|
|
|
Micro AV 2009 Virus **Insane**
|
|
|
zoktai
Account closed as per user's own request
|
11. September 2008 @ 13:06 |
Link to this message
|
Micro AntiVirus Pop-up wormy thing!
Hello!
This little bitch of a virus made it into my PC today to mess up my whole works but I managed to get rid of it with a combination of spyware progs and "SmitFraud-fix" which I highly recomend after today...
*deep breath*
...However, now my Internet browsers don't work. Opera Firefox or IE7 on XP. I'm connected, MSN and Torrents work etc but no browsing, its probably something simple ive overlooked. I've tried disabling all startup/services etc in msconfig to no avail. Any Suggestions?!
Cheers. Zok
|
|
Advertisement
|
 |
|
|
Senior Member
|
11. September 2008 @ 21:41 |
Link to this message
|
Hi zoktai
Before we begin the cleanup process, it is important to do a little analysis first. We will analyze your computer with a tool called HijackThis.
Please download the HijackThis zip file. Save it onto a convenient place in your computer, and then unzip the file.
Rename HijackThis(.exe) to scanner(.exe).
Next, run scanner(.exe). A window will pop up.
? Click on the button which says Main Menu, then Do a system scan and save a logfile.
? Please wait for the scan to be completed.
? After the scan has completed, a text window will pop up. Please post the contents of this window here.
This will also be located at hijackthis(.txt) in the same folder that HijackThis was originally saved.
NOTE:: Do not fix anything using HijackThis, as this may also damage legitimate components of your computer.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
scheezits
Newbie
|
12. September 2008 @ 14:47 |
Link to this message
|
Hi, i'm new to this forum but found it because i was searching for a way to remove Micro Virus 2009. So i'm going to download Hijackthis and post a log of what it finds. Please help me once I have!!!
-Paul
|
Senior Member
|
13. September 2008 @ 04:41 |
Link to this message
|
|
Sure, scheezits. Follow my instructions exactly as they say it.
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
compujas
Newbie
|
13. September 2008 @ 17:51 |
Link to this message
|
I'm new here now because of this apparent virus. Below is my logfile from HijackThis as requested. Any ideas how to get rid of it. It seems like all those YUR*.exe files in the system directory are causing at least part of the problem. I also deleted the MicroAV folder under Program Files. Please help. Thanks.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:47:21 PM, on 9/13/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Fraps\fraps.exe
C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
C:\Program Files (x86)\Ideazon\Reaper\Reaper_Settings.exe
C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\Pidgin\pidgin.exe
C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files (x86)\Mozilla Firefox 3 Beta 4\firefox.exe
C:\Users\Jason\Desktop\scanner.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: QXK Olive - {E6F9AADF-82B2-4F60-9482-23FF506C3535} - C:\Windows\vmgspntbbtx.dll
O3 - Toolbar: fqbewlna - {CF83D74E-ED31-490D-B8EA-DA20D79F79EB} - C:\Windows\fqbewlna.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [\YUR5516.exe] C:\Windows\system32\YUR5516.exe
O4 - HKLM\..\Run: [\YUR55B2.exe] C:\Windows\system32\YUR55B2.exe
O4 - HKLM\..\Run: [\YUR590D.exe] C:\Windows\system32\YUR590D.exe
O4 - HKLM\..\Run: [\YUR5AC3.exe] C:\Windows\system32\YUR5AC3.exe
O4 - HKLM\..\Run: [ANTIVIRUS] "C:\Program Files (x86)\MicroAV\MicroAV.exe"
O4 - HKCU\..\Run: [Reaper Gaming Mouse] C:\PROGRA~2\Ideazon\Reaper\Reaper_Settings.exe
O4 - HKCU\..\Run: [LaunchList] C:\Program Files (x86)\Pinnacle\TVCenter Pro\LaunchList2.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [\YUR5516.exe] C:\Windows\system32\YUR5516.exe
O4 - HKCU\..\Run: [\YUR55B2.exe] C:\Windows\system32\YUR55B2.exe
O4 - HKCU\..\Run: [\YUR590D.exe] C:\Windows\system32\YUR590D.exe
O4 - HKCU\..\Run: [\YUR5AC3.exe] C:\Windows\system32\YUR5AC3.exe
O4 - HKCU\..\Run: [ANTIVIRUS] C:\Program Files (x86)\MicroAV\MicroAV.exe
O4 - HKCU\..\Run: [\YURA131.exe] C:\Windows\system32\YURA131.exe
O4 - HKCU\..\Run: [\YURA095.exe] C:\Windows\system32\YURA095.exe
O4 - HKCU\..\Run: [\YURA0D3.exe] C:\Windows\system32\YURA0D3.exe
O4 - HKCU\..\Run: [\YURB248.exe] C:\Windows\system32\YURB248.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Pidgin.lnk = C:\Program Files (x86)\Pidgin\pidgin.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll
O21 - SSODL: mgxfebsq - {820ECD0B-FC4F-4724-92BD-4499730C3CCA} - C:\Windows\mgxfebsq.dll
O21 - SSODL: dtseqrxk - {2F9D62DE-9220-433C-9406-FAF79F1FE05B} - C:\Windows\dtseqrxk.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UltiDev Cassini Web Server for ASP.NET 2.0 - UltiDev LLC - C:\Program Files (x86)\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11060 bytes
|
|
compujas
Newbie
|
13. September 2008 @ 18:22 |
Link to this message
|
|
There was also a PCHealthCenter folder in Program Files as well which came up as a virus, so I deleted the whole folder. It had files 0.exe, 1.exe, 2.exe, ... up to 7.exe. Those were also running at the time of all the popups and attacks, which I killed and then the stuff promptly went away.
|
Senior Member
|
14. September 2008 @ 02:05 |
Link to this message
|
Hey compujas
Now, please download ComboFix.
With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
Please disable all security programs, such as antiviruses, antispywares, and firewalls.
Also disable your internet connection.
? Run Combo-Fix.exe and follow the prompts.
**Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.
? Wait for the scan to be completed.
? If it requires a reboot, please do it.
? After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)
Do not click on the ComoboFix window, as it may cause it to stall.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
This message has been edited since posting. Last time this message was edited on 14. September 2008 @ 02:07
|
|
ataboo
Newbie
|
14. September 2008 @ 07:25 |
Link to this message
|
|
Hey guys sorry to butt in but my PC has completely identical symptoms and I tried running combofix. It gives the message that it found a root kit and needs to reboot, but on reboot I get the screen saying vista can't boot up because combo_fix.sys is missing or corrupt (dos-esque) menu. I get the same message in safe mode. I managed to startup the computer by reverting to the last boot settings option for startup. When vista starts it asks if I want to run combofix.exe again and if I click yes nothing happens. Any ideas would be greatly appreciated.
Alex Raboud
|
|
compujas
Newbie
|
14. September 2008 @ 09:00 |
Link to this message
|
I tried running Combofix, but it says it's good for Win2k and XP only (I have Vista).
I think I managed to fix the problem anyway. I deleted those two folders that I said, and ran a trial version of Nod32 which found a few things and deleted them. Everything seems to work fine now. I also used HijackThis to get rid of those lines with YUR*.exe in the system folder as well as anything MicroAV related.
|
|
scheezits
Newbie
|
14. September 2008 @ 09:07 |
Link to this message
|
|
I was able to get Microvirus off nicely without haveing to use hijack this, so thank you for the help you would have given me :-)
|
|
ataboo
Newbie
|
14. September 2008 @ 10:35 |
Link to this message
|
Good to hear other people are having luck with this one. I'm still having problems. Now the infected pc won't boot in last configuration after trying combofix. I'm trying the recovery disk now to see if it can repair it. last time I had it running pccillin picked up a few .dlls in system32/ infected by vundo type trojans but was unable to delete or quarantine them. If I can get the pc to boot again I can send you a hijack log and the scan log if you want.
thanks
|
|
kbrown410
Newbie
|
14. September 2008 @ 16:21 |
Link to this message
|
I got his virus this afternoon.
I removed it fairly simply, to be honest.
First, I removed the desktop icons they installed, then restarted at "Last Known...."
Then shredded the MicroAV folder in Program Files, using Tune-Up Utilities, and later the PCHealth Center folder mentioned above (after I found this thread)
Then I entered the Registry, and deleted all MicroAV keys I found.
Using CCleaner, I then cleaned the registry problems, cleaned the disk, and did the same again with the Tune-Up utilities reg cleaner.
I also deleted the startup keys created that I found in CCleaner, searching for them using the Tune-Up reg editor (one was a string of "8"s, the other a HEX code)
Now, I am clean, and working fine.
Took me the best part of 90 minutes to be sure, but my computer is old and takes a while to load/shut down.
Hope this helps - and basically, beware what you download from torrents (that's where my version came from, in an AV program ironically)
|
|
TheMadBag
Newbie
|
14. September 2008 @ 18:59 |
Link to this message
|
Confirmed... I grabbed the CCleaner that the previous posted mentioned... Used the CCleaner to work through my registry (fairly easy and intuitive to use) then did a system restore from the late time I performed my auto updates.
All symptoms gone.
Even pain can work out to gain.
|
|
jswany
Suspended due to non-functional email address
|
15. September 2008 @ 08:53 |
Link to this message
|
hi, im new to this site. I have just got rid of this virus. I tried many of things including everything on this page and nothing worked it kept coming back, but after many frustrating hours i found a program that gets rid of the virus then ran a second program to get rid of the spyware.
The first program i used was Combofix Download, this is a very easy to use program with no installation needed (please note the program when ran may look like it has crashed but hasn't its just doing its thing, once its detected the infection it will reboot your pc and clean it, do NOT use any programs once rebooted until combofix displays the dialog report and has finished, plz dont click the dialog box whilst its running as this WILL slow it down).
The second program i ran was SuperAntiSpyware Download.
This is a simple spyware removal program that will remove the remainder of the spyware.
I Hope this helps for anyone else with the same problem.
Both the programs mentioned are FREE
|
Senior Member
|
15. September 2008 @ 10:00 |
Link to this message
|
*sniff sniff.... everyone's getting clean without my help... i'm so sad :(
Just kidding. Glad to see all of you got clean at the same time, using simple methods. Indeed, Google may be your best friend when it comes to rogue antimalware programs. Researching is always good.
If any of you have problems, feel free to get help here.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
kbrown410
Newbie
|
17. September 2008 @ 06:22 |
Link to this message
|
I got clean.
Then I got infected. Couldn't get rid of this one (same one again, but with different actions (couldn't check Genuine Windows, VIRUS ALERT! in system tray, virus shite background, so on)) - so I only had one option, complete re-install.
Works, but a last resort. No idea what file I had opened either time to load the virus. Cunts
|
|
mpowell52
Inactive
|
17. September 2008 @ 16:11 |
Link to this message
|
As luck would have it I just took AVG off my computer to try One Care from Microsoft and bam... 3 days later I get this AV Micro 2009. Yea, Yea, I know I should have never gone without being protected. But then I quess most of us make some mistakes in life. Anyway, I have read this thread and downloaded hijackthis. Below is a copy of the log it produced. I appreciate any help I can get.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:51:04 PM, on 9/17/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\rsvp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\DOCUME~1\OWNER~1.PAM\LOCALS~1\Temp\Temporary Directory 1 for HiJackThis.zip\HijackThis.exe
C:\DOCUME~1\OWNER~1.PAM\LOCALS~1\Temp\Temporary Directory 2 for HiJackThis.zip\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O13 - DefaultPrefix:
O15 - Trusted Zone: *.fnismls.com
O15 - Trusted Zone: *.getmedianow.com
O15 - Trusted Zone: *.live.com
O15 - Trusted Zone: *.virtualearth.net
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1177680780828
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/controls/cpcScanner.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll
O23 - Service: Intel(R) Alert Service (AlertService) - Intel Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 9473 bytes
|
Senior Member
|
18. September 2008 @ 08:49 |
Link to this message
|
Hi mpowell52
First, please download ComboFix.
With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
Please disable all security programs, such as antiviruses, antispywares, and firewalls.
Also disable your internet connection.
? Run Combo-Fix.exe and follow the prompts.
**Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.
? Wait for the scan to be completed.
? If it requires a reboot, please do it.
? After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)
Do not click on the ComoboFix window, as it may cause it to stall.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
sharib
Newbie
|
18. September 2008 @ 18:21 |
Link to this message
|
Hi, I'm desperately hoping someone here can help me. I was doing some stuff on my boss's computer today and ended up infecting his computer with this nasty virus, Microsoft AV 2009.....i tried to get rid of it on my own...tried shredding some files with spybot search and destroy. I can now only get the computer up in safe mode. Try to do a system restore to earlier today and it won't perform the restore.
Also I ran the combofix program to post a report. Also I can't even restart the computer without it going to a blue error screen on shutdown.
Here is the report....Please HELP ME!!!! My boss is very computer dependent for his business and Friday will be a horrible day if I don't fix this....I think I may need a miracle. Thank You So Much!!!
ComboFix 08-09-16.05 - Billy 2008-09-18 17:59:28.1 - NTFSx86 MINIMAL
Running from: J:\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Billy\Cookies\billy@2o7[2].txt
C:\Documents and Settings\Billy\Cookies\billy@ads.pointroll[2].txt
C:\Documents and Settings\Billy\Cookies\billy@ehg.fedex[1].txt
C:\Documents and Settings\Billy\Cookies\billy@insightexpressai[1].txt
C:\Documents and Settings\Billy\Cookies\billy@media6degrees[1].txt
C:\Documents and Settings\Billy\Cookies\billy@specificclick[2].txt
C:\Documents and Settings\Billy\Cookies\billy@trafficmp[2].txt
C:\Documents and Settings\Billy\Cookies\billy@www35.vzw[2].txt
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\byXOiFXp.dll
C:\WINDOWS\system32\Cpl32ver.exe
C:\WINDOWS\system32\eOXHNnnn.ini
C:\WINDOWS\system32\eOXHNnnn.ini2
C:\WINDOWS\system32\lbqbhvey.ini
C:\WINDOWS\system32\nnnNHXOe.dll
C:\WINDOWS\system32\ogtmxg.dll
C:\WINDOWS\system32\rqRIXqno.dll
C:\WINDOWS\system32\tdssadw.dll
C:\WINDOWS\system32\tdssinit.dll
C:\WINDOWS\system32\tdssl.dll
C:\WINDOWS\system32\tdsslog.dll
C:\WINDOWS\system32\tdssmain.dll
C:\WINDOWS\system32\tdssserf.dll
C:\WINDOWS\system32\tdssservers.dat
C:\WINDOWS\system32\winghy32.dll
C:\WINDOWS\system32\yevhbqbl.dll
C:\WINDOWS\system32\yivhmrtu.dll
C:\WINDOWS\system32\YUR1DB.exe
.
((((((((((((((((((((((((( Files Created from 2008-08-18 to 2008-09-18 )))))))))))))))))))))))))))))))
.
2008-09-18 17:50 . 2006-11-29 13:54 <DIR> d--h----- C:\Documents and Settings\QBDataServiceUser18\Application Data\Gtek
2008-09-18 17:50 . 2006-11-15 21:52 <DIR> d-------- C:\Documents and Settings\QBDataServiceUser18\Application Data\ATI
2008-09-18 17:50 . 2008-09-18 17:50 <DIR> d-------- C:\Documents and Settings\QBDataServiceUser18
2008-09-18 17:12 . 2008-09-18 17:49 5,760 --a------ C:\WINDOWS\system32\drivers\restore.sys
2008-09-18 15:50 . 2008-09-18 15:50 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-18 15:50 . 2008-09-18 16:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-18 15:46 . 2008-09-18 15:46 <DIR> d-------- C:\quarantine
2008-09-18 15:46 . 2008-09-18 07:45 166,400 --a------ C:\WINDOWS\system32\MicroAV.cpl
2008-09-18 15:46 . 2008-09-18 17:49 32,256 --a------ C:\WINDOWS\system32\drivers\ati7djxx.sys
2008-09-18 15:46 . 2008-09-18 15:46 5,136 --a------ C:\WINDOWS\system32\imod3.dll
2008-09-18 15:40 . 1997-03-31 03:28 462,336 --a------ C:\WINDOWS\system32\TDBGS32.OCX
2008-09-18 15:40 . 1998-06-23 11:30 203,011 --a------ C:\WINDOWS\system32\DBLIST32.OCX
2008-09-18 15:40 . 1998-06-18 01:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2008-09-18 15:24 . 2007-07-30 14:44 3,518,464 --a------ C:\WINDOWS\system32\cdintf300.dll
2008-09-18 15:24 . 2007-06-28 14:09 1,843,200 --a------ C:\WINDOWS\system32\acXMLParser.dll
2008-09-18 15:21 . 2008-09-18 16:19 <DIR> d-------- C:\Program Files\Intuit
2008-09-18 15:21 . 2008-09-18 15:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Intuit
2008-09-18 15:19 . 2008-09-18 15:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\COMMON FILES
2008-09-17 10:38 . 2008-09-17 10:38 22 --a------ C:\WINDOWS\LOGO.INI
2008-09-17 10:27 . 2008-09-17 10:27 <DIR> d-------- C:\Program Files\MySoftware
2008-09-17 10:27 . 2008-09-17 10:29 <DIR> d-------- C:\Program Files\Common Files\MySoftware
2008-08-31 14:41 . 2008-08-31 14:42 <DIR> d-------- C:\61af56d367a28f892243
2008-08-19 12:32 . 2008-08-19 12:32 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-08-19 10:32 . 2008-04-13 20:12 7,680 --a------ C:\WINDOWS\system32\spdwnwxp.exe
2008-08-18 18:46 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll
2008-08-18 18:46 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-08-18 12:50 . 2008-09-17 11:52 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-08-18 12:46 . 2008-08-18 12:46 <DIR> d-------- C:\Program Files\MSECache
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-18 21:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-17 14:37 --------- d-----w C:\Program Files\Java
2008-09-17 14:26 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-08 14:27 --------- d-----w C:\Documents and Settings\Billy\Application Data\NCH Software
2008-08-08 14:23 --------- d-----w C:\Program Files\NCH Software
2008-08-08 14:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Software
2008-07-19 21:07 --------- d-----w C:\Documents and Settings\Billy\Application Data\U3
2004-08-04 11:00 94,784 --sh--w C:\WINDOWS\twain.dll
2004-08-04 11:00 50,688 --sh--w C:\WINDOWS\twain_32.dll
2006-11-29 18:08 88 --sh--r C:\WINDOWS\system32\443E554886.sys
2008-02-11 14:05 8 --sha-r C:\WINDOWS\system32\A857CCCBFD.sys
2004-08-04 11:00 1,028,096 --sh--w C:\WINDOWS\system32\mfc42.dll
2004-08-04 11:00 54,784 --sh--w C:\WINDOWS\system32\msvcirt.dll
2004-08-04 11:00 413,696 --sh--w C:\WINDOWS\system32\msvcp60.dll
2004-08-04 11:00 343,040 --sh--w C:\WINDOWS\system32\msvcrt.dll
2007-12-04 18:38 550,912 --sh--w C:\WINDOWS\system32\oleaut32.dll
2004-08-04 11:00 83,456 --sh--w C:\WINDOWS\system32\olepro32.dll
2004-08-04 11:00 11,776 --sh--w C:\WINDOWS\system32\regsvr32.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingB772"="command" [X]
"SpybotDeletingD877"="del" [X]
"SpybotDeletingB8203"="command" [X]
"SpybotDeletingD2381"="del" [X]
"SpybotDeletingB7219"="command" [X]
"SpybotDeletingD2302"="del" [X]
"SpybotDeletingB8119"="command" [X]
"SpybotDeletingD2252"="del" [X]
"SpybotDeletingB8811"="command" [X]
"SpybotDeletingD4004"="del" [X]
"SpybotDeletingB2245"="command" [X]
"SpybotDeletingD6359"="del" [X]
"SpybotDeletingB7514"="command" [X]
"SpybotDeletingD5532"="del" [X]
"SpybotDeletingB6072"="command" [X]
"SpybotDeletingD7099"="del" [X]
"SpybotDeletingB7917"="command" [X]
"SpybotDeletingD3633"="del" [X]
"SpybotDeletingB9544"="command" [X]
"SpybotDeletingD3765"="del" [X]
"SpybotDeletingB4538"="command" [X]
"SpybotDeletingD4641"="del" [X]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-11-15 26112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-11-15 98304]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" [2004-08-18 94208]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 139320]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 147514]
"FlashIcon"="C:\Program Files\Dane-Elec\USB 2.0 Card Reader Driver v2.3b\FlashIcon.exe" [2004-12-28 40960]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-08-23 196608]
"HPHmon03"="C:\WINDOWS\system32\hphmon03.exe" [2001-08-23 311296]
"CXMon"="C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" [2001-08-09 45056]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Tracker"="C:\Program Files\MySoftware\MyInvoices2\tracker.exe" [2007-01-23 114688]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 C:\WINDOWS\stsystra.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"LabelMaker2.0"="C:\Program Files\Common Files\MySoftware\regdll.dll" [2006-08-03 94208]
C:\Documents and Settings\Billy\Start Menu\Programs\Startup\
VirtualExpander.lnk - C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe [2007-08-29 434176]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-12-12 113664]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-11-15 24576]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\imod3]
2008-09-18 15:46 5136 C:\WINDOWS\system32\imod3.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati7djxx.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WinBoats (Local Data)\\WinBoats.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
R0 ati7djxx;ati7djxx;C:\WINDOWS\system32\Drivers\ati7djxx.sys [2008-09-18 32256]
S2 QuickBooksDB18;QuickBooksDB18;C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe [2006-09-13 128536]
S3 Dot4Usb HPH09;Dot4Usb HPH09;C:\WINDOWS\system32\drivers\hphius09.sys [2001-08-23 18864]
S3 filter;filter;C:\WINDOWS\system32\drivers\filter.sys [2004-11-26 8832]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [ ]
S3 restore;restore;C:\WINDOWS\system32\drivers\restore.sys [2008-09-18 5760]
S4 agp440;Intel AGP Bus Filter;C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-04 42368]
S4 agpCPQ;Compaq AGP Bus Filter;C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-04 44928]
S4 alim1541;ALI AGP Bus Filter;C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-04 42752]
S4 sisagp;SIS AGP Bus Filter;C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-04 41088]
S4 viaagp;VIA AGP Bus Filter;C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-04 42240]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d79625b-da3a-11dc-9e65-0019d10ce7a0}]
\Shell\AutoRun\command - J:\LaunchU3.exe -a
.
- - - - ORPHANS REMOVED - - - -
BHO-{2d7bb11f-44ad-4943-9212-bc882cba20ff} - C:\WINDOWS\system32\ogtmxg.dll
BHO-{BC0069D3-47BD-4CDA-8AB6-AE880C9C003F} - C:\WINDOWS\system32\nnnNHXOe.dll
BHO-{DA2E0515-F0D5-4773-8191-400CCD50783B} - C:\WINDOWS\system32\rqRIXqno.dll
ShellIconOverlayIdentifiers-{E4000AC4-5E5F-4956-807A-C5854405D64F} - %SystemRoot%\system32\VirtualExpander\VEShellExt.dll
HKCU-Run-\YUR1B7.exe - C:\Windows\system32\YUR1B7.exe
HKCU-Run-\YUR1B8.exe - C:\Windows\system32\YUR1B8.exe
HKCU-Run-\YUR1B9.exe - C:\Windows\system32\YUR1B9.exe
HKCU-Run-\YUR1BA.exe - C:\Windows\system32\YUR1BA.exe
HKCU-Run-\YURD.exe - C:\Windows\system32\YURD.exe
HKCU-Run-\YURE.exe - C:\Windows\system32\YURE.exe
HKCU-Run-\YURF.exe - C:\Windows\system32\YURF.exe
HKCU-Run-\YUR10.exe - C:\Windows\system32\YUR10.exe
HKLM-Run-Google Desktop Search - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
HKLM-Run-\YUR1B7.exe - C:\Windows\system32\YUR1B7.exe
HKLM-Run-\YUR1B8.exe - C:\Windows\system32\YUR1B8.exe
HKLM-Run-\YUR1B9.exe - C:\Windows\system32\YUR1B9.exe
HKLM-Run-\YUR1BA.exe - C:\Windows\system32\YUR1BA.exe
HKLM-Run-ANTIVIRUS - C:\Program Files\MicroAV\MicroAV.exe
HKLM-Run-1ccd5b1f - C:\WINDOWS\system32\yevhbqbl.dll
HKLM-Run-\YUR1DB.exe - C:\Windows\system32\YUR1DB.exe
HKLM-Run-\YURD.exe - C:\Windows\system32\YURD.exe
HKLM-Run-\YURE.exe - C:\Windows\system32\YURE.exe
HKLM-Run-\YURF.exe - C:\Windows\system32\YURF.exe
HKLM-Run-\YUR10.exe - C:\Windows\system32\YUR10.exe
HKLM-Run-\YUR72.exe - C:\Windows\system32\YUR72.exe
HKLM-Run-\YUR73.exe - C:\Windows\system32\YUR73.exe
ShellExecuteHooks-{DA2E0515-F0D5-4773-8191-400CCD50783B} - C:\WINDOWS\system32\rqRIXqno.dll
Notify-winghy32 - winghy32.dll
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: Copy to &Lightning Note - C:\Program Files\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O16 -: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} - hxxp://71.1.7.66:50000/SysCamInst.cab
C:\WINDOWS\Downloaded Program Files\install.inf
C:\WINDOWS\Downloaded Program Files\ipv6cam.ocx
C:\WINDOWS\Downloaded Program Files\AudioClient.ocx
O16 -: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
C:\WINDOWS\Downloaded Program Files\OberonGameHost_dbg.inf
C:\WINDOWS\Downloaded Program Files\OberonGameHost.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-18 1?»àòÔ\ëâ«?ë}ô¼'õ?G?çöâª�ð¥?ñ¹Ç��¿»�í�ÚYþ«:�ö�ºÏ�ï�ð\�Î?çwÇû à97Î?s?ß=*??wûêu?IÅ�àÝ��Í�É÷@ùøÜ�àãzçõ£?�ç?tÎ?s�º�¼?évþ�?Ã? ô³|îI½£Èá�Hã�È?s?í«¯í³À»�î=õ®�?�ï�a.½Ì£úÑ}Ô·£µÔ{?í}?rF
?Ç´?¡û,ðn·»Àþ�?ë\ý �¼gnØn×;·ÕµÔ;iwkf??û�úá?¢5@w5ÌFðÎ2?wRï�´=à=sàúBªÑËåN?+à}�ð?÷?*Âú?àySÌLÀ{/¢?ç½Rï?"ª
Ê�Ûíz×9<£÷�ðÞ�|¹Ý�«±ö,ð�ø� ?�Q%íAê?TI?w�T-½�
ßeJß۵Ⱥhg�ýL+?¤Æ3Ð} ïqº?z§?ê�Ýf�ð?bª ö5J Ùå®�Í�x�ô3«Ôø^§ý?bæ§:t�|ÇóN!Õ?$?
¼§?* ??Të?ÐÙ¤ó�x��¼?¨êöÚM?çM1ó3];�ø¾IÇß?ç��(ª��QmÅT[ê]®w?óíÜ�]àÝÚ?�T¥À?:Ltü?bfâyO²}»Þ£Sï¸H{�ÕVLµ¥ÞÕùTê�ß©??i}ó¹×�ß©?5�+k??�ðqº;õ.çª?À�¥Ë�Þ]Pµô2øZéh�Ð9ÄõÞ43�ýÌ�u?¹ý¼)fþIë´��îX
©�� é?÷*¦?^æ¨`�.÷cÜÒ�¿»æcÂý àý1up[qÕ_k>÷aÂó~L×á?
¿�Þ»Ï=©w�?rÜ?F×�¿û0�Â�Õµ °Øñ�ð?Ó?Bz?N X·Ôû¯�¼ÇçÞSïJn?
|
|
bibhash84
Newbie
|
18. September 2008 @ 19:18 |
Link to this message
|
hi.. i got this virus and followed the instructions on this thread. here's my log file from HijackThis!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:11:43 AM, on 9/19/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20815)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\DaemonTools_WhenUSaveNow_Installer\DaemonTools_WhenUSaveNow_Installer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Styler\Styler.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Sify Broadband\BBClient.exe
C:\Program Files\Sify Broadband\BBImpSec.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\scanner.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R3 - URLSearchHook: (no name) - {f592709f-ff4a-4862-b659-4afabda56312} - (no file)
O1 - Hosts: 203.27.235.25 www.payseal.icicibank.com
O1 - Hosts: 210.210.19.82 www.sifymall.com
O2 - BHO: (no name) - {70D11273-F4B5-41BF-B7A9-D383DC6F5906} - C:\WINDOWS\system32\efcATNGv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: {84e8b8e8-175e-a138-52f4-2e6b8092adfa} - {afda2908-b6e2-4f25-831a-e5718e8b8e48} - C:\WINDOWS\system32\whotbx.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: (no name) - {f592709f-ff4a-4862-b659-4afabda56312} - (no file)
O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [DaemonTools_WhenUSaveNow_Installer] C:\Program Files\DaemonTools_WhenUSaveNow_Installer\DaemonTools_WhenUSaveNow_Installer.exe
O4 - HKLM\..\Run: [\YURB0AA.exe] C:\Windows\system32\YURB0AA.exe
O4 - HKLM\..\Run: [\YURB0AB.exe] C:\Windows\system32\YURB0AB.exe
O4 - HKLM\..\Run: [\YURB0AC.exe] C:\Windows\system32\YURB0AC.exe
O4 - HKLM\..\Run: [\YURB0AD.exe] C:\Windows\system32\YURB0AD.exe
O4 - HKLM\..\Run: [ANTIVIRUS] C:\Program Files\MicroAV\MicroAV.exe
O4 - HKLM\..\Run: [645134f6] rundll32.exe "C:\WINDOWS\system32\oakwawdm.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKCU\..\Run: [SifyBB] C:\Program Files\Sify Broadband\BBImpSec.exe
O4 - HKCU\..\Run: [\YURB0AA.exe] C:\Windows\system32\YURB0AA.exe
O4 - HKCU\..\Run: [\YURB0AB.exe] C:\Windows\system32\YURB0AB.exe
O4 - HKCU\..\Run: [\YURB0AC.exe] C:\Windows\system32\YURB0AC.exe
O4 - HKCU\..\Run: [\YURB0AD.exe] C:\Windows\system32\YURB0AD.exe
O4 - HKCU\..\Run: [ANTIVIRUS] C:\Program Files\MicroAV\MicroAV.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Styler.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Download with GetRight Pro - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1215648502390
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15102/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{82BD5E09-5DCE-4F0E-A7CD-963D54BF269F}: NameServer = 202.144.50.4,202.144.66.6
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: whotbx.dll
O20 - Winlogon Notify: khfdeFxY - C:\WINDOWS\SYSTEM32\khfdeFxY.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 9006 bytes
Next, i used Combocleaner and here is combo's log
ComboFix 08-09-16.05 - Bibhash 2008-09-19 4:18:19.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1399 [GMT 5.5:30]
Running from: C:\Documents and Settings\Bibhash\Desktop\Combo-Fix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Bibhash\Cookies\bibhash@ad.yieldmanager[1].txt
C:\Documents and Settings\Bibhash\Cookies\bibhash@clicktorrent[1].txt
C:\Documents and Settings\Bibhash\Cookies\bibhash@www.wowwiki[2].txt
C:\Program Files\MicroAV
C:\Program Files\MicroAV\MicroAV.exe
C:\Program Files\MicroAV\MicroAV.ooo
C:\Program Files\MicroAV\MicroAV0.dat
C:\Program Files\MicroAV\MicroAV1.dat
C:\Program Files\PCHealthCenter\0.exe
C:\Program Files\PCHealthCenter\0.gif
C:\Program Files\PCHealthCenter\1.exe
C:\Program Files\PCHealthCenter\1.gif
C:\Program Files\PCHealthCenter\1.ico
C:\Program Files\PCHealthCenter\2.exe
C:\Program Files\PCHealthCenter\2.gif
C:\Program Files\PCHealthCenter\2.ico
C:\Program Files\PCHealthCenter\3.exe
C:\Program Files\PCHealthCenter\3.gif
C:\Program Files\PCHealthCenter\4.exe
C:\Program Files\PCHealthCenter\5.exe
C:\Program Files\PCHealthCenter\7.exe
C:\Program Files\PCHealthCenter\sc.html
C:\WINDOWS\system32\1.ico
C:\WINDOWS\system32\2.ico
C:\WINDOWS\system32\efcATNGv.dll
C:\WINDOWS\system32\khfdeFxY.dll
C:\WINDOWS\system32\mdwawkao.ini
C:\WINDOWS\system32\opnooOfC.dll
C:\WINDOWS\system32\vGNTAcfe.ini
C:\WINDOWS\system32\vGNTAcfe.ini2
C:\WINDOWS\system32\YURB0AA.exe
C:\WINDOWS\system32\YURB0AB.exe
C:\WINDOWS\system32\YURB0AC.exe
C:\WINDOWS\system32\YURB0AD.exe
C:\x
.
((((((((((((((((((((((((( Files Created from 2008-08-18 to 2008-09-18 )))))))))))))))))))))))))))))))
.
2008-09-19 04:22 . 2008-09-19 04:22 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-09-19 04:22 . 2008-09-19 04:22 <DIR> d-------- C:\Program Files\microsoft frontpage
2008-09-19 04:22 . 2008-09-19 04:22 74 ---hs---- C:\WINDOWS\system32\mdwawkao.ini
2008-09-19 04:11 . 2008-09-19 04:11 137,344 --a------ C:\WINDOWS\system32\whotbx.dll
2008-09-19 04:11 . 2008-09-19 04:11 137,344 --a------ C:\WINDOWS\system32\gvkapxam.dll
2008-09-19 04:11 . 2008-09-19 04:11 103,552 --a------ C:\WINDOWS\system32\oakwawdm.dll
2008-09-19 04:05 . 2007-06-28 14:36 401,720 --a------ C:\scanner.exe
2008-09-19 04:01 . 2008-09-19 04:21 <DIR> d-------- C:\Program Files\PCHealthCenter
2008-09-17 02:40 . 2008-09-17 02:40 <DIR> d-------- C:\Program Files\DaemonTools_WhenUSaveNow_Installer
2008-09-17 02:39 . 2008-09-17 02:39 <DIR> d-------- C:\Program Files\DAEMON Tools
2008-09-17 02:39 . 2008-09-17 02:39 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
2008-09-17 02:37 . 2008-09-17 02:37 643,072 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-09-17 02:37 . 2008-09-17 02:37 96,384 --a------ C:\WINDOWS\system32\drivers\sptd3325.sys
2008-09-13 19:08 . 2008-09-13 19:11 <DIR> d-------- C:\Program Files\ABC Amber LIT Converter
2008-09-11 22:47 . 2008-09-11 22:50 <DIR> d-------- C:\Program Files\Google
2008-09-05 01:01 . 2008-09-05 01:01 <DIR> d-------- C:\Program Files\Webteh
2008-09-05 01:01 . 2008-09-05 01:01 <DIR> d-------- C:\Program Files\BS.Player ControlBar
2008-09-05 01:01 . 2008-09-05 01:01 <DIR> d-------- C:\Documents and Settings\Bibhash\Application Data\BSplayer Pro
2008-09-05 01:01 . 2008-09-05 05:39 <DIR> d-------- C:\Documents and Settings\Bibhash\Application Data\BSplayer
2008-08-28 02:51 . 2008-08-28 02:51 <DIR> d-------- C:\Documents and Settings\Bibhash\Application Data\vlc
2008-08-28 02:49 . 2008-08-28 02:49 <DIR> d-------- C:\Program Files\VideoLAN
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-18 22:44 --------- d-----w C:\Documents and Settings\Bibhash\Application Data\uTorrent
2008-09-18 11:28 --------- d-----w C:\Program Files\Minilyrics
2008-09-18 08:29 --------- d-----w C:\Documents and Settings\Bibhash\Application Data\Broadband
2008-09-18 08:04 --------- d-----w C:\Documents and Settings\Bibhash\Application Data\AVG7
2008-09-16 21:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-06 18:45 --------- d-----w C:\Program Files\Winamp
2008-09-04 18:45 --------- d-----w C:\Program Files\GetRight
2008-08-14 17:12 --------- d-----w C:\Program Files\Java
2008-08-12 12:26 2,829 ----a-w C:\WINDOWS\War3Unin.pif
2008-08-12 12:26 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2008-08-07 17:23 --------- d-----w C:\Program Files\Common Files\Ahead
2008-08-07 17:23 --------- d-----w C:\Program Files\Ahead
2008-07-28 10:25 --------- d-----w C:\Program Files\EasySify 2
2008-07-28 06:13 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-07-28 06:13 --------- d-----w C:\Documents and Settings\Bibhash\Application Data\teamspeak2
2008-07-27 00:04 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-26 23:43 --------- d-----w C:\Program Files\MKVtoolnix
2008-07-26 23:41 --------- d-----w C:\Program Files\AviSynth 2.5
2008-07-26 23:40 --------- d-----w C:\Program Files\StaxRip
2008-07-25 16:54 --------- d-----w C:\Documents and Settings\Bibhash\Application Data\AdobeUM
2008-07-19 14:41 --------- d-----w C:\Documents and Settings\Bibhash\Application Data\GetRight Pro
2008-07-19 08:54 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-18 19:17 --------- d-----w C:\Program Files\Subdownloader
2008-07-18 10:40 --------- d-----w C:\Program Files\Unlocker
2008-07-18 10:38 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-07-18 10:38 --------- d--h--r C:\Documents and Settings\Bibhash\Application Data\SecuROM
2008-07-03 23:22 413,696 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-07-03 23:22 102,400 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-07-03 21:37 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-06-19 20:58 3,127 ----a-w C:\WINDOWS\system32\presetup.cmd
2008-06-19 20:58 28,672 ----a-w C:\WINDOWS\system32\setupold.exe
2008-06-19 20:46 52,736 ----a-w C:\WINDOWS\system32\wzcsapi.dll
2008-06-19 20:46 52,224 ----a-w C:\WINDOWS\system32\dmutil.dll
2008-06-19 20:46 483,840 ----a-w C:\WINDOWS\system32\wzcsvc.dll
2008-06-19 20:46 47,616 ----a-w C:\WINDOWS\system32\iyuv_32.dll
2008-06-19 20:46 35,328 ----a-w C:\WINDOWS\system32\pid.dll
2008-06-19 20:46 294,912 ----a-w C:\WINDOWS\system32\msh263.drv
2008-06-19 20:46 20,992 ----a-w C:\WINDOWS\system32\hid.dll
2008-06-19 20:46 2,023,936 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-06-19 20:46 16,896 ----a-w C:\WINDOWS\system32\msyuv.dll
2008-06-19 20:43 990,208 ----a-w C:\WINDOWS\system32\syssetup.dll
2008-06-19 20:43 140,288 ----a-w C:\WINDOWS\system32\sfc_os.dll
2008-06-19 20:41 98,304 ----a-w C:\WINDOWS\system32\makecab.exe
2008-06-19 20:40 443,752 ----a-w C:\WINDOWS\system32\d3dx10_34.dll
2008-06-19 20:40 443,752 ----a-w C:\WINDOWS\system32\d3dx10_33.dll
2008-06-19 20:40 3,850,760 ----a-w C:\WINDOWS\system32\D3DX9_38.dll
2008-06-19 20:40 3,786,760 ----a-w C:\WINDOWS\system32\D3DX9_37.dll
2008-06-19 20:40 3,734,536 ----a-w C:\WINDOWS\system32\d3dx9_36.dll
2008-06-19 20:40 3,727,720 ----a-w C:\WINDOWS\system32\d3dx9_35.dll
2008-06-19 20:40 3,497,832 ----a-w C:\WINDOWS\system32\d3dx9_34.dll
2008-06-19 20:40 3,495,784 ----a-w C:\WINDOWS\system32\d3dx9_33.dll
2008-06-19 20:40 3,426,072 ----a-w C:\WINDOWS\system32\d3dx9_32.dll
2008-06-19 20:40 2,414,360 ----a-w C:\WINDOWS\system32\d3dx9_31.dll
2008-06-19 20:40 2,297,552 ----a-w C:\WINDOWS\system32\d3dx9_26.dll
2008-06-19 20:40 176,640 ----a-w C:\WINDOWS\system32\taskmgr.exe
2008-06-19 20:39 8,636 ----a-w C:\WINDOWS\modifyPE.exe
2008-06-19 20:39 61,440 ----a-w C:\WINDOWS\system32\CopyToSendTo.dll
2008-06-19 20:39 394,240 ----a-w C:\WINDOWS\system32\HMTCD.dll
2008-06-19 20:39 269,312 ----a-w C:\WINDOWS\upx.exe
2008-06-19 20:39 114,688 ----a-w C:\WINDOWS\system32\cabarc.exe
.
------- Sigcheck -------
2008-06-20 02:13 361344 68f06fe0021b01e670af37b8c5964fdf C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-23 11:28 2306560 8c4050bd9fd87e23cded28ffa889b0ba C:\WINDOWS\system32\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{afda2908-b6e2-4f25-831a-e5718e8b8e48}]
2008-09-19 04:11 137344 --a------ C:\WINDOWS\system32\whotbx.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2C688203-7EB3-4327-9995-1CB417BA23F9}"= "C:\Program Files\BS.Player ControlBar\BSToolbar.dll" [2008-08-13 757192]
[HKEY_CLASSES_ROOT\clsid\{2c688203-7eb3-4327-9995-1cb417ba23f9}]
[HKEY_CLASSES_ROOT\BSToolbar.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{1FC79FB5-E4BD-48c8-B2E9-B8E74DB2C3A9}]
[HKEY_CLASSES_ROOT\BSToolbar.ToolBandObj]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2C688203-7EB3-4327-9995-1CB417BA23F9}"= "C:\Program Files\BS.Player ControlBar\BSToolbar.dll" [2008-08-13 757192]
[HKEY_CLASSES_ROOT\clsid\{2c688203-7eb3-4327-9995-1cb417ba23f9}]
[HKEY_CLASSES_ROOT\BSToolbar.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{1FC79FB5-E4BD-48c8-B2E9-B8E74DB2C3A9}]
[HKEY_CLASSES_ROOT\BSToolbar.ToolBandObj]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"CreativeTaskScheduler"="C:\Program Files\Creative\Shared Files\CTSched.exe" [2006-11-17 53341]
"SifyBB"="C:\Program Files\Sify Broadband\BBImpSec.exe" [2006-04-21 127085]
"SetDefaultMIDI"="MIDIDef.exe" [2005-04-22 C:\WINDOWS\MIDIDEF.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LClock"="C:\Program Files\LClock\LClock.exe" [2004-09-19 65536]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 13529088]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 86016]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-07-04 579584]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-02-28 180224]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 133016]
"DaemonTools_WhenUSaveNow_Installer"="C:\Program Files\DaemonTools_WhenUSaveNow_Installer\DaemonTools_WhenUSaveNow_Installer.exe" [2006-03-30 148480]
"645134f6"="C:\WINDOWS\system32\oakwawdm.dll" [2008-09-19 103552]
"nwiz"="nwiz.exe" [2008-05-02 C:\WINDOWS\system32\nwiz.exe]
"P17Helper"="SPIRun.dll" [2006-07-03 C:\WINDOWS\system32\SPIRun.dll]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-07-04 219136]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" [2008-06-20 C:\WINDOWS\system32\advpack.dll]
C:\Documents and Settings\Bibhash\Start Menu\Programs\Startup\
Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1996-11-21 111376]
Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1996-11-21 51984]
Styler.lnk - C:\Documents and Settings\Bibhash\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2008-07-04 15086]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=whotbx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= C:\WINDOWS\system32\xvidvfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"mW[íµ�??Ö¾`=µú¾?v%S8?ÿÙêé>grl>?Ý�\�?Ð=?à�Û±Þ"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"E:\\Battlefield 2\\BF2.exe"=
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-{f592709f-ff4a-4862-b659-4afabda56312} - (no file)
BHO-{70D11273-F4B5-41BF-B7A9-D383DC6F5906} - C:\WINDOWS\system32\efcATNGv.dll
Toolbar-{f592709f-ff4a-4862-b659-4afabda56312} - (no file)
WebBrowser-{F592709F-FF4A-4862-B659-4AFABDA56312} - (no file)
HKCU-Run-\YURB0AA.exe - C:\Windows\system32\YURB0AA.exe
HKCU-Run-\YURB0AB.exe - C:\Windows\system32\YURB0AB.exe
HKCU-Run-\YURB0AC.exe - C:\Windows\system32\YURB0AC.exe
HKCU-Run-\YURB0AD.exe - C:\Windows\system32\YURB0AD.exe
HKLM-Run-\YURB0AA.exe - C:\Windows\system32\YURB0AA.exe
HKLM-Run-\YURB0AB.exe - C:\Windows\system32\YURB0AB.exe
HKLM-Run-\YURB0AC.exe - C:\Windows\system32\YURB0AC.exe
HKLM-Run-\YURB0AD.exe - C:\Windows\system32\YURB0AD.exe
HKLM-Run-ANTIVIRUS - C:\Program Files\MicroAV\MicroAV.exe
ShellExecuteHooks-{52A96517-3690-45C7-98A9-1DD379F9D9B5} - C:\WINDOWS\system32\khfdeFxY.dll
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Bibhash\Application Data\Mozilla\Firefox\Profiles\3av6d288.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.bsplayer-search.com/startpage
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-19 04:22:35
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINDOWS\system32\mdwawkao.ini 294 bytes
scan completed successfully
hidden files: 1
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Styler\Styler.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Combo-Fix\pv.cfexe
.
**************************************************************************
.
Completion time: 2008-09-19 4:23:51 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-18 22:53:49
Pre-Run: 43,855,466,496 bytes free
Post-Run: 44,707,328,000 bytes free
269
My problem is that i still get an occasional pop-up while running IE7 (around every 5 mins) and the PcHealthCenter folder is still there in my c:\program files
Please tell me what should i do to fix this! Thanks to ur previous instructions the annoying MicroAV window is gone :)
|
Senior Member
|
19. September 2008 @ 08:25 |
Link to this message
|
|
Both sharib and bibhash84, hi!
First thing: Please do not crowd other people's thread. It makes it confusing to help so many people at the same time, and the instructions may get confused. I will help you, but I will post in different posts below. Also, please do not follow instructions meant for others. It may be harmful towards your own computer.
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
This message has been edited since posting. Last time this message was edited on 19. September 2008 @ 08:53
|
Senior Member
|
19. September 2008 @ 08:34 |
Link to this message
|
For sharib
We need a special cleaner for this. I don't know if you have the time and resources, but try it anyway.
Time to use a boot cd. Please download Antivir RescueCD, run it to burn a cd (on a different computer), and then boot your computer using the cd. Run a scan, and see how your computer turns out.
Notes:
1.You have to click space after highlighting English as a language to select it.
2. As an option, select "Rename files that cannot be repaired" or something like that.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
Senior Member
|
19. September 2008 @ 08:46 |
Link to this message
|
For bibhash84
Please download Superantispyware Free and install it. Follow the prompts and reboot if required.
Launch Superantispyware Free either by running C:\Program Files\SUPERANTISPYWARE.exe or right-click on the SuperAntispyware icon in your task bar (it looks like a bug) and click on Scan for Spyware, Adware, Malware...
Configuring SuperAntispyware
? Click on Preferences.
? In the tab General and Startup, make sure the box Start SuperAntispyware when Windows starts is unchecked. This will prevent SuperAntispyware from starting everytime, because it may interfere with other fixes that may be run.
? Navigate to the tab Scanning Control.
? Make sure only these boxes are checked:
Close browsers before scanning
Scan for tracking cookies
Terminate memory threats before quarantining
Scan Alternate Data Streams
Use Kernel Direct File Access (recommended)
Use Kernel Direct Registry Access (recommended)
Use Direct Disk Access (recommended)
? Click on Close.
Updating SuperAntispyware
? At the main window, click on Check for Updates....
? Wait for SuperAntispyware to be fully updated.
Scanning Time
? Boot into safe mode by repeatedly pressing the F8 key after you press the power button. If safe mode does not work, tell me and do the scan in normal mode.
? Launch SuperAntispyware.
? At the main window, click on Scan your Computer....
? Make sure all drives (excluding CD drives) are checked, select Perform Complete Scan, and then click on Next.
? Wait for the scan to complete, and then click on Next>. This will quarantine and remove all detected items.
? Reboot your computer.
Post A Log
? Launch SuperAntispyware
? Click on Preferences
? Navigate to the tab Statistics/Logs.
? Choose the latest scan log, and the click on View Log....
? Copy and paste the contents of the log here in your next post.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
Senior Member
|
19. September 2008 @ 08:46 |
Link to this message
|
|
Sorry... double post.
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
This message has been edited since posting. Last time this message was edited on 19. September 2008 @ 08:52
|
|
Advertisement
|
|
|
|
sharib
Newbie
|
19. September 2008 @ 11:03 |
Link to this message
|
|
sorry, I didn't know that I should have posted under a new thread...I saw all of the other posts and thought that I could just reply.
Anyways I will give this a try. Thank You!
|
|
