Open Cloud Security Virus

View previous topic View next topic Go down

Open Cloud Security Virus

Post by jastriker on Mon 03 Oct 2011, 10:24 am

My PC has been infected with the Open Cloud Virus. I was able to run ComboFix in Safe Mode. Below is the log. Thank you in advance for any help provided!


ComboFix 11-10-02.03 - Administrator 10/02/2011 18:53:22.4.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.565 [GMT -4:00]
Running from: E:\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Amelia\g2mdlhlpx.exe
c:\windows\$NtUninstallKB6837$\1173101828
E:\autorun.inf
E:\setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-09-02 to 2011-10-02 )))))))))))))))))))))))))))))))
.
.
2011-10-02 22:49 . 2011-10-02 22:49 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2702C925-722D-4F8C-B72F-22D13ABDF59E}\offreg.dll
2011-09-30 14:56 . 2011-09-30 14:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-09-30 14:41 . 2010-07-16 18:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-09-30 14:41 . 2010-07-16 18:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-09-30 14:41 . 2011-01-17 13:10 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-09-30 14:41 . 2010-12-10 20:57 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-09-30 14:41 . 2010-12-10 17:24 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-09-30 14:41 . 2010-12-16 12:46 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-09-30 14:41 . 2011-09-30 15:01 -------- d-----w- c:\program files\PC Tools Security
2011-09-30 14:41 . 2011-09-30 14:41 -------- d-----w- c:\program files\Common Files\PC Tools
2011-09-30 14:41 . 2011-09-30 14:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\PC Tools
2011-09-30 14:39 . 2011-09-30 14:41 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-09-30 14:29 . 2011-09-30 14:29 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-09-30 14:28 . 2011-09-30 14:28 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-09-30 14:18 . 2011-09-30 14:25 -------- d-----w- C:\af0a89235c969ea3c576fdb2ff4e09e6
2011-09-30 14:00 . 2008-04-13 17:31 36352 ----a-w- c:\windows\system32\dllcache\intelppm.sys
2011-09-30 13:57 . 2011-09-30 13:57 2413568 ----a-w- c:\windows\system32\UjUUVtzP0ycDon4.exe
2011-09-30 13:38 . 2011-09-12 23:14 7269712 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2702C925-722D-4F8C-B72F-22D13ABDF59E}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-12 23:14 . 2010-01-19 22:04 7269712 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-09 09:12 . 2004-08-04 11:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-07-15 13:29 . 2008-11-30 15:08 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-13 03:39 . 2011-08-02 06:01 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-08 14:02 . 2008-11-30 15:08 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 17:14 . 2011-07-06 17:14 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-05 22:37 . 2011-07-05 22:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 22:37 . 2011-07-05 22:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
.
((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-30 02:52 . 2011-09-30 21:40 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2007-11-30 02:52 . 2011-09-29 03:02 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2007-11-30 02:51 . 2011-09-29 03:02 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2007-11-30 02:51 . 2011-09-30 21:40 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2007-11-30 02:51 . 2011-09-29 03:02 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2007-11-30 02:51 . 2011-09-30 21:40 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
- 2007-11-30 02:51 . 2011-09-29 03:02 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2007-11-30 02:51 . 2011-09-30 21:40 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
- 2007-11-30 02:51 . 2011-09-29 03:02 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2007-11-30 02:51 . 2011-09-30 21:40 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2007-11-30 02:51 . 2011-09-30 21:40 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2007-11-30 02:51 . 2011-09-29 03:02 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2007-11-30 02:51 . 2011-09-29 03:02 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2007-11-30 02:51 . 2011-09-30 21:40 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2011-09-07 01:46 . 2011-09-07 01:46 9006080 c:\windows\Installer\8412ee.msp
+ 2011-08-10 21:42 . 2011-08-10 21:42 7070208 c:\windows\Installer\8412dc.msp
+ 2011-09-07 01:48 . 2011-09-07 01:48 8181248 c:\windows\Installer\8412ca.msp
+ 2007-11-30 02:51 . 2011-09-30 21:40 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
- 2007-11-30 02:51 . 2011-09-29 03:02 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-04-03 23:21 . 2009-04-03 23:21 16037736 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\OART.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-29 03:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2004-09-14 131072]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 53248]
"VSOCheckTask"="c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" [2005-03-02 143360]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992]
"VirusScan Online"="c:\progra~1\mcafee.com\vso\mcvsshld.exe" [2005-03-19 196608]
"Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-06-18 290816]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"PrintDisp"="c:\windows\system32\PrintDisp.exe" [2009-08-21 878080]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"Z1uvS2obF8234A"="c:\windows\system32\UjUUVtzP0ycDon4.exe" [2011-09-30 2413568]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-2-10 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2006-7-27 118784]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-1-14 525664]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\FrostWire 5\\FrostWire.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 PCTCore;PCTools KDS;c:\windows\SYSTEM32\DRIVERS\PCTCore.sys [9/30/2011 10:41 AM 239168]
R0 pctDS;PC Tools Data Store;c:\windows\SYSTEM32\DRIVERS\pctDS.sys [9/30/2011 10:41 AM 338880]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 MpKsl0a5319a0;MpKsl0a5319a0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D4FA03B1-4F8F-46A7-AA24-4DD434BCB970}\MpKsl0a5319a0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D4FA03B1-4F8F-46A7-AA24-4DD434BCB970}\MpKsl0a5319a0.sys [?]
S1 MpKsl190755a4;MpKsl190755a4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E505A2CD-15D2-4FB0-B554-EA8CF0FD9B37}\MpKsl190755a4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E505A2CD-15D2-4FB0-B554-EA8CF0FD9B37}\MpKsl190755a4.sys [?]
S1 MpKsl982d9f52;MpKsl982d9f52;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D8ACEFDB-6A86-4C47-987B-67275993DE7D}\MpKsl982d9f52.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D8ACEFDB-6A86-4C47-987B-67275993DE7D}\MpKsl982d9f52.sys [?]
S1 MpKsle3882cbd;MpKsle3882cbd;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{012CB78A-96D8-44E2-A9DA-8E19ADD5ABC7}\MpKsle3882cbd.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{012CB78A-96D8-44E2-A9DA-8E19ADD5ABC7}\MpKsle3882cbd.sys [?]
S2 Printer Control;Printer Control;c:\windows\SYSTEM32\PrintCtrl.exe [2/1/2010 10:10 AM 77824]
S3 NaiFiltr;NaiFiltr;c:\windows\SYSTEM32\DRIVERS\NaiFiltr.sys [2/10/2005 3:02 AM 23888]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [9/30/2011 10:41 AM 366840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-09-02 c:\windows\Tasks\McAfee.com Scan for Viruses - My Computer (DD0XYS61-Kathy Boone).job
- c:\program files\mcafee.com\vso\mcmnhdlr.exe [2005-02-10 23:19]
.
2011-10-02 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
.
2011-10-02 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-29 03:44]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mWindow Title = Microsoft Internet Explorer provided by CenturyTel
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} - [You must be registered and logged in to see this link.]
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-10-02 19:04
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.intelppm]
"ImagePath"="\*"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2026988133-1336887843-3420273685-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e3,27,b5,76,cf,50,71,42,bc,11,7a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e3,27,b5,76,cf,50,71,42,bc,11,7a,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(748)
c:\windows\system32\l3codeca.acm
.
- - - - - - - > 'explorer.exe'(1940)
c:\windows\system32\WININET.dll
.
Completion time: 2011-10-02 19:09:23
ComboFix-quarantined-files.txt 2011-10-02 23:09
.
Pre-Run: 37,421,522,944 bytes free
Post-Run: 37,383,200,768 bytes free
.
- - End Of File - - 94608F0DF6E55AB7E09EE95C1599755C

jastriker

Newbie Surfer
Newbie Surfer

Posts : 6
Joined : 2011-10-01
Operating System : XP

View user profile

Back to top Go down

Re: Open Cloud Security Virus

Post by Belahzur on Mon 03 Oct 2011, 10:29 am

Hello.

ComboFix should not be run without the guidance of a helper!

It is a powerful tool and is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private or regular use.

See ComboFix's Disclaimer

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.


Please download aswMBR from here

  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Click the Scan button to start the scan as illustrated below



Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

  • Once the scan finishes click Save log to save the log to your Desktop


  • Copy and paste the contents of aswMBR.txt back here for review


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

aswMBR log

Post by jastriker on Mon 03 Oct 2011, 12:11 pm

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-02 19:58:23
-----------------------------
19:58:23.406 OS Version: Windows 5.1.2600 Service Pack 3
19:58:23.406 Number of processors: 1 586 0x209
19:58:23.437 ComputerName: DD0XYS61 UserName: Amelia
19:58:46.078 Initialze error C0000043 - driver not loaded
20:04:06.656 AVAST engine defs: 11100202
20:04:36.093 Service scanning
20:04:36.562 Service .intelppm \* **LOCKED** 123
20:04:42.734 Service MpKsl84c7e167 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2702C925-722D-4F8C-B72F-22D13ABDF59E}\MpKsl84c7e167.sys **LOCKED** 32
20:04:48.750 Modules scanning
20:04:48.750 Disk 0 trace - called modules:
20:04:48.750
20:04:51.593 AVAST engine scan C:\WINDOWS
20:07:26.171 AVAST engine scan C:\WINDOWS\system32
20:19:35.203 File: C:\WINDOWS\system32\UjUUVtzP0ycDon4.exe **INFECTED** Win32:Cycbot-MO [Trj]
20:21:21.156 AVAST engine scan C:\WINDOWS\system32\drivers
20:23:33.093 AVAST engine scan C:\Documents and Settings\Amelia
20:28:11.468 File: C:\Documents and Settings\Amelia\Application Data\Sun\Java\Deployment\cache\6.0\1\33e51581-4716ddfc **INFECTED** Win32:Rootkit-gen [Rtk]
20:34:51.843 File: C:\Documents and Settings\Amelia\Local Settings\Temporary Internet Files\Content.IE5\3662TDKH\s8b4r[1].mpg **INFECTED** Win32:Rootkit-gen [Rtk]
20:38:32.750 File: C:\Documents and Settings\Amelia\Local Settings\Temporary Internet Files\Content.IE5\RLQKY734\file[1].exe **INFECTED** Win32:Cycbot-MO [Trj]
20:58:10.828 AVAST engine scan C:\Documents and Settings\All Users
21:08:16.578 Scan finished successfully
21:09:11.343 The log file has been saved successfully to "C:\Documents and Settings\Amelia\My Documents\aswMBR.txt"



jastriker

Newbie Surfer
Newbie Surfer

Posts : 6
Joined : 2011-10-01
Operating System : XP

View user profile

Back to top Go down

Re: Open Cloud Security Virus

Post by Belahzur on Mon 03 Oct 2011, 12:22 pm

Hello.
Okay lets finish this up.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    http://www.GeekPolice.net/t28056-open-cloud-security-virus

    KILLALL::

    Collect::
    c:\windows\system32\UjUUVtzP0ycDon4.exe

    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Z1uvS2obF8234A"=-
    [-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.intelppm]

    ClearJavaCache::
    Reboot::
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.

Note: Combofix will alert you that it wants to upload some files for analysis - don't be alarmed, this is normal. Please ensure you have a working connection so the files can be uploaded.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

ComboFix scan log

Post by jastriker on Mon 03 Oct 2011, 1:41 pm

ComboFix 11-10-02.03 - Amelia 10/02/2011 21:38:07.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.371 [GMT -4:00]
Running from: C:\Documents and Settings\Amelia\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Amelia\Desktop\CFScript.txt
AV: McAfee VirusScan *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

file zipped: c:\windows\system32\UjUUVtzP0ycDon4.exe


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\Amelia\Application Data\c5sWJ7fELgZjCkVOpenCloud Security.ico
C:\Documents and Settings\Amelia\Application Data\EHdKfLhXjClBzNcOpenCloud Security.ico
C:\Documents and Settings\Amelia\Application Data\JJ7fE8jkrOtAOpenCloud Security.ico
C:\Documents and Settings\Amelia\Application Data\n0ucS1ibDpGaHdKOpenCloud Security.ico
C:\Documents and Settings\Amelia\Application Data\S0bbD336K7fR9UeOpenCloud Security.ico
C:\Documents and Settings\Amelia\Application Data\S6W79TjCkBy1vOpenCloud Security.ico
C:\Documents and Settings\Amelia\Application Data\xQ6W8R9TwUeItPyOpenCloud Security.ico
C:\Documents and Settings\Amelia\Application Data\ZhINubGJ8hUzOpenCloud Security.ico
C:\Documents and Settings\Amelia\Start Menu\Programs\OpenCloud Security
C:\Documents and Settings\Amelia\Start Menu\Programs\OpenCloud Security\OpenCloud Security.lnk


((((((((((((((((((((((((( Files Created from 2011-09-03 to 2011-10-03 )))))))))))))))))))))))))))))))


2011-10-03 01:55:46 . 2011-10-03 01:55:46 56200 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{023E5DB6-1300-4BF9-86B0-FD6A245AA6CF}\offreg.dll
2011-10-03 01:30:13 . 2011-09-12 23:14:12 7269712 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{023E5DB6-1300-4BF9-86B0-FD6A245AA6CF}\mpengine.dll
2011-10-03 01:19:06 . 2011-10-03 01:19:06 -------- d-----w- C:\Documents and Settings\Amelia\Application Data\EHdKfLhXjClBzNc
2011-10-03 01:19:00 . 2011-10-03 01:19:00 -------- d-----w- C:\Documents and Settings\Amelia\Application Data\hJdKgZhXk
2011-10-02 23:16:25 . 2011-10-02 23:16:25 -------- d-----w- C:\Documents and Settings\Amelia\Application Data\ZhINubGJ8hUz
2011-10-02 23:16:24 . 2011-10-02 23:16:24 -------- d-----w- C:\Documents and Settings\Amelia\Application Data\SuopsdghklxcDGH
2011-10-02 21:23:46 . 2011-10-02 21:23:46 -------- d-----w- C:\Documents and Settings\Amelia\Application Data\xQ6W8R9TwUeItPy
2011-10-02 21:23:45 . 2011-10-02 21:23:45 -------- d-----w- C:\Documents and Settings\Amelia\Application Data\Js7LZYwIrOtAuSi
2011-09-30 19:20:29 . 2011-09-30 19:20:29 -------- d-----w- C:\Documents and Settings\Amelia\Application Data\n0ucS1ibDpGaHdK
2011-09-30 19:20:28 . 2011-09-30 19:20:28 -------- d-----w- C:\Documents and Settings\Amelia\Application Data\trzONxA1uSoFpGs
2011-09-30 18:20:17 . 2011-09-30 18:20:17 -------- d-----w- C:\Documents and Settings\Amelia\Application Data\VH6WK8fRLhXjClB
2011-09-30 18:20:17 . 2011-09-30 18:20:17 -------- d-----w- C:\Documents and Settings\Amelia\Application Data\JJ7fE8jkrOtA
2011-09-30 15:46:34 . 2011-09-30 15:46:34 -------- d-----w- C:\Documents and Settings\Amelia\Application Data\c5sWJ7fELgZjCkV
2011-09-30 15:46:32 . 2011-09-30 15:46:32 -------- d-----w- C:\Documents and Settings\Amelia\Application Data\SQH6sWK7fLgXj
2011-09-30 14:56:08 . 2011-09-30 14:56:08 -------- d-----w- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2011-09-30 14:41:51 . 2010-07-16 18:59:54 656320 ----a-w- C:\WINDOWS\system32\drivers\pctEFA.sys
2011-09-30 14:41:51 . 2010-07-16 18:59:54 338880 ----a-w- C:\WINDOWS\system32\drivers\pctDS.sys
2011-09-30 14:41:50 . 2011-01-17 13:10:26 251560 ----a-w- C:\WINDOWS\system32\drivers\pctgntdi.sys
2011-09-30 14:41:45 . 2010-12-10 20:57:26 160448 ----a-w- C:\WINDOWS\system32\drivers\PCTAppEvent.sys
2011-09-30 14:41:45 . 2010-12-10 17:24:12 239168 ----a-w- C:\WINDOWS\system32\drivers\PCTCore.sys
2011-09-30 14:41:38 . 2010-12-16 12:46:04 70536 ----a-w- C:\WINDOWS\system32\drivers\pctplsg.sys
2011-09-30 14:41:29 . 2011-09-30 15:01:52 -------- d-----w- C:\Program Files\PC Tools Security
2011-09-30 14:41:29 . 2011-09-30 14:41:37 -------- d-----w- C:\Program Files\Common Files\PC Tools
2011-09-30 14:41:29 . 2011-09-30 14:41:29 -------- d-----w- C:\Documents and Settings\Administrator\Application Data\PC Tools
2011-09-30 14:39:11 . 2011-09-30 14:41:40 -------- d-----w- C:\Documents and Settings\All Users\Application Data\PC Tools
2011-09-30 14:29:38 . 2011-09-30 14:29:38 -------- d-sh--w- C:\Documents and Settings\Administrator\PrivacIE
2011-09-30 14:28:54 . 2011-09-30 14:28:54 -------- d-sh--w- C:\Documents and Settings\Administrator\IETldCache
2011-09-30 14:18:06 . 2011-09-30 14:25:13 -------- d-----w- C:\af0a89235c969ea3c576fdb2ff4e09e6
2011-09-30 14:08:01 . 2011-09-30 14:08:01 -------- d-----w- C:\Documents and Settings\Amelia\Application Data\S6W79TjCkBy1v
2011-09-30 14:08:01 . 2011-09-30 14:08:01 -------- d-----w- C:\Documents and Settings\Amelia\Application Data\FXwkUOtPySiD
2011-09-30 14:00:31 . 2008-04-13 17:31:32 36352 ----a-w- C:\WINDOWS\system32\dllcache\intelppm.sys
2011-09-30 13:58:24 . 2011-09-30 13:58:24 -------- d-----w- C:\Documents and Settings\Amelia\Application Data\S0bbD336K7fR9Ue
2011-09-30 13:58:23 . 2011-09-30 13:58:23 -------- d-----w- C:\Documents and Settings\Amelia\Application Data\hecA1sWL9
2011-09-30 13:57:41 . 2011-09-30 13:57:42 2413568 ----a-w- C:\WINDOWS\system32\UjUUVtzP0ycDon4.exe
2011-09-30 13:57:41 . 2011-09-30 13:57:41 -------- d-----w- C:\Documents and Settings\Amelia\Application Data\ixxAA0u3pm5aKfX
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-09-12 23:14:12 . 2010-01-19 22:04:07 7269712 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-09 09:12:13 . 2004-08-04 11:00:00 599040 ----a-w- C:\WINDOWS\system32\crypt32.dll
2011-07-15 13:29:31 . 2008-11-30 15:08:04 456320 ----a-w- C:\WINDOWS\system32\drivers\mrxsmb.sys
2011-07-13 03:39:01 . 2011-08-02 06:01:24 6881616 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-07-12 15:20:54 . 2011-07-12 15:20:54 83816 ----a-w- C:\WINDOWS\system32\dns-sd.exe
2011-07-12 15:20:54 . 2011-07-12 15:20:54 73064 ----a-w- C:\WINDOWS\system32\dnssd.dll
2011-07-08 14:02:00 . 2008-11-30 15:08:02 10496 ----a-w- C:\WINDOWS\system32\drivers\ndistapi.sys
2011-07-06 17:14:07 . 2011-07-06 17:14:06 404640 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2011-07-05 22:37:00 . 2011-07-05 22:37:00 94208 ----a-w- C:\WINDOWS\system32\QuickTimeVR.qtx
2011-07-05 22:37:00 . 2011-07-05 22:37:00 69632 ----a-w- C:\WINDOWS\system32\QuickTime.qts


((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))

+ 2011-10-03 01:56:29 . 2011-10-03 01:55:56 32768 C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\index.dat
+ 2011-10-03 01:56:32 . 2011-10-03 01:56:32 16384 C:\WINDOWS\temp\Perflib_Perfdata_ec.dat
+ 2011-10-03 01:55:55 . 2011-10-03 01:55:55 16384 C:\WINDOWS\temp\Perflib_Perfdata_740.dat
+ 2011-10-03 01:56:32 . 2011-10-03 01:55:56 16384 C:\WINDOWS\temp\History\History.IE5\index.dat
+ 2011-10-03 01:56:31 . 2011-10-03 01:55:56 16384 C:\WINDOWS\temp\Cookies\index.dat
- 2007-11-30 02:52:00 . 2011-09-29 03:02:14 35088 C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
+ 2007-11-30 02:52:00 . 2011-09-30 21:40:18 35088 C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2007-11-30 02:51:59 . 2011-09-29 03:02:14 18704 C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2007-11-30 02:51:59 . 2011-09-30 21:40:17 18704 C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2007-11-30 02:51:59 . 2011-09-29 03:02:14 20240 C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2007-11-30 02:51:59 . 2011-09-30 21:40:17 20240 C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2007-11-30 02:51:59 . 2011-09-30 21:40:17 888080 C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
- 2007-11-30 02:51:59 . 2011-09-29 03:02:14 888080 C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
- 2007-11-30 02:51:59 . 2011-09-29 03:02:14 922384 C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2007-11-30 02:51:59 . 2011-09-30 21:40:17 922384 C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2007-11-30 02:51:59 . 2011-09-30 21:40:17 217864 C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2007-11-30 02:51:59 . 2011-09-29 03:02:14 217864 C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2007-11-30 02:51:58 . 2011-09-29 03:02:14 184080 C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2007-11-30 02:51:58 . 2011-09-30 21:40:17 184080 C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2011-09-07 01:46:22 . 2011-09-07 01:46:22 9006080 C:\WINDOWS\Installer\8412ee.msp
+ 2011-08-10 21:42:04 . 2011-08-10 21:42:04 7070208 C:\WINDOWS\Installer\8412dc.msp
+ 2011-09-07 01:48:02 . 2011-09-07 01:48:02 8181248 C:\WINDOWS\Installer\8412ca.msp
+ 2007-11-30 02:51:58 . 2011-09-30 21:40:17 1172240 C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
- 2007-11-30 02:51:58 . 2011-09-29 03:02:14 1172240 C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-04-03 23:21:42 . 2009-04-03 23:21:42 16037736 C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\OART.DLL

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-29 03:44:28 1400712 ----a-w- C:\Program Files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "C:\Program Files\Ask.com\GenericAskToolbar.dll" [2010-09-29 03:44:28 1400712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "C:\Program Files\Ask.com\GenericAskToolbar.dll" [2010-09-29 03:44:28 1400712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2011-07-05 22:36:48 421888]
"Search Protection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 15:23:46 111856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 20:07:20 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 21:42:54 1404928]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 12:59:14 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 12:59:12 126976]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 07:01:00 110592]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2004-09-14 14:50:48 131072]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 14:50:48 53248]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2005-03-02 23:19:50 143360]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 22:29:08 303104]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 16:05:42 212992]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2005-03-19 00:28:32 196608]
"Dell Photo AIO Printer 922"="C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-06-18 21:30:26 290816]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 15:23:46 111856]
"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 21:31:16 80896]
"PrintDisp"="C:\WINDOWS\system32\PrintDisp.exe" [2009-08-21 16:36:46 878080]
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe" [2011-06-15 19:16:48 997920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2011-07-05 22:36:48 421888]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2011-08-19 05:07:38 421736]

C:\Documents and Settings\Amelia\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-2-10 24576]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2006-7-27 118784]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2009-1-14 525664]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\FrostWire\\FrostWire.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\FrostWire 5\\FrostWire.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 Lbd;Lbd;C:\WINDOWS\system32\DRIVERS\Lbd.sys [x]
R1 MpKsl0a5319a0;MpKsl0a5319a0;c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D4FA03B1-4F8F-46A7-AA24-4DD434BCB970}\MpKsl0a5319a0.sys [x]
R1 MpKsl190755a4;MpKsl190755a4;C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E505A2CD-15D2-4FB0-B554-EA8CF0FD9B37}\MpKsl190755a4.sys [x]
R1 MpKsl982d9f52;MpKsl982d9f52;c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D8ACEFDB-6A86-4C47-987B-67275993DE7D}\MpKsl982d9f52.sys [x]
R1 MpKsle3882cbd;MpKsle3882cbd;c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{012CB78A-96D8-44E2-A9DA-8E19ADD5ABC7}\MpKsle3882cbd.sys [x]
R3 sdAuxService;PC Tools Auxiliary Service;C:\Program Files\PC Tools Security\pctsAuxs.exe [2010-03-15 18:02:36 366840]
S0 PCTCore;PCTools KDS;C:\WINDOWS\system32\drivers\PCTCore.sys [2010-12-10 17:24:12 239168]
S0 pctDS;PC Tools Data Store;C:\WINDOWS\system32\drivers\pctDS.sys [2010-07-16 18:59:54 338880]
S2 Printer Control;Printer Control;C:\WINDOWS\system32\PrintCtrl.exe [2009-06-16 12:38:34 77824]
S3 NaiFiltr;NaiFiltr;C:\WINDOWS\system32\DRIVERS\NaiFiltr.sys [2002-09-20 20:51:00 23888]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC

Contents of the 'Scheduled Tasks' folder

2011-09-29 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57:16 . 2011-06-01 21:57:16]

2011-09-02 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (DD0XYS61-Kathy Boone).job
- c:\program files\mcafee.com\vso\mcmnhdlr.exe [2005-02-10 07:02:56 . 2005-03-02 23:19:50]

2011-10-03 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39:26 . 2011-04-27 19:39:26]

2011-10-03 C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
- C:\Program Files\Ask.com\UpdateTask.exe [2010-09-29 03:44:30 . 2010-09-29 03:44:30]


------- Supplementary Scan -------

uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mWindow Title = Microsoft Internet Explorer provided by CenturyTel
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = ;*.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
LSP: C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} - [You must be registered and logged in to see this link.]


jastriker

Newbie Surfer
Newbie Surfer

Posts : 6
Joined : 2011-10-01
Operating System : XP

View user profile

Back to top Go down

Re: Open Cloud Security Virus

Post by Belahzur on Tue 04 Oct 2011, 3:32 am

Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    KILLALL::

    File::
    C:\WINDOWS\system32\UjUUVtzP0ycDon4.exe

    Folder::
    C:\Documents and Settings\Amelia\Application Data\EHdKfLhXjClBzNc
    C:\Documents and Settings\Amelia\Application Data\hJdKgZhXk
    C:\Documents and Settings\Amelia\Application Data\ZhINubGJ8hUz
    C:\Documents and Settings\Amelia\Application Data\SuopsdghklxcDGH
    C:\Documents and Settings\Amelia\Application Data\xQ6W8R9TwUeItPy
    C:\Documents and Settings\Amelia\Application Data\Js7LZYwIrOtAuSi
    C:\Documents and Settings\Amelia\Application Data\n0ucS1ibDpGaHdK
    C:\Documents and Settings\Amelia\Application Data\trzONxA1uSoFpGs
    C:\Documents and Settings\Amelia\Application Data\VH6WK8fRLhXjClB
    C:\Documents and Settings\Amelia\Application Data\JJ7fE8jkrOtA
    C:\Documents and Settings\Amelia\Application Data\c5sWJ7fELgZjCkV
    C:\Documents and Settings\Amelia\Application Data\SQH6sWK7fLgXj
    C:\Documents and Settings\Amelia\Application Data\S6W79TjCkBy1v
    C:\Documents and Settings\Amelia\Application Data\FXwkUOtPySiD
    C:\Documents and Settings\Amelia\Application Data\S0bbD336K7fR9Ue
    C:\Documents and Settings\Amelia\Application Data\hecA1sWL9
    C:\Documents and Settings\Amelia\Application Data\ixxAA0u3pm5aKfX
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

ComboFix scan log #2

Post by jastriker on Tue 04 Oct 2011, 6:44 am

ComboFix 11-10-03.01 - Amelia 10/03/2011 13:56:22.6.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.297 [GMT -4:00]
Running from: C:\Documents and Settings\Amelia\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Amelia\Desktop\CFScript.txt
AV: McAfee VirusScan *Disabled/Outdated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

FILE ::
"C:\WINDOWS\system32\UjUUVtzP0ycDon4.exe"


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\Amelia\Application Data\c5sWJ7fELgZjCkV
C:\Documents and Settings\Amelia\Application Data\EHdKfLhXjClBzNc
C:\Documents and Settings\Amelia\Application Data\FXwkUOtPySiD
C:\Documents and Settings\Amelia\Application Data\hecA1sWL9
C:\Documents and Settings\Amelia\Application Data\hJdKgZhXk
C:\Documents and Settings\Amelia\Application Data\ixxAA0u3pm5aKfX
C:\Documents and Settings\Amelia\Application Data\JJ7fE8jkrOtA
C:\Documents and Settings\Amelia\Application Data\Js7LZYwIrOtAuSi
C:\Documents and Settings\Amelia\Application Data\n0ucS1ibDpGaHdK
C:\Documents and Settings\Amelia\Application Data\S0bbD336K7fR9Ue
C:\Documents and Settings\Amelia\Application Data\S6W79TjCkBy1v
C:\Documents and Settings\Amelia\Application Data\SQH6sWK7fLgXj
C:\Documents and Settings\Amelia\Application Data\SuopsdghklxcDGH
C:\Documents and Settings\Amelia\Application Data\trzONxA1uSoFpGs
C:\Documents and Settings\Amelia\Application Data\VH6WK8fRLhXjClB
C:\Documents and Settings\Amelia\Application Data\xQ6W8R9TwUeItPy
C:\Documents and Settings\Amelia\Application Data\ZhINubGJ8hUz
C:\Documents and Settings\Amelia\Desktop\OpenCloud Security.lnk
C:\WINDOWS\dasetup.log
C:\WINDOWS\system32\comct332.ocx

---- Previous Run -------

C:\Documents and Settings\Amelia\Application Data\c5sWJ7fELgZjCkVOpenCloud Security.ico
C:\Documents and Settings\Amelia\Application Data\EHdKfLhXjClBzNcOpenCloud Security.ico
C:\Documents and Settings\Amelia\Application Data\JJ7fE8jkrOtAOpenCloud Security.ico
C:\Documents and Settings\Amelia\Application Data\n0ucS1ibDpGaHdKOpenCloud Security.ico
C:\Documents and Settings\Amelia\Application Data\S0bbD336K7fR9UeOpenCloud Security.ico
C:\Documents and Settings\Amelia\Application Data\S6W79TjCkBy1vOpenCloud Security.ico
C:\Documents and Settings\Amelia\Application Data\xQ6W8R9TwUeItPyOpenCloud Security.ico
C:\Documents and Settings\Amelia\Application Data\ZhINubGJ8hUzOpenCloud Security.ico
C:\Documents and Settings\Amelia\Start Menu\Programs\OpenCloud Security\OpenCloud Security.lnk


((((((((((((((((((((((((( Files Created from 2011-09-03 to 2011-10-03 )))))))))))))))))))))))))))))))


2011-10-03 18:12:59 . 2011-10-03 18:12:59 56200 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{023E5DB6-1300-4BF9-86B0-FD6A245AA6CF}\offreg.dll
2011-10-03 01:30:13 . 2011-09-12 23:14:12 7269712 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{023E5DB6-1300-4BF9-86B0-FD6A245AA6CF}\mpengine.dll
2011-09-30 14:56:08 . 2011-09-30 14:56:08 -------- d-----w- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2011-09-30 14:41:51 . 2010-07-16 18:59:54 656320 ----a-w- C:\WINDOWS\system32\drivers\pctEFA.sys
2011-09-30 14:41:51 . 2010-07-16 18:59:54 338880 ----a-w- C:\WINDOWS\system32\drivers\pctDS.sys
2011-09-30 14:41:50 . 2011-01-17 13:10:26 251560 ----a-w- C:\WINDOWS\system32\drivers\pctgntdi.sys
2011-09-30 14:41:45 . 2010-12-10 20:57:26 160448 ----a-w- C:\WINDOWS\system32\drivers\PCTAppEvent.sys
2011-09-30 14:41:45 . 2010-12-10 17:24:12 239168 ----a-w- C:\WINDOWS\system32\drivers\PCTCore.sys
2011-09-30 14:41:38 . 2010-12-16 12:46:04 70536 ----a-w- C:\WINDOWS\system32\drivers\pctplsg.sys
2011-09-30 14:41:29 . 2011-09-30 15:01:52 -------- d-----w- C:\Program Files\PC Tools Security
2011-09-30 14:41:29 . 2011-09-30 14:41:37 -------- d-----w- C:\Program Files\Common Files\PC Tools
2011-09-30 14:41:29 . 2011-09-30 14:41:29 -------- d-----w- C:\Documents and Settings\Administrator\Application Data\PC Tools
2011-09-30 14:39:11 . 2011-09-30 14:41:40 -------- d-----w- C:\Documents and Settings\All Users\Application Data\PC Tools
2011-09-30 14:29:38 . 2011-09-30 14:29:38 -------- d-sh--w- C:\Documents and Settings\Administrator\PrivacIE
2011-09-30 14:28:54 . 2011-09-30 14:28:54 -------- d-sh--w- C:\Documents and Settings\Administrator\IETldCache
2011-09-30 14:18:06 . 2011-09-30 14:25:13 -------- d-----w- C:\af0a89235c969ea3c576fdb2ff4e09e6
2011-09-30 14:00:31 . 2008-04-13 17:31:32 36352 ----a-w- C:\WINDOWS\system32\dllcache\intelppm.sys
2011-09-30 13:57:41 . 2011-09-30 13:57:42 2413568 ----a-w- C:\WINDOWS\system32\UjUUVtzP0ycDon4.exe
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-09-12 23:14:12 . 2010-01-19 22:04:07 7269712 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-09 09:12:13 . 2004-08-04 11:00:00 599040 ----a-w- C:\WINDOWS\system32\crypt32.dll
2011-07-15 13:29:31 . 2008-11-30 15:08:04 456320 ----a-w- C:\WINDOWS\system32\drivers\mrxsmb.sys
2011-07-13 03:39:01 . 2011-08-02 06:01:24 6881616 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-07-12 15:20:54 . 2011-07-12 15:20:54 83816 ----a-w- C:\WINDOWS\system32\dns-sd.exe
2011-07-12 15:20:54 . 2011-07-12 15:20:54 73064 ----a-w- C:\WINDOWS\system32\dnssd.dll
2011-07-08 14:02:00 . 2008-11-30 15:08:02 10496 ----a-w- C:\WINDOWS\system32\drivers\ndistapi.sys
2011-07-06 17:14:07 . 2011-07-06 17:14:06 404640 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2011-07-05 22:37:00 . 2011-07-05 22:37:00 94208 ----a-w- C:\WINDOWS\system32\QuickTimeVR.qtx
2011-07-05 22:37:00 . 2011-07-05 22:37:00 69632 ----a-w- C:\WINDOWS\system32\QuickTime.qts


((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))

+ 2011-10-03 18:15:47 . 2011-10-03 18:15:47 16384 C:\WINDOWS\temp\Perflib_Perfdata_f60.dat
+ 2011-10-03 18:14:07 . 2011-10-03 18:14:22 16384 C:\WINDOWS\temp\Perflib_Perfdata_c08.dat
+ 2007-11-30 02:52:00 . 2011-09-30 21:40:18 35088 C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2007-11-30 02:52:00 . 2011-09-29 03:02:14 35088 C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2007-11-30 02:51:59 . 2011-09-29 03:02:14 18704 C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2007-11-30 02:51:59 . 2011-09-30 21:40:17 18704 C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2007-11-30 02:51:59 . 2011-09-30 21:40:17 20240 C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
- 2007-11-30 02:51:59 . 2011-09-29 03:02:14 20240 C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2005-02-10 07:02:32 . 2004-07-26 23:13:00 341064 C:\WINDOWS\SYSTEM32\mcinsctl.dll
- 2007-11-30 02:51:59 . 2011-09-29 03:02:14 888080 C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2007-11-30 02:51:59 . 2011-09-30 21:40:17 888080 C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2007-11-30 02:51:59 . 2011-09-30 21:40:17 922384 C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2007-11-30 02:51:59 . 2011-09-29 03:02:14 922384 C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2007-11-30 02:51:59 . 2011-09-29 03:02:14 217864 C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2007-11-30 02:51:59 . 2011-09-30 21:40:17 217864 C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2007-11-30 02:51:58 . 2011-09-29 03:02:14 184080 C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2007-11-30 02:51:58 . 2011-09-30 21:40:17 184080 C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2011-09-07 01:46:22 . 2011-09-07 01:46:22 9006080 C:\WINDOWS\Installer\8412ee.msp
+ 2011-08-10 21:42:04 . 2011-08-10 21:42:04 7070208 C:\WINDOWS\Installer\8412dc.msp
+ 2011-09-07 01:48:02 . 2011-09-07 01:48:02 8181248 C:\WINDOWS\Installer\8412ca.msp
+ 2007-11-30 02:51:58 . 2011-09-30 21:40:17 1172240 C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
- 2007-11-30 02:51:58 . 2011-09-29 03:02:14 1172240 C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-04-03 23:21:42 . 2009-04-03 23:21:42 16037736 C:\WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\OART.DLL

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-29 03:44:28 1400712 ----a-w- C:\Program Files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "C:\Program Files\Ask.com\GenericAskToolbar.dll" [2010-09-29 03:44:28 1400712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "C:\Program Files\Ask.com\GenericAskToolbar.dll" [2010-09-29 03:44:28 1400712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2011-07-05 22:36:48 421888]
"Search Protection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 15:23:46 111856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 20:07:20 2260480]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 00:12:16 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 21:42:54 1404928]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 12:59:14 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 12:59:12 126976]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 07:01:00 110592]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2004-09-14 14:50:48 131072]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 14:50:48 53248]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2005-03-02 23:19:50 143360]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 22:29:08 303104]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 16:05:42 212992]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2005-03-19 00:28:32 196608]
"Dell Photo AIO Printer 922"="C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-06-18 21:30:26 290816]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 15:23:46 111856]
"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 21:31:16 80896]
"PrintDisp"="C:\WINDOWS\system32\PrintDisp.exe" [2009-08-21 16:36:46 878080]
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe" [2011-06-15 19:16:48 997920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2011-07-05 22:36:48 421888]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2011-08-19 05:07:38 421736]

C:\Documents and Settings\Amelia\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-2-10 24576]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2006-7-27 118784]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2009-1-14 525664]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\FrostWire\\FrostWire.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\FrostWire 5\\FrostWire.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 Lbd;Lbd;C:\WINDOWS\system32\DRIVERS\Lbd.sys [x]
R1 MpKsl0a5319a0;MpKsl0a5319a0;c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D4FA03B1-4F8F-46A7-AA24-4DD434BCB970}\MpKsl0a5319a0.sys [x]
R1 MpKsl190755a4;MpKsl190755a4;C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E505A2CD-15D2-4FB0-B554-EA8CF0FD9B37}\MpKsl190755a4.sys [x]
R1 MpKsl982d9f52;MpKsl982d9f52;c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D8ACEFDB-6A86-4C47-987B-67275993DE7D}\MpKsl982d9f52.sys [x]
R1 MpKsle3882cbd;MpKsle3882cbd;c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{012CB78A-96D8-44E2-A9DA-8E19ADD5ABC7}\MpKsle3882cbd.sys [x]
R3 sdAuxService;PC Tools Auxiliary Service;C:\Program Files\PC Tools Security\pctsAuxs.exe [2010-03-15 18:02:36 366840]
S0 PCTCore;PCTools KDS;C:\WINDOWS\system32\drivers\PCTCore.sys [2010-12-10 17:24:12 239168]
S0 pctDS;PC Tools Data Store;C:\WINDOWS\system32\drivers\pctDS.sys [2010-07-16 18:59:54 338880]
S2 Printer Control;Printer Control;C:\WINDOWS\system32\PrintCtrl.exe [2009-06-16 12:38:34 77824]
S3 NaiFiltr;NaiFiltr;C:\WINDOWS\system32\DRIVERS\NaiFiltr.sys [2002-09-20 20:51:00 23888]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC

Contents of the 'Scheduled Tasks' folder

2011-09-29 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57:16 . 2011-06-01 21:57:16]

2011-09-02 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (DD0XYS61-Kathy Boone).job
- c:\program files\mcafee.com\vso\mcmnhdlr.exe [2005-02-10 07:02:56 . 2005-03-02 23:19:50]

2011-10-03 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39:26 . 2011-04-27 19:39:26]

2011-10-03 C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
- C:\Program Files\Ask.com\UpdateTask.exe [2010-09-29 03:44:30 . 2010-09-29 03:44:30]


------- Supplementary Scan -------

uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mWindow Title = Microsoft Internet Explorer provided by CenturyTel
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = ;*.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
LSP: C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} - [You must be registered and logged in to see this link.]


jastriker

Newbie Surfer
Newbie Surfer

Posts : 6
Joined : 2011-10-01
Operating System : XP

View user profile

Back to top Go down

Re: Open Cloud Security Virus

Post by Belahzur on Tue 04 Oct 2011, 7:24 am

Hmm, that damn file wont go away.

1. Please download The Avenger by Swandog46 to your Desktop
Link: HERE

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):


Files to delete:
C:\WINDOWS\system32\UjUUVtzP0ycDon4.exe

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Input script here:", paste in the script from the quote box above.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
4. Please copy/paste the content of c:\avenger.txt into your reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Avenger log

Post by jastriker on Tue 04 Oct 2011, 7:44 am

Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\system32\UjUUVtzP0ycDon4.exe" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

jastriker

Newbie Surfer
Newbie Surfer

Posts : 6
Joined : 2011-10-01
Operating System : XP

View user profile

Back to top Go down

Re: Open Cloud Security Virus

Post by Belahzur on Tue 04 Oct 2011, 9:38 pm

Finally.
Heh, nothing can survive the power of the avenger.

Please download the current version of HijackThis from HERE

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Hijack This uninstall list

Post by jastriker on Tue 04 Oct 2011, 11:24 pm

32 Bit HP CIO Components Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Player Plugin
Adobe Reader 7.0
Adobe Shockwave Player 11
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 3
Ask Toolbar
Bonjour
Broadcom Management Programs
Canon Digital Camera USB Driver
Canon PhotoRecord
Canon Utilities PhotoStitch 3.1
Canon Utilities RAW Image Converter
Canon Utilities RemoteCapture 1.3
Canon Utilities ZoomBrowser EX
Conexant D850 56K V.9x DFVc Modem
Dell Driver Reset Tool
Dell Media Experience
Dell Media Experience Update
Dell Photo AIO Printer 922
Dell Picture Studio v3.0
Digital Line Detect
ESET Online Scanner v3
FrostWire 4.21.3
FrostWire 5.1.5
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Format SDK (KB910998)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 10.0
HP Imaging Device Functions 10.0
HP Photosmart All-In-One Driver Software 10.0 Rel .2
HP Photosmart Essential 2.5
HP Print Diagnostic Utility
HP Smart Web Printing
HP Solution Center 13.0
HP Update
Infix 4.10
Intel(R) Extreme Graphics Driver
Internet Explorer Default Page
iPod for Windows
iTunes
Java(TM) 6 Update 17
Linksys Wireless-G PCI Adapter
Macromedia Extension Manager
Malwarebytes' Anti-Malware
McAfee SecurityCenter
McAfee VirusScan
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Publishing Wizard 1.52
Modem Helper
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Musicmatch® Jukebox
My Way Search Assistant
NetWaiting
OCR Software by I.R.I.S. 10.0
Oracle JInitiator 1.3.1.22
Oracle JInitiator 1.3.1.9
Photo Click
PictureProject
PictureProject In Touch 1.0
QuickTime
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shop for HP Supplies
Singing Coach
Sonic RecordNow!
Sonic Update Manager
Spybot - Search & Destroy
Spyware Doctor 8.0
TurboTax ItsDeductible 2005
TurboTax ItsDeductible 2006
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VoiceOver Kit
WebLog Expert Lite 3.6
Windows Defender Signatures
Windows Genuine Advantage v1.3.0254.0
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 10
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinZip 12.0
WordPerfect Office 12
Yahoo! Browser Services
Yahoo! Browser Services
Yahoo! Search Protection


jastriker

Newbie Surfer
Newbie Surfer

Posts : 6
Joined : 2011-10-01
Operating System : XP

View user profile

Back to top Go down

Re: Open Cloud Security Virus

Post by Belahzur on Sat 08 Oct 2011, 1:11 am

Hello.

I see that you are running FrostWire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Adobe Reader 7.0
    Ask Toolbar
    FrostWire 4.21.3
    FrostWire 5.1.5
    Java(TM) 6 Update 17

Updating Java:

  • Download the latest version of Java SE Runtime Environment (JRE) 7.
  • Click the "Download JRE" button to the right.
  • In the Window that opens, select your platform, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-7-windows-i586.exe that you downloaded to install the newest version.

Then download and install Adobe Reader X

How is the machine running now?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Open Cloud Security Virus

Post by Sponsored content Today at 4:17 pm


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum