ungreen

Members
  • Content count

    29
  • Joined

  • Last visited

About ungreen

  • Rank
    New Member

Contact Methods

  • ICQ
    0
  1. Thanks again After reading the instructions on formatting...I will bring it in somewhere... Do you think its safe to save any of my stuff to disc B4 I bring it in? Or does that risk saving the virus as well?
  2. Okee Dokee...It said the same thing, same window popped up saying not a valid app... How would I format and reinstall? I don't have windows discs...Should I just bring it in somewhere? And Thanks for all your help and time
  3. I am trying to run the HaxFix...a window won't go away...it says "C:\HaxFix\vfind.exe is not a valid Win32 application" First a window popped up saying " C:\HaxFix\swreg is not a valid Win32 application" I cliked ok and now the 2nd window won't go away...also in the red window it says access denied for everything it is trying to check...I keep cliking on ok, but it just keeps popping up, I dont want to shut down the program in case that does something bad, so I'll just keep cliking ok til I get ur response...Thanks
  4. Holy! it does take a long time I went out to an appt while waiting LOL I did the quick scan when I got home...Here's the log Malwarebytes' Anti-Malware 1.36 Database version: 2059 Windows 5.1.2600 Service Pack 3 4/29/2009 3:33:53 PM mbam-log-2009-04-29 (15-33-53).txt Scan type: Quick Scan Objects scanned: 73208 Time elapsed: 6 minute(s), 2 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\drivers\mrxdavv.sys (Rootkit.Agent.H) -> Delete on reboot. C:\WINDOWS\system32\kwave.sys (Trojan.Agent) -> Delete on reboot. Same ones...
  5. Oh! I did not know that...I think I'm about halfway through the full scan again LOL...still only 1 thing infected (knock on wood) Back shortly
  6. Ok, I'm scaning with Malware and its already got 1 thing infected...will post the log when done... BOOHOOO!! I've been to youtube and facebook this morn...and checked my gmail and hotmail. thats it. Be back again
  7. P.S. Again LOL...Do I need to change my passwords again?
  8. Cool! that worked. Do I need to run any more scans or is everything alright now? Thank you sooooo much for your help! My Mozilla seems to be fast again, I haven't checked anything else yet...a little nervous still...LOL Just wondered about a final scan to make sure?
  9. OK I uninstalled daemon tools, it said successfully uninstalled, but it won't let me delete the last folder left behind.It is empty, but It says Daemon tools is being used by another program... I also uninstalled MAGIX Photo editor/Graphic designer...BOOO! It was a really cool program! It let me delete all the leftover folders. Should I do any other scans now? and what about this thing? "Firebird SQL Server-MAGIX Edition" Do you know if it's from the MAGIX program as well? Should I take it out? Thanks again! Keep Smiling!
  10. P.S. In my control panel there's a thing called "Firebird SQL Server-MAGIX Edition" does this have anything to do with it?
  11. Well that sucks! I think it must be the Magix program...Do I uninstall that through the start menu or the control panel? And once I access it to delete or uninstall, will it activate the virus again?
  12. Illegal like programs downloaded from utorrent?
  13. Are you guys allowed to recommend a really good anti virus program? So this won't happen again? I purchased Mcafee when I bought this comp, but started to have problems with it awhile ago, so I uninstalled it and went with the free AVG for now...
  14. Combofix log...AVG wouldn't let me shut off the resident shield, I unchecked the box, but it still said active. At the end of the scan it said it was off, so I don't know. When I cliked on combofix to start a window popped up saying..."windows cannot find.grpconv. please make sure you spelled it correctly and try again" no file extensions or anything else. Here's the log ComboFix 09-04-27.05 - Administrator 04/29/2009 8:43.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.224 [GMT -4:00] Running from: c:\documents and settings\Administrator\Desktop\fonts\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\mrxdavv.sys c:\windows\system32\kwave.sys . ((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-29 ))))))))))))))))))))))))))))))) . 2009-04-27 11:02 . 2009-04-27 11:01 8768 ----a-w c:\windows\system32\drivers\mcdbus.sys 2009-04-27 11:02 . 2009-04-27 11:01 8768 ----a-w c:\windows\system32\drivers\iksysflt.sys 2009-04-27 11:02 . 2009-04-27 11:01 8768 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys 2009-04-25 17:52 . 2009-04-25 17:52 -------- d-----w c:\documents and settings\Administrator\Application Data\Alien Skin 2009-04-25 15:22 . 2009-04-25 15:22 -------- d-----w C:\XaraInfo 2009-04-17 04:08 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll 2009-04-17 04:08 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe 2009-04-17 04:08 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll 2009-04-17 04:08 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe 2009-04-17 04:08 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll 2009-04-17 04:08 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe 2009-04-17 04:08 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll 2009-04-17 04:08 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll 2009-04-17 04:08 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll 2009-04-17 04:08 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll 2009-04-17 04:07 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll 2009-04-17 04:07 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe 2009-04-11 17:00 . 2009-04-11 17:00 -------- d-----w c:\documents and settings\Administrator\Application Data\gtk-2.0 2009-04-11 17:00 . 2009-04-11 17:00 -------- d-----w c:\documents and settings\Administrator\.thumbnails 2009-04-11 16:45 . 2009-04-11 16:46 -------- d-----w c:\documents and settings\Administrator\.gimp-2.6 2009-04-11 16:45 . 2009-04-11 16:45 -------- d-----w c:\documents and settings\Administrator\.gegl-0.0 2009-04-08 14:11 . 2009-04-08 14:21 -------- d-----w C:\My Recordings 2009-04-08 14:08 . 2009-04-08 14:08 -------- d-----w c:\program files\FREE Hi-Q Recorder 2009-03-30 21:17 . 2009-03-30 21:17 -------- d-----w c:\program files\bfgclient 2009-03-30 21:16 . 2009-03-30 21:33 -------- d-----w c:\documents and settings\All Users\Application Data\BigFishGamesCache . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-27 11:01 . 2009-03-15 01:35 8768 ----a-w c:\windows\system32\drivers\sptd.sys 2009-04-27 02:14 . 2008-06-17 00:18 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-04-23 02:34 . 2008-04-22 19:00 38136 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-06 19:32 . 2008-08-15 03:49 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-06 19:32 . 2008-06-17 00:18 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-04-04 16:44 . 2008-04-22 21:42 -------- d-----w c:\program files\Java 2009-03-29 14:01 . 2009-03-29 14:01 -------- d-----w c:\program files\WMV9_VCM 2009-03-29 14:00 . 2009-03-29 13:50 -------- d-----w c:\program files\MAGIX 2009-03-29 13:55 . 2009-03-29 13:55 -------- d-----w c:\program files\Common Files\xara 2009-03-29 12:33 . 2009-03-29 12:33 -------- d-----w c:\program files\FACES 2009-03-29 04:24 . 2009-03-29 04:24 5535 ----a-w c:\program files\man.an8 2009-03-15 13:28 . 2009-03-15 13:28 -------- d-----w c:\program files\Microsoft Games 2009-03-15 01:50 . 2009-03-15 01:42 -------- d-----w c:\program files\DAEMON Tools Pro 2009-03-10 14:20 . 2009-03-03 17:47 -------- d-----w c:\program files\GreenScreenWizardPro 2009-03-09 09:19 . 2008-11-26 05:53 410984 ----a-w c:\windows\system32\deploytk.dll 2009-03-06 14:22 . 2004-08-04 07:56 284160 ----a-w c:\windows\system32\pdh.dll 2009-03-05 01:57 . 2009-03-05 01:26 -------- d-----w c:\program files\Common Files\ACD Systems 2009-03-03 00:18 . 2004-08-04 07:56 826368 ----a-w c:\windows\system32\wininet.dll 2009-03-02 14:22 . 2008-05-30 16:56 -------- d-----w c:\program files\Windows Live 2009-03-02 14:20 . 2008-12-22 23:30 -------- d-----w c:\program files\MySpace 2009-03-02 14:17 . 2008-12-31 18:29 -------- d-----w c:\program files\Minilyrics 2009-02-22 22:33 . 2008-11-25 17:20 304160 ----a-w C:\PA207.DAT 2009-02-20 18:09 . 2004-08-04 07:56 78336 ----a-w c:\windows\system32\ieencode.dll 2009-02-12 13:14 . 2008-09-04 05:26 10520 ----a-w c:\windows\system32\avgrsstx.dll 2009-02-12 13:14 . 2008-09-04 05:26 325128 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-02-12 13:14 . 2008-09-04 05:26 107272 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-02-09 12:10 . 2004-08-04 07:56 729088 ----a-w c:\windows\system32\lsasrv.dll 2009-02-09 12:10 . 2008-04-22 23:30 714752 ----a-w c:\windows\system32\ntdll.dll 2009-02-09 12:10 . 2004-08-04 07:56 401408 ----a-w c:\windows\system32\rpcss.dll 2009-02-09 12:10 . 2004-08-04 07:56 617472 ----a-w c:\windows\system32\advapi32.dll 2009-02-09 11:13 . 2004-08-04 06:17 1846784 ----a-w c:\windows\system32\win32k.sys 2009-02-07 23:02 . 2004-08-04 15:00 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe 2009-02-06 23:20 . 2008-08-29 17:20 43520 ----a-w c:\windows\system32\CmdLineExt03.dll 2009-02-06 11:11 . 2004-08-04 07:56 110592 ----a-w c:\windows\system32\services.exe 2009-02-06 11:08 . 2004-08-04 06:20 2189056 ----a-w c:\windows\system32\ntoskrnl.exe 2009-02-06 10:39 . 2001-08-18 05:36 35328 ----a-w c:\windows\system32\sc.exe 2009-02-03 19:59 . 2004-08-04 07:56 56832 ----a-w c:\windows\system32\secur32.dll 2008-08-15 03:43 . 2008-08-15 03:43 6399 ----a-w c:\program files\birdthing.an8 2007-04-03 01:46 . 2008-07-20 02:20 1818678 ----a-w c:\program files\Anim8or.exe . ((((((((((((((((((((((((((((( SnapShot@2009-04-28_17.40.06 ))))))))))))))))))))))))))))))))))))))))) . + 2009-04-29 12:48 . 2009-04-29 12:48 16384 c:\windows\Temp\Perflib_Perfdata_524.dat + 2008-09-06 03:29 . 2009-03-11 02:18 934792 c:\windows\system32\WgaTray.exe + 2008-09-06 03:30 . 2009-03-11 02:18 239496 c:\windows\system32\WgaLogon.dll + 2008-09-06 03:29 . 2009-03-11 02:18 934792 c:\windows\system32\dllcache\WgaTray.exe + 2008-09-06 03:30 . 2009-03-11 02:18 239496 c:\windows\system32\dllcache\wgaLogon.dll + 2008-03-20 22:06 . 2009-03-11 02:18 1482112 c:\windows\system32\LegitCheckControl.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "srmclean"="c:\cpqs\Scom\srmclean.exe" [2001-07-24 36864] "SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-06 524800] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-07-09 36352] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-12 1601304] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712] "Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-5-31 113664] Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "EnableProfileQuota"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-02-12 13:14 10520 ----a-w c:\windows\system32\avgrsstx.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"= "c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"= "c:\\WINDOWS\\system32\\fxsclnt.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "23458:TCP"= 23458:TCP:utorrent R1 jnv4_mib;jnv4_mib; [x] R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900] R3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208] R3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112] R3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [2007-04-23 108680] R3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488] R3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [2007-04-23 98568] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-02-12 325128] S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-02-12 107272] S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-02-12 903960] S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-12 298264] S3 PAC207;PC Camer@;c:\windows\system32\DRIVERS\PFC027.SYS [2006-11-20 506112] . Contents of the 'Scheduled Tasks' folder 2009-04-25 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 21:57] 2009-04-15 c:\windows\Tasks\Disk Cleanup.job - c:\windows\system32\cleanmgr.exe [2004-08-04 00:12] . . ------- Supplementary Scan ------- . DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://212.123.135.131/activex/AMC.cab DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\nusa4g6n.default\ FF - prefs.js: network.proxy.type - 4 FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\nusa4g6n.default\extensions\OberonGameHost@OberonGames.com\platform\WINNT_x86-msvc\plugins\npOberonGameHost.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true. ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-29 08:48 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(1172) c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\AVG\AVG8\avgtray.exe c:\program files\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\program files\AVG\AVG8\avgcsrvx.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2009-04-29 8:55 - machine was rebooted ComboFix-quarantined-files.txt 2009-04-29 12:55 ComboFix2.txt 2009-04-28 22:42 ComboFix3.txt 2009-04-28 21:15 ComboFix4.txt 2009-04-28 17:46 Pre-Run: 13,463,236,608 bytes free Post-Run: 13,453,983,744 bytes free 199 --- E O F --- 2009-04-22 07:01
  15. OH MAN!!!! Can you tell me which exact thing is infected? I went to facebook last night and changed a bunch of passwords at a bunch of sites, I opened the Magix program to check it and winamp, checked both my emails,and changed passwords...My son's comp is hooked up through a router with mine, could he be giving me bad stuff? And Holy Canoli! you guys must have all the patience in the world...I'm getting a love/hate relationship with the comp now!! LOL Back soon again