Virus and or malware??

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Re: Virus and or malware??

Post by Belahzur on 11th April 2009, 4:15 pm

That's windows firewall. It's the Norton firewall that might causing the problem.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus and or malware??

Post by marino2111 on 11th April 2009, 4:19 pm

I went to Norton firewall access button, nothing happens after clicking.

marino2111
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-04-09
Gender Gender : Male
OS OS : vista
Points Points : 28046
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus and or malware??

Post by Belahzur on 11th April 2009, 4:39 pm

Want to try uninstalling Norton and see what happens?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus and or malware??

Post by marino2111 on 11th April 2009, 4:44 pm

Lets do it!!

marino2111
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-04-09
Gender Gender : Male
OS OS : vista
Points Points : 28046
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus and or malware??

Post by Belahzur on 11th April 2009, 4:47 pm

Completely Uninstall Norton software using:

Instructions

  1. Please download and save SymNRT.exe to your desktop.
  2. Close all programs and double click on the tool.
  3. Follow the on-screen instructions.
  4. Restart the computer if asked.
  5. Then delete the SymNRT.exe tool from your desktop.
  6. Open the Program Files folder on your local disk ( normally C: )
  7. Find and delete the following folders (if present):
    [list]
  8. Norton AntiVirus
  9. Norton Internet Security
  10. Norton SystemWorks
  11. Norton Personal Firewall


Note: Do not browse the net after this, because you won't be protected. Just let me know if IE stays open.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus and or malware??

Post by marino2111 on 11th April 2009, 5:36 pm

Ok IE opened for about 45seconds then it closed, after that I tried again, just as soon as the Google page appears it shuts back down.

marino2111
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-04-09
Gender Gender : Male
OS OS : vista
Points Points : 28046
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus and or malware??

Post by Belahzur on 11th April 2009, 5:44 pm

Hmm.

Please install Avira antivirus otherwise you won't be protected.

1) [You must be registered and logged in to see this link.]
-Free anti-virus software for Windows.
-Detects and removes more than 50,000 viruses. Free support.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.

Please run a GMER Rootkit scan:

Download GMER's application from here:
[You must be registered and logged in to see this link.]

Unzip it and start the GMER.exe
Click the Rootkit tab and click the Scan button.

Once done, click the Copy button.
This will copy the results to your clipboard.
Paste the results in your next reply.

Warning ! Please, do not select the "Show all" checkbox during the scan.

If you're having problems with running GMER.exe, try it in safe mode.
This tools works in safe mode. Other rootkitrevealers don't.
The log might be huge, if so, please upload it to mediafire.com for me.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus and or malware??

Post by marino2111 on 11th April 2009, 9:44 pm

[You must be registered and logged in to see this link.]

marino2111
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-04-09
Gender Gender : Male
OS OS : vista
Points Points : 28046
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus and or malware??

Post by Belahzur on 11th April 2009, 11:04 pm

I think it maybe easier to use Firefox rather than Internet Explorer, if this next tool doesn't find anything then IE maybe damaged by the malware.


  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV. (Avira)
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus and or malware??

Post by marino2111 on 11th April 2009, 11:26 pm

ComboFix 09-04-04.01 - marino limauro 2009-04-11 19:17:22.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.601 [GMT -4:00]
Running from: F:\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\marino limauro\Application Data\Install.dat
c:\program files\msmovies
c:\program files\msmovies\p.zip
c:\windows\system32\drivers\fad.sys
c:\windows\system32\launcher.exe

.
((((((((((((((((((((((((( Files Created from 2009-03-11 to 2009-04-11 )))))))))))))))))))))))))))))))
.

2009-04-11 14:01 . 2009-04-11 14:01 d-------- c:\windows\LastGood
2009-04-11 14:01 . 2009-04-11 14:01 d-------- c:\program files\Avira
2009-04-11 14:01 . 2009-04-11 14:01 d-------- c:\documents and settings\All Users\Application Data\Avira
2009-04-11 14:01 . 2009-02-13 11:31 55,640 --a------ c:\windows\SYSTEM32\DRIVERS\avgntflt.sys
2009-04-10 19:41 . 2009-04-11 19:15 d-------- c:\documents and settings\marino limauro\Application Data\U3
2009-04-10 17:14 . 2009-04-10 17:14 d-------- c:\program files\Trend Micro
2009-04-10 09:55 . 2009-04-06 15:32 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
2009-04-10 09:55 . 2009-04-06 15:32 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys
2009-04-10 09:30 . 2008-10-16 14:06 268,648 --a------ c:\windows\SYSTEM32\mucltui.dll
2009-04-10 09:30 . 2008-10-16 14:06 208,744 --a------ c:\windows\SYSTEM32\muweb.dll
2009-04-09 22:56 . 2009-04-09 22:58 d-------- c:\program files\Spybot - Search & Destroy
2009-04-03 12:31 . 2008-10-16 14:06 27,496 --a------ c:\windows\SYSTEM32\mucltui.dll.mui
2009-04-02 19:46 . 2009-04-10 09:23 d-------- c:\program files\Mozilla Firefox(2)
2009-04-02 19:36 . 2009-04-10 09:23 d-------- c:\program files\Windows Live Safety Center
2009-04-02 19:20 . 2009-04-10 09:23 d----c--- c:\windows\ie8(2)
2009-04-02 18:14 . 2009-04-02 18:14 d-------- c:\documents and settings\marino limauro\IECompatCache
2009-04-02 18:12 . 2009-04-02 18:12 d-------- c:\documents and settings\LocalService\IETldCache
2009-04-02 18:09 . 2009-04-02 18:09 d-------- c:\documents and settings\marino limauro\PrivacIE
2009-04-02 18:06 . 2009-04-02 18:06 d-------- c:\documents and settings\marino limauro\IETldCache
2009-04-02 18:00 . 2009-04-10 09:24 d-------- c:\windows\ie8updates
2009-04-02 16:41 . 2009-04-02 16:57 d-------- c:\documents and settings\All Users\Application Data\McAfee
2009-03-24 18:18 . 2009-04-10 09:55 d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-24 18:18 . 2009-03-24 18:18 d-------- c:\documents and settings\marino limauro\Application Data\Malwarebytes
2009-03-24 18:18 . 2009-03-24 18:18 d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-23 12:11 . 2003-04-17 20:26 79 --a------ c:\windows\delay2.reg
2009-03-23 11:46 . 2009-03-23 11:46 35,262 --a------ c:\windows\marino limauro000.acl
2009-03-13 20:28 . 2009-03-13 20:27 410,984 --a------ c:\windows\SYSTEM32\deploytk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-11 17:32 --------- d-----w c:\documents and settings\marino limauro\Application Data\Skype
2009-04-11 17:09 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-11 17:07 --------- d-----w c:\program files\Norton AntiVirus
2009-04-11 17:07 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-04-11 01:08 --------- d-----w c:\program files\Java
2009-04-11 01:08 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-04-10 13:26 --------- d-----w c:\program files\AOL 9.1a
2009-04-10 13:25 --------- d-----w c:\program files\Yahoo!
2009-04-10 02:58 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-10 01:18 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
2009-04-10 01:18 0 ----a-w c:\windows\system32\drivers\logiflt.iad
2009-04-10 00:45 --------- d-----w c:\documents and settings\All Users\Application Data\yahoo!
2009-04-09 23:34 --------- d-----w c:\documents and settings\marino limauro\Application Data\skypePM
2009-02-09 11:13 1,846,784 ----a-w c:\windows\SYSTEM32\win32k.sys
2009-02-09 11:13 1,846,784 ------w c:\windows\SYSTEM32\DLLCACHE\win32k.sys
2009-01-17 02:35 3,594,752 ------w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
2008-04-05 21:04 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2006-11-05 18:36 560 -c--a-w c:\program files\Global.sw
2008-09-29 23:46 32,768 -csha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008092920080930\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-02-01 21898024]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"AOL Fast Start"="c:\program files\AOL 9.1a\AOL.EXE" [2008-06-03 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 49152]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"HostManager"="c:\program files\Common Files\AOL\1182108996\ee\AOLSoftware.exe" [2008-06-24 41824]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-25 282624]
"TomTomHOME.exe"="c:\program files\TomTom HOME\TomTomHOME.exe" [2007-03-14 3770024]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-03-13 185896]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"YOP"="c:\progra~1\Yahoo!\YOP\yop.exe" [2007-10-26 509224]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-04-23 66864]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-07-11 61440]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ lsdelete

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1182108996\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\AOL 9.1a\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-04-11 108289]
R2 ppsio2;PPDevice;c:\windows\SYSTEM32\DRIVERS\PPSIO2.SYS [2005-08-24 22400]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ANTIVIRSCHEDULERSERVICE
*NewlyCreated* - ANTIVIRSERVICE
*NewlyCreated* - AUJASNKJ
*NewlyCreated* - AVGIO
*NewlyCreated* - AVGNTFLT
*NewlyCreated* - AVIPBB
*NewlyCreated* - SSMDRV
*Deregistered* - ATWPKT2
*Deregistered* - aujasnkj

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4ebbd0d-5bd0-11dc-9a58-00038a000015}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Yahoo! Pager - c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.911.3380\GoogleToolbarNotifier.exe
HKLM-Run-PrimaLauncher - c:\windows\System32\Launcher.exe
HKLM-Run-BJCFD - c:\program files\BroadJump\Client Foundation\CFD.exe


.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: {5440FCEA-B8F7-235F-D8BE-03BD0794AE9E} - [You must be registered and logged in to see this link.]
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-04-11 19:19:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-04-11 19:21:53
ComboFix-quarantined-files.txt 2009-04-11 23:21:12

Pre-Run: 55,153,799,168 bytes free
Post-Run: 55,557,574,656 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

171 --- E O F --- 2009-04-11 02:41:57

marino2111
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-04-09
Gender Gender : Male
OS OS : vista
Points Points : 28046
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus and or malware??

Post by Belahzur on 11th April 2009, 11:34 pm

Any better now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus and or malware??

Post by marino2111 on 11th April 2009, 11:36 pm

ie opens momentarily then closes, so i'd say no better.

marino2111
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-04-09
Gender Gender : Male
OS OS : vista
Points Points : 28046
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus and or malware??

Post by marino2111 on 11th April 2009, 11:54 pm

I tried to install Firefox, it won't download. ????
Something holding it up.

marino2111
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-04-09
Gender Gender : Male
OS OS : vista
Points Points : 28046
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus and or malware??

Post by Belahzur on 11th April 2009, 11:56 pm

Hello.
Please post a new Hijack This log, there's a few things I want to try.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus and or malware??

Post by marino2111 on 12th April 2009, 12:00 am

Thanks for your valiant effort!!!!!!!!!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:58:12 PM, on 4/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\AOL\1182108996\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\AOL 9.1a\waol.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AOL 9.1a\shellmon.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1182108996\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1a\AOL.EXE" -b
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - [You must be registered and logged in to see this link.]
O16 - DPF: {5440FCEA-B8F7-235F-D8BE-03BD0794AE9E} - [You must be registered and logged in to see this link.]
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - [You must be registered and logged in to see this link.]
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - [You must be registered and logged in to see this link.]
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

--
End of file - 7940 bytes

marino2111
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-04-09
Gender Gender : Male
OS OS : vista
Points Points : 28046
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus and or malware??

Post by Belahzur on 12th April 2009, 12:11 am

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1182108996\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1a\AOL.EXE" -b
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O16 - DPF: {5440FCEA-B8F7-235F-D8BE-03BD0794AE9E} - [You must be registered and logged in to see this link.]


  • Press "Fix Checked"
  • Close Hijack This.

Reboot normally.
Your startup should be quicker, but we've also killed 2 lines that have effects on Internet Explorer.

Let me know how it is after a reboot.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus and or malware??

Post by marino2111 on 12th April 2009, 12:43 am

ie still shuts down and Direfox will not load???

marino2111
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-04-09
Gender Gender : Male
OS OS : vista
Points Points : 28046
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus and or malware??

Post by Belahzur on 12th April 2009, 1:32 am

Hello.
Just to clarify, you can access firefox.com, but not download it?

Find both of these folders in bold:

c:\program files\Mozilla Firefox(2)
c:\windows\ie8(2)

Right click each and remove the (2).
Any luck now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus and or malware??

Post by marino2111 on 12th April 2009, 1:41 am

Yes, I can access firefox.com, but nothing happens when i try to download.

I'll try finding those files and give it a try.

marino2111
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-04-09
Gender Gender : Male
OS OS : vista
Points Points : 28046
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus and or malware??

Post by Belahzur on 12th April 2009, 1:51 am

New idea.

Go to Start > Run. In the run box, copy and paste this in:

ipconfig /flushdns

Hit enter.

  • Now open a new notepad file.
  • Input this into the notepad file:

    Windows Registry Editor Version 5.00

    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]

  • Save this as fix.reg, save it to your desktop.
  • DO NOT run it yet.


Now disconnect from the internet. If you are on a router, pull the cable out temporarily.

Back on the Desktop, double-click on the fix.reg file you just saved and click on Yes when asked to merge the information.
Now try connecting to the internet again.

Connect to the internet again.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus and or malware??

Post by Belahzur on 12th April 2009, 1:57 am

Hello.

If that doesn't work, try this.

Go to C:\Program Files\Internet Explorer
look for ieproxy.dll
Move it to the system32 folder - C:\Windows\System32

Now go to Start > Run and type in:

regsvr32 ieproxy.dll

and press Enter.
Now try launching IE7 now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus and or malware??

Post by marino2111 on 12th April 2009, 2:12 am

i don't see c:\Windows\System32

the closest folder is c:\Windows\System

marino2111
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-04-09
Gender Gender : Male
OS OS : vista
Points Points : 28046
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus and or malware??

Post by marino2111 on 12th April 2009, 2:42 am

I tried to open internet options via the control panel and it won't open.
That's got to play into this mess somehow.

marino2111
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-04-09
Gender Gender : Male
OS OS : vista
Points Points : 28046
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus and or malware??

Post by marino2111 on 12th April 2009, 2:52 am

I'm sorry my very helpfull friend, but I need to get some sleep.
I guess we'll try again tomorrow.

You've been a great help. Thank you!!

marino2111
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-04-09
Gender Gender : Male
OS OS : vista
Points Points : 28046
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus and or malware??

Post by marino2111 on 13th April 2009, 1:41 am

Hi!! I've been very busy today with family over for the easter holiday.
I really would like to try to fix this mess for my dad.

If you're still interested in helping, I'll pop back on tomorrow evening.

Thanks again, you've been a great help. Honored

marino2111
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-04-09
Gender Gender : Male
OS OS : vista
Points Points : 28046
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus and or malware??

Post by Belahzur on 13th April 2009, 12:50 pm

Hello.
Same, we've both had busy days. Sad tearing

Lets use Combofix again, but with a custom script for your machine.

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

File::
c:\windows\system32\drivers\lvuvc.hs
c:\windows\system32\drivers\logiflt.iad

Folder::
c:\documents and settings\All Users\Application Data\Viewpoint

FileLook::
c:\program files\Global.sw

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus and or malware??

Post by marino2111 on 14th April 2009, 12:26 pm

ComboFix 09-04-14.08 - marino limauro 04/14/2009 8:12.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.685 [GMT -4:00]
Running from: c:\documents and settings\marino limauro\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\marino limauro\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
c:\windows\system32\drivers\logiflt.iad
c:\windows\system32\drivers\lvuvc.hs
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Viewpoint
c:\windows\system32\drivers\logiflt.iad
c:\windows\system32\drivers\lvuvc.hs

.
((((((((((((((((((((((((( Files Created from 2009-03-14 to 2009-04-14 )))))))))))))))))))))))))))))))
.

2009-04-10 13:55 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-10 13:55 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-10 13:30 . 2008-10-16 18:06 208744 ----a-w c:\windows\system32\muweb.dll
2009-04-10 13:30 . 2008-10-16 18:06 268648 ----a-w c:\windows\system32\mucltui.dll
2009-04-03 16:31 . 2008-10-16 18:06 27496 ----a-w c:\windows\system32\mucltui.dll.mui
2009-04-02 23:20 . 2009-04-10 13:23 -------- dc----w c:\windows\ie8
2009-04-02 22:14 . 2009-04-02 22:14 -------- d-----w c:\documents and settings\marino limauro\IECompatCache
2009-04-02 22:12 . 2009-04-02 22:12 -------- d-----w c:\documents and settings\LocalService\IETldCache
2009-04-02 22:09 . 2009-04-02 22:09 -------- d-----w c:\documents and settings\marino limauro\PrivacIE
2009-04-02 22:06 . 2009-04-02 22:06 -------- d-----w c:\documents and settings\marino limauro\IETldCache
2009-04-02 22:00 . 2009-04-10 13:24 -------- d-----w c:\windows\ie8updates
2009-04-02 20:41 . 2009-04-02 20:57 -------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-03-24 22:18 . 2009-03-24 22:18 -------- d-----w c:\documents and settings\marino limauro\Application Data\Malwarebytes
2009-03-24 22:18 . 2009-03-24 22:18 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-23 16:11 . 2003-04-18 00:26 79 ----a-w c:\windows\delay2.reg
2009-03-23 15:46 . 2009-03-23 15:46 35262 ----a-w c:\windows\marino limauro000.acl

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-11 23:15 . 2009-04-10 23:41 -------- d-----w c:\documents and settings\marino limauro\Application Data\U3
2009-04-11 18:01 . 2009-04-11 18:01 -------- d-----w c:\program files\Avira
2009-04-11 18:01 . 2009-04-11 18:01 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-04-11 17:32 . 2008-04-05 20:58 -------- d-----w c:\documents and settings\marino limauro\Application Data\Skype
2009-04-11 17:09 . 2004-07-22 11:26 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-11 17:07 . 2005-08-08 17:26 -------- d-----w c:\program files\Norton AntiVirus
2009-04-11 17:07 . 2004-07-22 11:26 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-04-11 14:39 . 2009-04-11 14:38 888 ----a-w C:\avenger.txt
2009-04-11 01:08 . 2004-07-22 11:17 -------- d-----w c:\program files\Java
2009-04-10 22:35 . 2007-09-15 17:11 971301 ----a-w C:\VETlog.txt
2009-04-10 22:35 . 2007-09-15 17:11 53562 ----a-w C:\VETlog.dmp
2009-04-10 21:14 . 2009-04-10 21:14 -------- d-----w c:\program files\Trend Micro
2009-04-10 13:55 . 2009-03-24 22:18 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-10 13:26 . 2008-06-16 02:52 -------- d-----w c:\program files\AOL 9.1a
2009-04-10 13:25 . 2007-12-22 18:20 -------- d-----w c:\program files\Yahoo!
2009-04-10 13:23 . 2009-04-02 23:36 -------- d-----w c:\program files\Windows Live Safety Center
2009-04-10 02:58 . 2009-04-10 02:56 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-10 02:58 . 2008-09-29 21:26 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-10 00:45 . 2007-12-22 18:32 -------- d-----w c:\documents and settings\All Users\Application Data\yahoo!
2009-04-09 23:34 . 2008-04-05 21:04 -------- d-----w c:\documents and settings\marino limauro\Application Data\skypePM
2009-03-14 00:27 . 2009-03-14 00:28 410984 ----a-w c:\windows\SYSTEM32\deploytk.dll
2009-02-13 15:31 . 2009-04-11 18:01 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-02-09 11:13 . 2008-10-15 05:44 1846784 ------w c:\windows\SYSTEM32\DLLCACHE\win32k.sys
2009-02-09 11:13 . 2003-07-15 21:01 1846784 ----a-w c:\windows\SYSTEM32\win32k.sys
2009-02-07 01:07 . 2008-07-09 21:36 3698584 ----a-w c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dat
2009-01-17 02:35 . 2006-05-19 15:08 3594752 ------w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
2008-04-05 21:04 . 2008-04-05 21:04 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2007-06-08 15:35 . 2005-08-08 15:51 29536 -c--a-w c:\documents and settings\marie limauro\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2007-06-07 22:20 . 2005-08-08 19:17 29536 -c--a-w c:\documents and settings\marino limauro\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2006-11-05 18:36 . 2006-11-05 18:36 560 -c--a-w c:\program files\Global.sw
2005-08-22 16:51 . 2005-08-22 16:51 137 -c--a-w c:\documents and settings\marino limauro\Local Settings\Application Data\fusioncache.dat
2005-08-22 16:28 . 2005-08-22 16:28 136 -c--a-w c:\documents and settings\marie limauro\Local Settings\Application Data\fusioncache.dat
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Global.sw -- Not a PE file.
File Size: 560
Created Time: 2006-11-05 18:36
Modified Time: 2006-11-05 18:36
Accessed Time: 2009-04-14 12:12
MD5: 6A226594ADB7CD283439380588A0CB20
SHA: 11A311E90A3AAB096F4E18B9FA48AC3F40006761


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"AOL Fast Start"="c:\program files\AOL 9.1a\AOL.EXE" [2008-06-03 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ lsdelete

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1182108996\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\AOL 9.1a\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-03-05 108289]
S2 ppsio2;PPDevice; [x]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8741b3c9-2614-11de-b551-00038a000015}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4ebbd0d-5bd0-11dc-9a58-00038a000015}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-04-14 08:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(5412)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\AOL\acs\AOLacsd.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\SYSTEM32\HPZipm12.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\AOL 9.1a\waol.exe
c:\program files\AOL 9.1a\shellmon.exe
c:\program files\Common Files\AOL\1182108996\ee\aolsoftware.exe
c:\windows\SYSTEM32\wscript.exe
.
**************************************************************************
.
Completion time: ~,10time:~,-3machine was rebootedCombobatch-by
ComboFix-quarantined-files.txt 2009-04-14 12:23
ComboFix2.txt 2009-04-11 23:21

Pre-Run: 55,468,511,232 bytes free
Post-Run: 55,469,252,608 bytes free

165 --- E O F --- 2009-04-11 02:41

marino2111
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-04-09
Gender Gender : Male
OS OS : vista
Points Points : 28046
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus and or malware??

Post by marino2111 on 14th April 2009, 12:32 pm

FYI... I looked for c:\windows\system32 and it's not there???? or it's not where it should be??

marino2111
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-04-09
Gender Gender : Male
OS OS : vista
Points Points : 28046
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus and or malware??

Post by Belahzur on 14th April 2009, 3:59 pm

Hello.
I want to use Combofix one more time.

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

Driver::
ppsio2

File::
c:\program files\Global.sw

DDS::
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus and or malware??

Post by marino2111 on 14th April 2009, 4:20 pm

ComboFix 09-04-14.09 - marino limauro 04/14/2009 12:08.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.678 [GMT -4:00]
Running from: c:\documents and settings\marino limauro\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\marino limauro\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
c:\program files\Global.sw
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Global.sw

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PPSIO2
-------\Service_ppsio2


((((((((((((((((((((((((( Files Created from 2009-03-14 to 2009-04-14 )))))))))))))))))))))))))))))))
.

2009-04-10 13:55 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-10 13:55 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-10 13:30 . 2008-10-16 18:06 208744 ----a-w c:\windows\system32\muweb.dll
2009-04-10 13:30 . 2008-10-16 18:06 268648 ----a-w c:\windows\system32\mucltui.dll
2009-04-03 16:31 . 2008-10-16 18:06 27496 ----a-w c:\windows\system32\mucltui.dll.mui
2009-04-02 23:20 . 2009-04-10 13:23 -------- dc----w c:\windows\ie8
2009-04-02 22:14 . 2009-04-02 22:14 -------- d-----w c:\documents and settings\marino limauro\IECompatCache
2009-04-02 22:12 . 2009-04-02 22:12 -------- d-----w c:\documents and settings\LocalService\IETldCache
2009-04-02 22:09 . 2009-04-02 22:09 -------- d-----w c:\documents and settings\marino limauro\PrivacIE
2009-04-02 22:06 . 2009-04-02 22:06 -------- d-----w c:\documents and settings\marino limauro\IETldCache
2009-04-02 22:00 . 2009-04-10 13:24 -------- d-----w c:\windows\ie8updates
2009-04-02 20:41 . 2009-04-02 20:57 -------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-03-24 22:18 . 2009-03-24 22:18 -------- d-----w c:\documents and settings\marino limauro\Application Data\Malwarebytes
2009-03-24 22:18 . 2009-03-24 22:18 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-23 16:11 . 2003-04-18 00:26 79 ----a-w c:\windows\delay2.reg
2009-03-23 15:46 . 2009-03-23 15:46 35262 ----a-w c:\windows\marino limauro000.acl

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-11 23:15 . 2009-04-10 23:41 -------- d-----w c:\documents and settings\marino limauro\Application Data\U3
2009-04-11 18:01 . 2009-04-11 18:01 -------- d-----w c:\program files\Avira
2009-04-11 18:01 . 2009-04-11 18:01 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-04-11 17:32 . 2008-04-05 20:58 -------- d-----w c:\documents and settings\marino limauro\Application Data\Skype
2009-04-11 17:09 . 2004-07-22 11:26 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-11 17:07 . 2005-08-08 17:26 -------- d-----w c:\program files\Norton AntiVirus
2009-04-11 17:07 . 2004-07-22 11:26 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-04-11 14:39 . 2009-04-11 14:38 888 ----a-w C:\avenger.txt
2009-04-11 01:08 . 2004-07-22 11:17 -------- d-----w c:\program files\Java
2009-04-10 22:35 . 2007-09-15 17:11 971301 ----a-w C:\VETlog.txt
2009-04-10 22:35 . 2007-09-15 17:11 53562 ----a-w C:\VETlog.dmp
2009-04-10 21:14 . 2009-04-10 21:14 -------- d-----w c:\program files\Trend Micro
2009-04-10 13:55 . 2009-03-24 22:18 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-10 13:26 . 2008-06-16 02:52 -------- d-----w c:\program files\AOL 9.1a
2009-04-10 13:25 . 2007-12-22 18:20 -------- d-----w c:\program files\Yahoo!
2009-04-10 13:23 . 2009-04-02 23:36 -------- d-----w c:\program files\Windows Live Safety Center
2009-04-10 02:58 . 2009-04-10 02:56 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-10 02:58 . 2008-09-29 21:26 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-10 00:45 . 2007-12-22 18:32 -------- d-----w c:\documents and settings\All Users\Application Data\yahoo!
2009-04-09 23:34 . 2008-04-05 21:04 -------- d-----w c:\documents and settings\marino limauro\Application Data\skypePM
2009-03-14 00:27 . 2009-03-14 00:28 410984 ----a-w c:\windows\SYSTEM32\deploytk.dll
2009-02-09 11:13 . 2008-10-15 05:44 1846784 ------w c:\windows\SYSTEM32\DLLCACHE\win32k.sys
2009-02-09 11:13 . 2003-07-15 21:01 1846784 ----a-w c:\windows\SYSTEM32\win32k.sys
2009-02-07 01:07 . 2008-07-09 21:36 3698584 ----a-w c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dat
2009-01-17 02:35 . 2006-05-19 15:08 3594752 ------w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
2008-04-05 21:04 . 2008-04-05 21:04 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2007-06-08 15:35 . 2005-08-08 15:51 29536 -c--a-w c:\documents and settings\marie limauro\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2007-06-07 22:20 . 2005-08-08 19:17 29536 -c--a-w c:\documents and settings\marino limauro\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2005-08-22 16:51 . 2005-08-22 16:51 137 -c--a-w c:\documents and settings\marino limauro\Local Settings\Application Data\fusioncache.dat
2005-08-22 16:28 . 2005-08-22 16:28 136 -c--a-w c:\documents and settings\marie limauro\Local Settings\Application Data\fusioncache.dat
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-14 16:12 . 2008-12-17 02:59 109080 c:\windows\temp\logishrd\LVPrcInj01.dll
- 2009-04-14 12:17 . 2008-12-17 02:59 109080 c:\windows\temp\logishrd\LVPrcInj01.dll
+ 2009-04-14 16:10 . 2005-10-21 00:02 163328 c:\windows\ERDNT\subs\ERDNT.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"AOL Fast Start"="c:\program files\AOL 9.1a\AOL.EXE" [2008-06-03 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ lsdelete

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1182108996\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\AOL 9.1a\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-03-05 108289]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8741b3c9-2614-11de-b551-00038a000015}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4ebbd0d-5bd0-11dc-9a58-00038a000015}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-04-14 12:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(5540)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\AOL\acs\AOLacsd.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\SYSTEM32\HPZipm12.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\AOL 9.1a\waol.exe
c:\program files\AOL 9.1a\shellmon.exe
c:\program files\Common Files\AOL\1182108996\ee\aolsoftware.exe
.
**************************************************************************
.
Completion time: ~,10time:~,-3machine was rebootedCombobatch-by
ComboFix-quarantined-files.txt 2009-04-14 16:18
ComboFix2.txt 2009-04-14 12:23
ComboFix3.txt 2009-04-11 23:21

Pre-Run: 55,445,807,104 bytes free
Post-Run: 55,361,519,616 bytes free

159 --- E O F --- 2009-04-11 02:41

marino2111
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-04-09
Gender Gender : Male
OS OS : vista
Points Points : 28046
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus and or malware??

Post by Belahzur on 14th April 2009, 4:24 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

Can you try IE now please.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus and or malware??

Post by marino2111 on 14th April 2009, 4:40 pm

Sorry, It started up and shut right back down!!

marino2111
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-04-09
Gender Gender : Male
OS OS : vista
Points Points : 28046
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus and or malware??

Post by Belahzur on 14th April 2009, 4:48 pm

Do you have your XP disc, we can try a repair install in case there is damage done by malware.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus and or malware??

Post by marino2111 on 14th April 2009, 4:59 pm

Yes I have an XP disc. Let give it a shot.
This disc is a DELL Operating System Disc. Reinstallation Disc
It contains Windows XP Home Edition including Service Pack 1A.

If that'll work I'm ready when you are.

marino2111
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-04-09
Gender Gender : Male
OS OS : vista
Points Points : 28046
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus and or malware??

Post by Belahzur on 14th April 2009, 5:02 pm

SP1a is kinda old, but it might work.
Details on how to do a repair install [in detail] here:
[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus and or malware??

Post by marino2111 on 14th April 2009, 8:10 pm

I found an SP2 disc. I started the repair process. The repair program deleted a bunch of files, then reinstalled a bunch of files. Then, I got the "Blue Screen of Death" with the error BAD_POOL_CALLER. I've restarted twice, only to get the same outcome. Any ideas???

marino2111
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-04-09
Gender Gender : Male
OS OS : vista
Points Points : 28046
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus and or malware??

Post by Belahzur on 14th April 2009, 8:15 pm

It probably didn't like the SP1 disc, did you try with SP2?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus and or malware??

Post by marino2111 on 14th April 2009, 8:22 pm

That was the SP2 disc???

marino2111
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-04-09
Gender Gender : Male
OS OS : vista
Points Points : 28046
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus and or malware??

Post by marino2111 on 14th April 2009, 8:24 pm

Maybe I should just buy a new HD and start all over!!!

marino2111
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-04-09
Gender Gender : Male
OS OS : vista
Points Points : 28046
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus and or malware??

Post by Belahzur on 14th April 2009, 8:37 pm

I doubt you need a new HD, maybe just need to format, the backdoor bot at the start of this thread has done some deeper damage.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus and or malware??

Post by marino2111 on 14th April 2009, 9:10 pm

How do I do the reformat on the HD?

marino2111
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-04-09
Gender Gender : Male
OS OS : vista
Points Points : 28046
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus and or malware??

Post by Belahzur on 14th April 2009, 9:25 pm

Read the information in some of my links provided in this post:
[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus and or malware??

Post by marino2111 on 14th April 2009, 10:56 pm

The computer seems to be stuck in setup mode for installing Windows XP.
It won't start in safe mode. When I let it start normally it tries to run the setup for fixing Windows XP, and then crashes with the BAD_POOL_CALLER error.

marino2111
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-04-09
Gender Gender : Male
OS OS : vista
Points Points : 28046
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus and or malware??

Post by Belahzur on 14th April 2009, 11:13 pm

Hmm.
You sure it's stuck? because I know the setup puts the press F2 key to continue right at the bottom of the script instead of in the middle.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum