Jump to content

Jhettie

Members
  • Posts

    9
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Im gonna try and get a new hard drive and install SP3. I ran windows update so i guess im good to go for now. Thank you for all the support!
  2. All done except upgrading to SP3, because I only have 2GB of diskspace left. When i upgraded to SP3 a long time ago my PC ran out of space >_< I dowloaded Critical Security Updates though. I'll just be careful next time and update my antivirus/firewall/antispyware programs regularly. Sadly, I'm gonna be stuck to SP2 unless i buy another computer with a better OS, lol. Any suggestions on how to secure my computer would be much appreciated. Thanks again!
  3. Submittted >> c:\windows\IFinst27.exe Im not sure if this is what youre looking for from VirusTotal. eSafe 7.0.17.0 2009.09.10 Suspicious File Sunbelt 3.2.1858.2 2009.09.10 Trojan.Win32.Generic!BT heres the whole log: Antivirus Version Last Update Result a-squared 4.5.0.24 2009.09.10 - AhnLab-V3 5.0.0.2 2009.09.10 - AntiVir 7.9.1.14 2009.09.10 - Antiy-AVL 2.0.3.7 2009.09.10 - Authentium 5.1.2.4 2009.09.09 - Avast 4.8.1351.0 2009.09.10 - AVG 8.5.0.412 2009.09.10 - BitDefender 7.2 2009.09.10 - CAT-QuickHeal 10.00 2009.09.10 - ClamAV 0.94.1 2009.09.10 - Comodo 2275 2009.09.10 - DrWeb 5.0.0.12182 2009.09.10 - eSafe 7.0.17.0 2009.09.10 Suspicious File eTrust-Vet 31.6.6729 2009.09.10 - F-Prot 4.5.1.85 2009.09.09 - F-Secure 8.0.14470.0 2009.09.10 - Fortinet 3.120.0.0 2009.09.10 - GData 19 2009.09.10 - Ikarus T3.1.1.72.0 2009.09.10 - Jiangmin 11.0.800 2009.09.10 - K7AntiVirus 7.10.840 2009.09.09 - Kaspersky 7.0.0.125 2009.09.10 - McAfee 5736 2009.09.09 - McAfee+Artemis 5736 2009.09.09 - McAfee-GW-Edition 6.8.5 2009.09.10 - Microsoft 1.5005 2009.09.10 - NOD32 4414 2009.09.10 - Norman 6.01.09 2009.09.10 - nProtect 2009.1.8.0 2009.09.10 - Panda 10.0.2.2 2009.09.09 - PCTools 4.4.2.0 2009.09.10 - Prevx 3.0 2009.09.10 - Rising 21.46.34.00 2009.09.10 - Sophos 4.45.0 2009.09.10 - Sunbelt 3.2.1858.2 2009.09.10 Trojan.Win32.Generic!BT Symantec 1.4.4.12 2009.09.10 - TheHacker 6.3.4.3.399 2009.09.09 - TrendMicro 8.950.0.1094 2009.09.10 - VBA32 3.12.10.10 2009.09.10 - ViRobot 2009.9.10.1928 2009.09.10 - VirusBuster 4.6.5.0 2009.09.10 - Additional information File size: 65536 bytes MD5 : 9c17bca3ef837bacded7e4299508e71d SHA1 : 253c7e956ad6cb66e0e47e5d9a6a19d78e9c96e0 SHA256: 2405e5479aeb7d43d1362969b9c439e5931b8f900f9adfe0faaa986365415193 PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x29940 timedatestamp.....: 0x3A2E957D (Wed Dec 6 20:37:33 2000) machinetype.......: 0x14C (Intel I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 UPX0 0x1000 0x1A000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e UPX1 0x1B000 0xF000 0xEC00 7.91 6651d2390d2f4d60a07cea9b1bf3450e .rsrc 0x2A000 0x1000 0x1000 3.39 79f1a804b29384e18fb2b8c70a0e867d ( 8 imports ) > advapi32.dll: RegCloseKey > gdi32.dll: BitBlt > kernel32.dll: LoadLibraryA, GetProcAddress, ExitProcess > ole32.dll: CoInitialize > oleaut32.dll: - > shell32.dll: ShellExecuteA > user32.dll: GetDC > version.dll: VerQueryValueA ( 0 exports ) TrID : File type identification UPX compressed Win32 Executable (39.5%) Win32 EXE Yoda's Crypter (34.3%) Win32 Executable Generic (11.0%) Win32 Dynamic Link Library (generic) (9.8%) Generic Win/DOS Executable (2.5%) ThreatExpert: http://www.threatexpert.com/report.aspx?md...ed7e4299508e71d ssdeep: 1536:Po3mleoqXCco/9U7TtG/cZzpjlHJMXa/G3Z:PoNoqyco/9ohG/u9/Gp PEiD : UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser packers (Kaspersky): UPX packers (F-Prot): UPX CWSandbox: http://research.sunbelt-software.com/partn...ed7e4299508e71d RDS : NSRL Reference Data Set -
  4. (sorry about the double posting) I re installed/updated Malwarebytes and ran a quick scan. It works! Malwarebytes' Anti-Malware 1.41 Database version: 2784 Windows 5.1.2600 Service Pack 2 9/12/2009 9:15:57 AM mbam-log-2009-09-12 (09-15-57).txt Scan type: Quick Scan Objects scanned: 118936 Time elapsed: 11 minute(s), 45 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 16 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\Interface\{0be385a3-85a5-4722-b677-68dae891ff21} (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{272c0d60-0561-4c83-b3db-eb0a71f9d2eb} (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{284477e4-a7cb-4055-9e1b-0ea7cba28945} (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{70ca4938-6a0f-4641-a9a9-c936e4c1e7de} (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7468213e-010e-4ec6-a17d-642e909ba7ec} (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{89dc33a2-f86f-42a1-8b5f-d4d1943efc9c} (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{b86f4810-19a9-4050-9ac9-b5cf60b5799a} (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{bb5b7e14-f8b4-4365-a24d-f4965c33e1ee} (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{c13d4627-02f5-4b03-897a-bf6a90022dd2} (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{c636f1fc-6ae4-4e6a-90ab-6d61d821a0dd} (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{cb971ac0-6408-40da-a540-92f9f256f51f} (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{d5694dfe-43b6-4e05-aa29-8c556c968973} (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e2032ec2-a9ac-4ed7-9bdb-ebecacf076f2} (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{ebab4a71-8c34-461a-b57d-dd041d439555} (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{f06fea43-0cc3-4bf6-a85b-5efb1c07aa4b} (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{fc94a0f7-9c7c-4ae2-9106-5c212332b209} (Adware.WhenU) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Mission Accomplished?
  5. Virus Total log: MD5: 9c17bca3ef837bacded7e4299508e71d First received: 2006.06.01 01:11:21 UTC Date: 2009.09.10 15:45:24 UTC [+1D] Results: 2/41 Permalink: analisis/2405e5479aeb7d43d1362969b9c439e5931b8f900f9adfe0faaa986365415193-1252597524 ===== F-Secure Scan Log: Statistics Scanned: * Files: 39617 * System: 3611 * Not scanned: 12 Actions: * Disinfected: 0 * Renamed: 0 * Deleted: 0 * Not cleaned: 0 * Submitted: 0 Files not scanned: * C:\HIBERFIL.SYS * C:\PAGEFILE.SYS * C:\WINDOWS\SYSTEM32\MRT.EXE * C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT * C:\WINDOWS\SYSTEM32\CONFIG\SAM * C:\WINDOWS\SYSTEM32\CONFIG\SECURITY * C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE * C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM * C:\PROGRAM FILES\MALWAREBYTES' ANTI-MALWARE\MYSCAN.SCR * C:\PROGRAM FILES\MALWAREBYTES' ANTI-MALWARE\WINLOGON.EXE * C:\MGTOOLS\ANALYSE.EXE * C:\DOCUMENTS AND SETTINGS\ALL USERS.WINDOWS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4CC9D9C255CDD41F56C47E3E82FCF216_0B4B049F-6DA4-4454-8F12-91713DD1267A Options Scanning engines: Scanning options: * Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR * Use advanced heuristics ===== Security Check Log: Results of screen317's Security Check version 0.98.9 Windows XP Service Pack 2 Out of date service pack!! `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Disabled! Avira AntiVir Personal - Free Antivirus Windows Live OneCare safety scanner Windows Live OneCare safety scanner Antivirus up to date! `````````````````````````````` Anti-malware/Other Utilities Check: CA Yahoo! Anti-Spy (remove only) Spybot - Search & Destroy SUPERAntiSpyware Free Edition Malwarebytes' Anti-Malware Trojan Remover 6.8.1 HijackThis 2.0.2 CCleaner (remove only) Java 6 Update 16 Adobe Flash Player 10 `````````````````````````````` Process Check: objlist.exe by Laurent Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````````````````` DNS Vulnerability Check: Unknown. This method cannot test your vulnerability to DNS cache poisoning. `````````End of Log``````````` ~~~ Everything seems to be fine now. Thank you!
  6. thats how my problem started haha.. i typed in facebook on the url address and then my page went to google (google redirect virus). I clicked the first link that says Facebook "log in" (just like a regular search) and Boom! some ads popped up and Windows Police Pro started fake scanning my drives. >_<
  7. here is the Hijackthis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:35:36, on 9/11/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Logitech\Gaming Software\LWEMon.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\NETGEAR\WPN111\wpn111.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe F:\Programs\Mozilla Firefox\firefox.exe F:\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\Programs\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ? O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Programs\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Programs\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O20 - Winlogon Notify: !SASWinLogon - F:\Programs\SASWINLO.DLL O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 4739 bytes thanks.
  8. thank you for the fast reply: here is the ComboFix log ComboFix 09-09-11.01 - Yoh 09/11/2009 22:27.1.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.94 [GMT -7:00] Running from: c:\documents and settings\Yoh\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Yoh\Application Data\EurekaLog c:\documents and settings\Yoh\Application Data\pridl c:\recycler\S-1-5-21-839522115-1637723038-725345543-500 c:\windows\Installer\291dcc8.msi c:\windows\Installer\3057f.msi c:\windows\ppp3.dat c:\windows\ppp4.dat c:\windows\system32\1366657.exe c:\windows\system32\2083864.exe c:\windows\system32\2089086.exe c:\windows\system32\21591.exe c:\windows\system32\21785.exe c:\windows\system32\2496023.exe c:\windows\system32\27073.exe c:\windows\system32\2743356.exe c:\windows\system32\3365526.exe c:\windows\system32\3365630.exe c:\windows\system32\355264.exe c:\windows\system32\3607787.exe c:\windows\system32\3607881.exe c:\windows\system32\3608468.exe c:\windows\system32\3757696.exe c:\windows\system32\404Fix.exe c:\windows\system32\4741072.exe c:\windows\system32\5343375.exe c:\windows\system32\608087.exe c:\windows\system32\608191.exe c:\windows\system32\6214575.exe c:\windows\system32\6373964.exe c:\windows\system32\6628800.exe c:\windows\system32\7094686.exe c:\windows\system32\761937.exe c:\windows\system32\Agent.OMZ.Fix.exe c:\windows\system32\bennuar.old c:\windows\system32\dumphive.exe c:\windows\system32\IEDFix.C.exe c:\windows\system32\IEDFix.exe c:\windows\system32\images c:\windows\system32\images\i1.gif c:\windows\system32\images\i2.gif c:\windows\system32\images\i3.gif c:\windows\system32\images\j1.gif c:\windows\system32\images\j2.gif c:\windows\system32\images\j3.gif c:\windows\system32\images\jj1.gif c:\windows\system32\images\jj2.gif c:\windows\system32\images\jj3.gif c:\windows\system32\images\l1.gif c:\windows\system32\images\l2.gif c:\windows\system32\images\l3.gif c:\windows\system32\images\pix.gif c:\windows\system32\images\t1.gif c:\windows\system32\images\t2.gif c:\windows\system32\images\up1.gif c:\windows\system32\images\up2.gif c:\windows\system32\images\w1.gif c:\windows\system32\images\w11.gif c:\windows\system32\images\w2.gif c:\windows\system32\images\w3.gif c:\windows\system32\images\w3.jpg c:\windows\system32\images\wt1.gif c:\windows\system32\images\wt2.gif c:\windows\system32\images\wt3.gif c:\windows\system32\o4Patch.exe c:\windows\system32\Process.exe c:\windows\system32\rotscxeqrcjpwi.dat c:\windows\system32\rotscxxcnxxtvx.dat c:\windows\system32\sonhelp.htm c:\windows\system32\SrchSTS.exe c:\windows\system32\sysnet.dat c:\windows\system32\uninstall.exe c:\windows\system32\VACFix.exe c:\windows\system32\VCCLSID.exe c:\windows\system32\wispex.html c:\windows\system32\WS2Fix.exe F:\Autorun.inf F:\winlogon.exe Infected copy of c:\windows\system32\eventlog.dll was found and disinfected Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll -- Previous Run -- Infected copy of c:\windows\system32\eventlog.dll was found and disinfected Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll -------- . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED} ((((((((((((((((((((((((( Files Created from 2009-08-12 to 2009-09-12 ))))))))))))))))))))))))))))))) . 2009-09-12 02:09 . 2009-09-12 02:09 -------- d-----w- c:\program files\Trend Micro 2009-09-12 01:05 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-12 01:04 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-12 00:42 . 2009-09-12 01:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-11 07:59 . 2009-09-11 07:58 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-09-11 07:58 . 2009-09-11 07:58 -------- d-----w- c:\program files\Java 2009-09-11 00:32 . 2009-07-28 23:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-09-11 00:32 . 2009-03-30 17:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-09-11 00:32 . 2009-02-13 19:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-09-11 00:32 . 2009-02-13 19:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-09-11 00:32 . 2009-09-11 00:32 -------- d-----w- c:\program files\Avira 2009-09-11 00:32 . 2009-09-11 00:32 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira 2009-09-10 19:11 . 2009-09-10 19:11 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\F-Secure 2009-09-09 21:31 . 2009-09-09 21:31 15673 ----a-w- C:\MGlogs.zip 2009-09-09 21:31 . 2009-09-09 21:35 -------- d-----w- C:\MGtools 2009-09-09 21:31 . 2009-09-09 21:28 1344398 ----a-w- C:\MGtools.exe 2009-09-09 19:40 . 2009-09-09 19:40 -------- d-----w- c:\documents and settings\home\Application Data\Simply Super Software 2009-09-09 18:58 . 2006-06-19 20:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll 2009-09-09 18:58 . 2006-05-25 22:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll 2009-09-09 18:58 . 2005-08-26 08:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll 2009-09-09 18:58 . 2003-02-03 03:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll 2009-09-09 18:58 . 2002-03-06 08:00 75264 ----a-w- c:\windows\system32\unacev2.dll 2009-09-09 18:57 . 2009-09-09 18:57 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Simply Super Software 2009-09-09 18:57 . 2009-09-09 18:57 -------- d-----w- c:\documents and settings\Yoh\Application Data\Simply Super Software 2009-09-09 00:16 . 2004-08-04 07:56 516768 -c--a-w- c:\windows\system32\dllcache\ativvaxx.dll 2009-09-09 00:16 . 2004-08-04 07:56 516768 ----a-w- c:\windows\system32\ativvaxx.dll 2009-09-09 00:16 . 2004-08-04 07:56 32768 -c--a-w- c:\windows\system32\dllcache\ativtmxx.dll 2009-09-09 00:16 . 2004-08-04 07:56 32768 ----a-w- c:\windows\system32\ativtmxx.dll 2009-09-09 00:16 . 2004-08-04 07:56 870784 -c--a-w- c:\windows\system32\dllcache\ati3d1ag.dll 2009-09-09 00:16 . 2004-08-04 07:56 870784 ----a-w- c:\windows\system32\ati3d1ag.dll 2009-09-09 00:16 . 2004-08-04 07:56 1888992 -c--a-w- c:\windows\system32\dllcache\ati3duag.dll 2009-09-09 00:16 . 2004-08-04 07:56 1888992 ----a-w- c:\windows\system32\ati3duag.dll 2009-09-09 00:16 . 2004-08-04 07:56 201728 -c--a-w- c:\windows\system32\dllcache\ati2dvag.dll 2009-09-09 00:16 . 2004-08-04 07:56 201728 ----a-w- c:\windows\system32\ati2dvag.dll 2009-09-09 00:16 . 2004-08-04 07:56 229376 -c--a-w- c:\windows\system32\dllcache\ati2cqag.dll 2009-09-09 00:16 . 2004-08-04 07:56 229376 ----a-w- c:\windows\system32\ati2cqag.dll 2009-09-09 00:13 . 2009-09-09 00:13 -------- d-----w- c:\documents and settings\Yoh\Local Settings\Application Data\Logitech 2009-09-09 00:11 . 2004-08-04 05:58 14848 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys 2009-09-09 00:11 . 2004-08-04 05:58 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys 2009-09-07 22:43 . 2009-09-07 22:43 -------- d-----w- c:\documents and settings\Yoh\Application Data\Malwarebytes 2009-09-07 22:43 . 2009-09-07 22:43 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes 2009-09-07 22:19 . 2009-09-10 23:37 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP 2009-09-07 19:58 . 2009-09-07 19:58 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\PC Drivers HeadQuarters 2009-09-07 19:57 . 2009-09-07 19:57 -------- d-----w- c:\documents and settings\Yoh\Local Settings\Application Data\Downloaded Installations 2009-09-07 19:55 . 2009-09-07 19:59 -------- d-----w- c:\documents and settings\Yoh\Application Data\GetRightToGo 2009-09-07 19:31 . 2009-09-07 19:31 -------- d-----w- c:\documents and settings\Yoh\WINDOWS 2009-09-07 07:17 . 2009-09-07 15:20 -------- d-----w- c:\documents and settings\Yoh\Local Settings\Application Data\WMTools Downloaded Files 2009-09-07 00:12 . 2009-09-07 00:12 -------- d-----w- c:\program files\ATI Technologies 2009-09-06 02:41 . 2009-09-06 02:41 -------- d-----w- c:\documents and settings\Yoh\Local Settings\Application Data\SCE 2009-09-06 02:27 . 2009-09-06 02:27 -------- d-----w- c:\program files\Sony Online Entertainment 2009-08-26 18:50 . 2009-08-26 18:50 -------- d-----w- c:\windows\system32\LogFiles . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-11 21:18 . 2007-10-13 03:24 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy 2009-09-11 19:59 . 2008-06-28 00:39 51984 ----a-w- c:\documents and settings\Yoh\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-09 00:09 . 2008-11-04 06:54 -------- d-----w- c:\program files\Common Files\Logitech 2009-09-09 00:09 . 2008-11-04 06:53 -------- d-----w- c:\program files\Logitech 2009-09-08 06:22 . 2008-03-23 03:30 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-09-08 06:22 . 2008-05-20 02:02 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft 2009-09-07 20:04 . 2008-04-30 22:23 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-08-16 00:00 . 2008-04-06 22:04 65536 ----a-w- c:\windows\IFinst27.exe 2009-07-22 08:38 . 2009-07-22 08:38 -------- d-----w- c:\program files\Common Files\Scanner 2009-07-16 23:21 . 2009-07-16 23:21 -------- d-----w- c:\documents and settings\Yoh\Application Data\Bitsoft 2009-07-16 22:45 . 2007-10-28 23:38 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Viewpoint 2009-07-15 00:22 . 2008-12-01 09:42 -------- d-----w- c:\program files\Microsoft Silverlight 2007-10-11 00:55 . 2007-10-11 00:55 21952 ---ha-w- c:\program files\folder.htt 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584] "TrojanScanner"="f:\programs\Trojan Remover\Trjscan.exe" [2009-09-04 1069960] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-11 149280] "MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 158208] c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\ NETGEAR WPN111 Smart Wizard.lnk - c:\program files\NETGEAR\WPN111\wpn111.exe [2009-1-9 884838] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "f:\programs\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-07 23:38 548352 ----a-w- f:\programs\SASWINLO.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk] path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk.disabled] path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk.disabled backup=c:\windows\pss\Microsoft Office.lnk.disabledCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "sp_rssrv"=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "AdobeUpdater"=c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k "MSConfig"=c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" "BrMfcWnd"=c:\program files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"= "f:\\Programs\\iTunes.exe"= "f:\\Programs\\Messenger\\YahooMessenger.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "f:\\Programs\\Ventrilo.exe"= "f:\\Programs\\Mozilla Firefox\\firefox.exe"= "c:\\WINDOWS\\Downloaded Program Files\\PurpleBean.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= R1 SASDIFSV;SASDIFSV;f:\programs\SASDIFSV.SYS [2009-04-21 9968] R1 SASKUTIL;SASKUTIL;f:\programs\SASKUTIL.sys [2009-09-07 74480] R3 ati2mpaa;ati2mpaa;c:\windows\system32\DRIVERS\ati2mpaa.sys [2001-08-17 281856] R3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;c:\docume~1\Yoh\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [x] R3 LKNUCMP;Linksys Network USB Composite Device;c:\windows\system32\DRIVERS\lknucmp.sys [2007-08-29 14848] R3 SASENUM;SASENUM;f:\programs\SASENUM.SYS [2008-05-13 7408] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.SYS [2003-07-24 17149] S3 lknuhst;Linksys Network USB Host Controller;c:\windows\system32\DRIVERS\lknuhst.sys [2007-02-14 12032] S3 LKNUHUB;Linksys Network USB Root Hub;c:\windows\system32\DRIVERS\lknuhub.sys [2007-08-29 39424] S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111.sys [2005-09-27 362944] . Contents of the 'Scheduled Tasks' folder 2009-09-08 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 00:57] 2009-09-11 c:\windows\Tasks\WebReg psc 1600 series.job - c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2004-11-05 03:12] . . ------- Supplementary Scan ------- . uLocal Page = hxxp://www.google.com/ uStart Page = hxxp://www.google.com/ mLocal Page = hxxp://www.google.com/ mStart Page = hxxp://www.google.com/ FF - ProfilePath - c:\documents and settings\Yoh\Application Data\Mozilla\Firefox\Profiles\6p370cgv.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - component: c:\documents and settings\Yoh\Application Data\Mozilla\Firefox\Profiles\6p370cgv.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}\components\nsCatcher.dll FF - plugin: c:\windows\system32\SuperAdBlocker.com\npsabffx.dll FF - plugin: f:\programs\DivX\DivX Player\npDivxPlayerPlugin.dll FF - plugin: f:\programs\DivX\DivX Web Player\npdivx32.dll FF - plugin: f:\programs\Mozilla Plugins\npitunes.dll . - - - - ORPHANS REMOVED - - - - SafeBoot-Hou52.sys ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-11 22:57 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(728) f:\programs\SASWINLO.DLL - - - - - - - > 'explorer.exe'(1072) c:\windows\system32\msi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\HPZipm12.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2009-09-12 23:09 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-12 06:08 Pre-Run: 2,741,080,064 bytes free Post-Run: 2,718,445,568 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn multi(0)disk(0)rdisk(0)partition(2)\WINNT="Microsoft Windows 2000 Professional" /fastdetect 302 im still having trouble running Hijackthis. im gonna try to re download and install again.
  9. Hello, ive been trying to get rid of this virus on my computer for about 4 days now. it started when WINDOW POLICE PRO popped outta nowhere and my PC just went to crazy mode. I scanned my computer with kaspersky (nothing found) and Avira (it got rid of trojans/rootkit), but i still cant run any anti spyware programs, hijackthis, gmer, dr webcureit, win32kdiag, and some other tools which i searched on Google. The removal tools can be run but it just shuts down after a few seconds... even on Safe mode the same thing happens. I also tried renaming them but it still shuts off in the middle of the scan. I also tried disabling the antivirus procedure.. nothing works. I don't know what to do now, i've read similar topics on different forums but still cant get rid of the damn virus. Please help me disinfect this computer. Tell me the procedures that i could've missed when running the tools and I'll be gladly post the Logs if it works. Thank you. note: i ran win32kdiag but it never finishes, it says something about event log dll.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.