4ec8d13f3c93b74bb2b461b C:\WINDOWS\system32\DRIVERS\HPZius12.sys
MD5: 0294a30b302ca71a2c26e582dda93486 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
MD5: 7d304a5eb4344ebeeab53a2fe3ffb9f0 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
MD5: 0109c4f3850dfbab279542515386ae22 C:\WINDOWS\system32\DRIVERS\ndistapi.sys
MD5: f17713d108aca124a139fde877eef68a C:\WINDOWS\System32\Drivers\RimUsb.sys
MD5: 0066ff77aeb4ae70066f7e94d5a6d866 C:\WINDOWS\system32\drivers\smwdm.sys
MD5: 47ddfc2f003f7f9f0592c6874962a2e7 C:\WINDOWS\system32\DRIVERS\srv.sys
MD5: d7968049be0adbb6a57cee3960320911 C:\WINDOWS\system32\drivers\sscdbhk5.sys
MD5: c3ffd65abfb6441e7606cf74f1155273 C:\WINDOWS\system32\drivers\ssrtln.sys
MD5: 5c2bdc152bbab34f36473deaf7713f22 C:\WINDOWS\System32\Drivers\usbaapl.sys
MD5: f5b754cdea20bbb3a31e16a776ede6d6 c:\windows\system32\ESENT.dll
MD5: 9d84376931440f3679beef2a414fa493 C:\WINDOWS\system32\HPZipm12.exe
MD5: 52417880ac75ac4b7f4e5c3b54ca6621 C:\WINDOWS\system32\hpzlnt12.dll
MD5: be835135871c04f58e7911934628b58f C:\WINDOWS\system32\ieframe.dll
MD5: d34470187f8555517da68ad46029e0cd C:\WINDOWS\system32\iepeers.dll
MD5: 58edb392d880e8546832643ac46543dc C:\WINDOWS\system32\iertutil.dll
MD5: a56583f05ddde0b425acbf5be60fbacc C:\WINDOWS\system32\igfxdev.dll
MD5: 8462b68723dbfdc97f46f329bff61961 C:\WINDOWS\system32\jobopcer.dll
MD5: 0689622e6484934eb6e5f4d3a96311f9 C:\WINDOWS\system32\jscript.dll
MD5: a525c96c51d55111fdf3bea9ffffc7ae C:\WINDOWS\system32\kerberos.dll
MD5: b7deca6122713dae12f4f7bf8f975efa C:\WINDOWS\system32\logerreg\dxadzap\seruhsrv.dll
MD5: bd31dc6dbe9333c4fbd4bdf0899f2160 C:\WINDOWS\system32\LSASRV.dll
MD5: 67c04ffc699b37e1b15d702d723348bb C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx
MD5: ed3e13082e85cd56f606f40cbbbf6a59 C:\WINDOWS\system32\msfeeds.dll
MD5: 23b3c8e9f3f280180573569253ce98ab C:\WINDOWS\system32\mshtml.dll
MD5: d3f72d50de53f9f1f55240115af4d42e c:\windows\system32\msi.dll
MD5: 140ef97b64f560fd78643cae2cdad838 C:\WINDOWS\system32\MsPMSNSv.dll
MD5: 943337d786a56729263071623bbb9de5 C:\WINDOWS\system32\mswsock.dll
MD5: 062f837c1fbdb6a0a75f82efc2ee8e74 C:\WINDOWS\System32\netshell.dll
MD5: f8f0d25ca553e39dde485d8fc7fcce89 C:\WINDOWS\system32\ntdll.dll
MD5: 40b0f98bad16ad5def894e88c3ef8014 C:\WINDOWS\system32\ODBC32.dll
MD5: 7a6a7900b5e322763430ba6fd9a31224 C:\WINDOWS\system32\ole32.dll
MD5: 1b2be5777f69a71778f52ffee1c798d6 C:\WINDOWS\system32\OLEAUT32.dll
MD5: d4502f124289a31976130cccb014c9aa C:\WINDOWS\system32\RPCRT4.dll
MD5: abeedd547e939ad827b2e29dec754206 C:\WINDOWS\system32\schannel.dll
MD5: 26cb10fa893f940ab09713ff46dcdade C:\WINDOWS\system32\SHDOCVW.dll
MD5: e86423aa9aa8c382af02b94a058dc2aa C:\WINDOWS\system32\SHELL32.dll
MD5: 99bc0b50f511924348be19c7c7313bbf C:\WINDOWS\system32\SHSVCS.dll
MD5: 60784f891563fb1b767f70117fc2428f C:\WINDOWS\system32\spoolsv.exe
MD5: 3a7c3cbe5d96b8ae96ce81f0b22fb527 c:\windows\system32\srvsvc.dll
MD5: e27992b5be536ede2d50a253a880c852 C:\WINDOWS\system32\ssflwbox.scr
MD5: 3caeae7608f1bd7ba873a3b02895b106 C:\WINDOWS\system32\sti.dll
MD5: 58d950b59dd4a69a40f928a40ed1a667 C:\WINDOWS\system32\urlmon.dll
MD5: a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\system32\userinit.exe
MD5: 9e03dc5ab51cfd0190541ce2038d819d C:\WINDOWS\system32\USP10.dll
MD5: 31cf51dcda1424b813cc97b20f71b431 C:\WINDOWS\system32\vbscript.dll
MD5: af4eddc6c0446fce5681b5ded52b8f0e C:\WINDOWS\system32\WININET.dll
MD5: d72b9ec3337b247a666f098f3d6b43de C:\WINDOWS\System32\winrnr.dll
MD5: 95cf3446911a6e25ee4086df8a45b2aa C:\WINDOWS\system32\winsrv.dll
MD5: 2cc34e8bb667eef78899546e12649196 C:\WINDOWS\system32\WlNotify.dll
MD5: bea4aee74fef171eb61de1bad8faf427 C:\WINDOWS\system32\xmllite.dll
MD5: 16403217ab6fc5c30c14c6b12098ad4b C:\WINDOWS\system32\xpsp2res.dll
MD5: 736b12b725aeb2b07f0241a9f680cb10 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MD5: 33d9b7bb7ba323bafe489df033dac824 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\gdiplus.dll

The following file(s) must be uploaded for server-side scanning:
C:\WINDOWS\system32\botekcat.dll
C:\WINDOWS\system32\logerreg\dxadzap\seruhsrv.dll

Upload started - 2 file(s)
seruhsrv.dll (397312)
botekcat.dll (901120)
Upload speed - 63 KB/s
Upload finished - 2 uploaded, 0 failed

The uploaded file(s) were found clean.

Scan finished - communication took 20 sec
Total traffic - 1.25 MB sent, 0.67 KB recvd
Scanned 610 files and modules - 78 seconds

==============================================================================


pd138

Newbie Surfer
Newbie Surfer

Posts : 5
Joined : 2011-09-27
Operating System : xp

View user profile

Back to top Go down

Solved Re: Open Cloud Security virus

Post by DragonMaster Jay on Sun 02 Oct 2011, 1:41 am

Okay... CLEAN!


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Solved Re: Open Cloud Security virus

Post by Sponsored content Today at 4:28 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum