Jump to content

havoc

Honorary Members
 View Profile  See their activity

  • Posts

    23

  • Joined

  • Last visited

Reputation

0 Neutral
  1. havoc
    Would that explain why it started after the computer basically froze while i was looking around online? Thats when the whole thing started doing it.. it will work fine for about 20 or 30 days and then start doing the same thing again.. and again today same thing happened i turned computer on restart at the xp logo and then i hit last known good config and it started just fine.. worked all day yesterday no problem and even did a few restarts no problem....Not saying your wrong by any means just making sure that would do that even after i get it started and do any restarts. And unfortunately i'm not sure if i have a mutimeter anywhere around here or ill try that if i find one. Thanks for the help I'm also going to probalby try to do the harddrive check for bad sectors as well if i can get to another computer to use it.
  2. havoc
    An update to this......It is now starting to do the restart thing at least one time a day or so now.. Usually its when i first turn the computer on for the day.. It restarts and I pick out the last known good config option and it starts fine then.. restarts are fine it just seems to be the first time during the day. I'm assuming its just hard drive dying slowly as you said above.. anyone else that has any input would be appreciated
  3. havoc
    I've had this same reoccuring problem since around december when it started......Basically my computer slowed up in december i pulled the plug and restarted.. ran fine.. then again froze i pulled the plug and my comp starts loading and then bam it shuts off at the window's xp logo and then restarts.. goes to a screen saying windows shut down unexpectedly etc etc.. start in safe mode, safe mode networks etc ....start at last good config or start window's normally.. click any of those and the same thing happens.. gets to the logo and shuts down.... This has happened about 4 times now since then and all of them have resulted in me having to reinstall window's...Everything works fine for awhile and then bam the same thing ends up happening again....Is this something i'm picking up virus related or am i just getting a hardware or hard drive failure that is going to eventually not start back up at all? Thanks for your help
  4. havoc
    disregard that its not on my system anymore sorry lol
  5. havoc
    Tried that combo fix remove thing didnt work
  6. havoc
    ok.. what about the other virus's that it found? should the last 2 scan's combo fix and the avira fix everythign? or do i need to do anything else
  7. havoc
    downloaded that and ran a scan and got a lot more off of it.... here's the log Avira AntiVir Personal Report file date: Monday, July 06, 2009 00:12 Scanning for 1448372 virus strains and unwanted programs. Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 2) [5.1.2600] Boot mode : Normally booted Username : SYSTEM Computer name : TONY-1602904BF7 Version information: BUILD.DAT : 9.0.0.403 17961 Bytes 6/3/2009 17:05:00 AVSCAN.EXE : 9.0.3.6 466689 Bytes 5/11/2009 14:14:47 AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 15:58:24 LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 16:35:49 LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 15:58:52 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 17:30:36 ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 6/24/2009 04:08:53 ANTIVIR2.VDF : 7.1.4.173 306688 Bytes 7/2/2009 04:08:55 ANTIVIR3.VDF : 7.1.4.182 52224 Bytes 7/5/2009 04:08:56 Engineversion : 8.2.0.204 AEVDF.DLL : 8.1.1.1 106868 Bytes 4/30/2009 16:52:04 AESCRIPT.DLL : 8.1.2.13 426362 Bytes 7/6/2009 04:09:11 AESCN.DLL : 8.1.2.3 127347 Bytes 5/14/2009 16:02:01 AERDL.DLL : 8.1.2.2 438642 Bytes 7/6/2009 04:09:09 AEPACK.DLL : 8.1.3.18 401783 Bytes 5/27/2009 21:07:20 AEOFFICE.DLL : 8.1.0.38 196987 Bytes 7/6/2009 04:09:06 AEHEUR.DLL : 8.1.0.137 1823095 Bytes 7/6/2009 04:09:05 AEHELP.DLL : 8.1.3.6 205174 Bytes 7/6/2009 04:08:59 AEGEN.DLL : 8.1.1.48 348532 Bytes 7/6/2009 04:08:57 AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/2008 19:32:40 AECORE.DLL : 8.1.6.12 180599 Bytes 5/27/2009 21:07:20 AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 19:32:40 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 13:47:59 AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 15:32:15 AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 19:34:28 AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 15:32:09 AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 20:05:41 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 15:37:08 SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 20:03:49 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 13:21:33 NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 15:32:10 RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 20:39:58 RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/2009 15:19:48 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, Process scan........................: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Start of the scan: Monday, July 06, 2009 00:12 Starting search for hidden objects. '19925' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'msiexec.exe' - '1' Module(s) have been scanned Scan process 'YahooMessenger.exe' - '1' Module(s) have been scanned Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned Scan process 'yupdater.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'ehmsas.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'dllhost.exe' - '1' Module(s) have been scanned Scan process 'WUSB54GS.exe' - '1' Module(s) have been scanned Scan process 'WLService.exe' - '1' Module(s) have been scanned Scan process 'jqs.exe' - '1' Module(s) have been scanned Scan process 'ehSched.exe' - '1' Module(s) have been scanned Scan process 'ehRecvr.exe' - '1' Module(s) have been scanned Scan process 'netdde.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned Scan process 'ehtray.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 35 processes with 35 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! Master boot sector HD2 [iNFO] No virus was found! Master boot sector HD3 [iNFO] No virus was found! Master boot sector HD4 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Starting to scan executable files (registry). The registry was scanned ( '52' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! [NOTE] This file is a Windows system file. [NOTE] This file cannot be opened for scanning. C:\xerp8nj.exe [DETECTION] Is the TR/Drop.Agent.ahdz Trojan C:\Documents and Settings\Brian\Desktop\ComboFix.exe [0] Archive type: RAR SFX (self extracting) --> 32788R22FWJFW\n.pif [DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted) C:\Qoobox\Quarantine\C\86l2qw.bat.vir [DETECTION] Is the TR/Drop.Agent.ahdz Trojan C:\Qoobox\Quarantine\C\x.bat.vir [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP2\A0000302.dll [DETECTION] Is the TR/Vundo.Gen Trojan C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP2\A0000303.bat [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP2\A0000313.dll [DETECTION] Is the TR/Vundo.Gen Trojan C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP2\A0000319.bat [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP3\A0000323.bat [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP3\A0000342.dll [DETECTION] Is the TR/Vundo.Gen Trojan C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP3\A0000350.bat [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP3\A0000357.exe [DETECTION] Is the TR/Trash.Gen Trojan C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP3\A0000363.dll [DETECTION] Is the TR/Trash.Gen Trojan C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP3\A0000376.bat [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP4\A0000379.com [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP4\A0000381.bat [DETECTION] Is the TR/Drop.Agent.ahdz Trojan C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP4\A0000402.dll [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP4\A0000404.com [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP4\A0000405.inf [DETECTION] Contains recognition pattern of the INF/AutoRun.7236 INF virus C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP4\A0000406.bat [DETECTION] Is the TR/Drop.Agent.ahdz Trojan C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP4\A0000414.dll [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP4\A0000417.bat [DETECTION] Is the TR/Drop.Agent.ahdz Trojan C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP4\A0000419.com [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP4\A0000431.dll [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP4\A0000434.bat [DETECTION] Is the TR/Drop.Agent.ahdz Trojan C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP4\A0000435.inf [DETECTION] Contains recognition pattern of the INF/AutoRun.7236 INF virus C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP4\A0000436.com [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0000442.bat [DETECTION] Is the TR/Drop.Agent.ahdz Trojan C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0000443.inf [DETECTION] Contains recognition pattern of the INF/AutoRun.7236 INF virus C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0000444.com [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0000461.dll [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0000469.exe [DETECTION] Is the TR/Drop.Agent.ahdz Trojan C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0000470.com [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0000473.dll [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0000475.bat [DETECTION] Is the TR/Drop.Agent.ahdz Trojan C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0000485.dll [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0000491.bat [DETECTION] Is the TR/Drop.Agent.ahdz Trojan C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0000492.inf [DETECTION] Contains recognition pattern of the INF/AutoRun.7236 INF virus C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0000493.com [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0000494.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0000514.dll [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0000519.bat [DETECTION] Is the TR/Drop.Agent.ahdz Trojan C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0000520.com [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0001540.dll [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0001545.com [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0001547.bat [DETECTION] Is the TR/Drop.Agent.ahdz Trojan C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0001565.dll [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0001570.bat [DETECTION] Is the TR/Drop.Agent.ahdz Trojan C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0001572.com [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0001578.dll [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0001583.com [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0001584.inf [DETECTION] Contains recognition pattern of the INF/AutoRun.7236 INF virus C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0001585.bat [DETECTION] Is the TR/Drop.Agent.ahdz Trojan C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0001586.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0001587.dll [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0001602.dll [DETECTION] Is the TR/Trash.Gen Trojan C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0001603.exe [DETECTION] Is the TR/Trash.Gen Trojan C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0001604.dll [DETECTION] Is the TR/Trash.Gen Trojan C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0001605.dll [DETECTION] Is the TR/Trash.Gen Trojan C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0001606.dll [DETECTION] Is the TR/Trash.Gen Trojan C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0001607.dll [DETECTION] Is the TR/Trash.Gen Trojan C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0001608.exe [DETECTION] Is the TR/Trash.Gen Trojan C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0001609.dll [DETECTION] Is the TR/Trash.Gen Trojan C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0001616.dll [DETECTION] Is the TR/Trash.Gen Trojan C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0001617.dll [DETECTION] Is the TR/Trash.Gen Trojan C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0001618.dll [DETECTION] Is the TR/Trash.Gen Trojan C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0001646.bat [DETECTION] Is the TR/Drop.Agent.ahdz Trojan C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0001649.bat [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0001707.pif [DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted) Beginning disinfection: C:\xerp8nj.exe [DETECTION] Is the TR/Drop.Agent.ahdz Trojan [NOTE] The file was moved to '4ac37b38.qua'! C:\Documents and Settings\Brian\Desktop\ComboFix.exe [NOTE] The file was moved to '4abe7b42.qua'! C:\Qoobox\Quarantine\C\86l2qw.bat.vir [DETECTION] Is the TR/Drop.Agent.ahdz Trojan [NOTE] The file was moved to '4abd7b09.qua'! C:\Qoobox\Quarantine\C\x.bat.vir [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '4ab37b01.qua'! C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP2\A0000302.dll [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '4a817b03.qua'! C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP2\A0000303.bat [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '4beba134.qua'! C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP2\A0000313.dll [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '4be7c014.qua'! C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP2\A0000319.bat [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '49c5a674.qua'! C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP3\A0000323.bat [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '49c49e3c.qua'! C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP3\A0000342.dll [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '49c79604.qua'! C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP3\A0000350.bat [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '49c68fcc.qua'! C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP3\A0000357.exe [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '49c98794.qua'! C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP3\A0000363.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '49cb7f5c.qua'! C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP3\A0000376.bat [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '49ca7724.qua'! C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP4\A0000379.com [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '4bea9afc.qua'! C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP4\A0000381.bat [DETECTION] Is the TR/Drop.Agent.ahdz Trojan [NOTE] The file was moved to '49cd68ec.qua'! C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP4\A0000402.dll [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan [NOTE] The file was moved to '49cc60b4.qua'! C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP4\A0000404.com [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '49cf587c.qua'! C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP4\A0000405.inf [DETECTION] Contains recognition pattern of the INF/AutoRun.7236 INF virus [NOTE] The file was moved to '49ce5044.qua'! C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP4\A0000406.bat [DETECTION] Is the TR/Drop.Agent.ahdz Trojan [NOTE] The file was moved to '49d1480c.qua'! C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP4\A0000414.dll [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan [NOTE] The file was moved to '49d041d4.qua'! C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP4\A0000417.bat [DETECTION] Is the TR/Drop.Agent.ahdz Trojan [NOTE] The file was moved to '49d3399c.qua'! C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP4\A0000419.com [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '49d23164.qua'! C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP4\A0000431.dll [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan [NOTE] The file was moved to '49d5292c.qua'! C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP4\A0000434.bat [DETECTION] Is the TR/Drop.Agent.ahdz Trojan [NOTE] The file was moved to '49d422f4.qua'! C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP4\A0000435.inf [DETECTION] Contains recognition pattern of the INF/AutoRun.7236 INF virus [NOTE] The file was moved to '49d71abc.qua'! C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP4\A0000436.com [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '49d61284.qua'! C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0000442.bat [DETECTION] Is the TR/Drop.Agent.ahdz Trojan [NOTE] The file was moved to '4a817b04.qua'! C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0000443.inf [DETECTION] Contains recognition pattern of the INF/AutoRun.7236 INF virus [NOTE] The file was moved to '49d80215.qua'! C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0000444.com [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '49dbfbdd.qua'! C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0000461.dll [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan [NOTE] The file was moved to '49daf3a5.qua'! C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0000469.exe [DETECTION] Is the TR/Drop.Agent.ahdz Trojan [NOTE] The file was moved to '49ddeb6d.qua'! C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0000470.com [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '49dce335.qua'! C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0000473.dll [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '49dfe4fd.qua'! C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0000475.bat [DETECTION] Is the TR/Drop.Agent.ahdz Trojan [NOTE] The file was moved to '49dedcc5.qua'! C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0000485.dll [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan [NOTE] The file was moved to '4a817b05.qua'! C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0000491.bat [DETECTION] Is the TR/Drop.Agent.ahdz Trojan [NOTE] The file was moved to '49e0cc56.qua'! C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0000492.inf [DETECTION] Contains recognition pattern of the INF/AutoRun.7236 INF virus [NOTE] The file was moved to '49e3c41e.qua'! C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0000493.com [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '49e2bde6.qua'! C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0000494.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '49e5b5ae.qua'! C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0000514.dll [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan [NOTE] The file was moved to '49e4ad76.qua'! C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0000519.bat [DETECTION] Is the TR/Drop.Agent.ahdz Trojan [NOTE] The file was moved to '49e7a53e.qua'! C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0000520.com [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '49e69d06.qua'! C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0001540.dll [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan [NOTE] The file was moved to '49e996ce.qua'! C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0001545.com [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '49e88e96.qua'! C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0001547.bat [DETECTION] Is the TR/Drop.Agent.ahdz Trojan [NOTE] The file was moved to '49eb865e.qua'! C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0001565.dll [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan [NOTE] The file was moved to '49ed7e26.qua'! C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0001570.bat [DETECTION] Is the TR/Drop.Agent.ahdz Trojan [NOTE] The file was moved to '49ec77ee.qua'! C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0001572.com [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '49ef6fb6.qua'! C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0001578.dll [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan [NOTE] The file was moved to '49ee677e.qua'! C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0001583.com [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '49f15f46.qua'! C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0001584.inf [DETECTION] Contains recognition pattern of the INF/AutoRun.7236 INF virus [NOTE] The file was moved to '49f0570e.qua'! C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0001585.bat [DETECTION] Is the TR/Drop.Agent.ahdz Trojan [NOTE] The file was moved to '49f348d6.qua'! C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0001586.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '49f2409e.qua'! C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0001587.dll [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan [NOTE] The file was moved to '49f53866.qua'! C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0001602.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '49f4302e.qua'! C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0001603.exe [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '49f729f6.qua'! C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0001604.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '49f621be.qua'! C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0001605.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '49f91986.qua'! C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0001606.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '49f8114e.qua'! C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0001607.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '49fb0916.qua'! C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0001608.exe [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '49fa02de.qua'! C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0001609.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '49fdfaa6.qua'! C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0001616.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '49fcf26e.qua'! C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0001617.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '49ffea36.qua'! C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0001618.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '49fee3fe.qua'! C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0001646.bat [DETECTION] Is the TR/Drop.Agent.ahdz Trojan [NOTE] The file was moved to '4901dbc6.qua'! C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0001649.bat [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '4900d38e.qua'! C:\System Volume Information\_restore{8EC8CF5E-2907-45EE-950C-1B6722131CAA}\RP5\A0001707.pif [DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted) [NOTE] The file was moved to '4905a1e6.qua'! End of the scan: Monday, July 06, 2009 00:17 Used time: 04:32 Minute(s) The scan has been done completely. 1642 Scanned directories 66743 Files were scanned 69 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 69 Files were moved to quarantine 0 Files were renamed 1 Files cannot be scanned 66673 Files not concerned 556 Archives were scanned 1 Warnings 70 Notes 19925 Objects were scanned with rootkit scan 0 Hidden objects were found
  8. havoc
    Ok downloading that now.. and did combofix everythign or you want another log after i do a full system scan with this program?
  9. havoc
    Ya i was sure i know the site that the xp defender thing or w/e it was came from because i got a pop up for it and it never went away even after i restarted my computer. You said get aviera or w/e it was called? I have no anti virus installed yet. I used to use that free avg just not sure which was better before i reinstall this time... here's my combo log ComboFix 09-07-05.01 - Brian 07/05/2009 23:06.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.780 [GMT -4:00] Running from: c:\documents and settings\Brian\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\86l2qw.bat c:\windows\system32\e1000msg.dll c:\windows\system32\winlogonbackup.exe.exe C:\x.bat . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_AVPsys ((((((((((((((((((((((((( Files Created from 2009-06-06 to 2009-07-06 ))))))))))))))))))))))))))))))) . 2009-07-06 02:41 . 2009-07-06 02:53 -------- d-----w- c:\program files\drv 2009-07-05 20:35 . 2004-10-15 23:18 502272 ----a-w- c:\windows\system32\winlogon.exe 2009-07-05 20:32 . 2004-10-15 23:18 502272 ----a-w- c:\windows\system32\dllcache\winlogon.exe 2009-07-05 04:57 . 2009-07-05 04:57 -------- d-s---w- c:\documents and settings\Brian\UserData 2009-07-05 04:56 . 2009-07-05 04:56 -------- d-----w- c:\documents and settings\Brian\Application Data\Aim 2009-07-05 04:56 . 2009-07-05 21:24 -------- d-----w- c:\program files\Viewpoint 2009-07-05 04:56 . 2009-07-05 04:56 -------- d-----w- c:\program files\AOD 2009-07-05 04:56 . 2009-07-05 04:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint 2009-07-05 04:56 . 2004-02-25 17:05 348160 ----a-w- c:\windows\system32\msvcr71.dll 2009-07-05 04:56 . 2009-07-05 04:56 -------- d-----w- c:\program files\AIM 2009-07-05 04:32 . 2009-07-05 04:32 -------- d--h--w- c:\windows\system32\GroupPolicy 2009-07-05 04:30 . 2009-07-05 04:30 107299 --sh--r- C:\xerp8nj.exe 2009-07-05 04:29 . 2009-07-05 04:29 410976 ----a-w- c:\windows\system32\deploytk.dll 2009-07-05 04:29 . 2009-07-05 04:29 -------- d-----w- c:\program files\Java 2009-07-05 04:28 . 2009-07-05 04:28 152576 ----a-w- c:\documents and settings\Brian\Application Data\Sun\Java\jre1.6.0_10\lzma.dll 2009-07-04 23:56 . 2004-05-26 21:54 15781 ----a-w- c:\windows\system32\drivers\mdc8021x.sys 2009-07-04 23:56 . 2005-02-02 01:18 17992 ----a-w- c:\windows\system32\bcm42rly.sys 2009-07-04 23:56 . 2003-11-21 05:03 651264 ----a-w- c:\windows\system32\libeay32.dll 2009-07-04 23:56 . 2003-11-21 05:03 147456 ----a-w- c:\windows\system32\ssleay32.dll 2009-07-04 23:56 . 2003-11-21 05:03 479232 ----a-w- c:\windows\system32\AegisE5.dll 2009-07-04 23:56 . 2003-10-13 22:30 94208 ----a-w- c:\windows\system32\GTW32N50.dll 2009-07-04 23:56 . 2003-09-26 05:15 15872 ----a-w- c:\windows\system32\GTNDIS5.sys 2009-07-04 23:56 . 2009-07-04 23:56 -------- d-----w- c:\program files\Linksys Wireless-G USB Wireless Network Monitor 2009-07-04 23:55 . 2009-07-04 23:55 -------- d-----w- C:\Linksys Driver 2009-07-04 23:52 . 2003-08-29 17:26 125952 ----a-w- c:\windows\system32\drivers\e1000325.sys 2009-07-04 23:52 . 2003-07-28 13:55 24064 ----a-w- c:\windows\system32\IntelNic.dll 2009-07-04 23:52 . 2003-03-03 23:26 118784 ----a-w- c:\windows\system32\Prounstl.exe 2009-07-04 23:51 . 2009-07-04 23:51 -------- d-----w- c:\program files\Intel 2009-07-04 23:49 . 2009-07-04 23:56 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-07-04 23:49 . 2009-07-04 23:49 -------- d-----w- c:\program files\Realtek 2009-07-04 23:49 . 2004-07-29 23:31 8845312 ------w- c:\windows\RTLCPL.exe 2009-07-04 23:49 . 2004-07-29 20:04 2216128 ------w- c:\windows\system32\drivers\RtkHDAud.Sys 2009-07-04 23:49 . 2004-07-29 01:34 2551808 ------w- c:\windows\alcwzrd.exe 2009-07-04 23:49 . 2004-07-29 00:40 77824 ------w- c:\windows\SoundMan.exe 2009-07-04 23:49 . 2004-06-29 01:50 192512 ------w- c:\windows\system32\RTCOMDLL.dll 2009-07-04 23:49 . 2004-02-27 17:10 156160 ------w- c:\windows\system32\RtlCPAPI.dll 2009-07-04 23:49 . 2009-07-04 23:49 -------- d-----w- c:\program files\Common Files\InstallShield 2009-07-04 23:49 . 2009-07-05 20:34 -------- d-----w- c:\windows\system32\DllCache 2009-07-04 21:53 . 2009-07-04 21:53 -------- d-----w- c:\documents and settings\Brian\Local Settings\Application Data\Yahoo 2009-07-04 21:53 . 2009-07-04 21:53 13104 ----a-w- c:\documents and settings\Brian\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-07-04 21:48 . 2009-07-04 21:48 -------- d-----w- c:\program files\Common Files\Adobe AIR 2009-07-04 21:47 . 2009-07-04 21:47 -------- d-----w- c:\program files\Common Files\Adobe 2009-07-04 21:43 . 2009-07-04 21:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! 2009-07-04 21:43 . 2009-05-27 02:50 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe 2009-07-04 21:43 . 2009-07-04 21:43 -------- d-----w- c:\program files\Yahoo! 2009-07-04 21:28 . 2005-12-18 17:30 6400 ----a-w- c:\windows\system32\drivers\splitter.sys 2009-07-04 21:28 . 2005-12-18 17:30 82944 ----a-w- c:\windows\system32\drivers\wdmaud.sys 2009-07-04 21:28 . 2005-12-18 17:30 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys 2009-07-04 21:28 . 2005-12-18 17:30 54272 ----a-w- c:\windows\system32\drivers\swmidi.sys 2009-07-04 21:28 . 2005-12-18 17:30 142464 ----a-w- c:\windows\system32\drivers\aec.sys 2009-07-04 21:28 . 2005-12-18 17:30 171776 ----a-w- c:\windows\system32\drivers\kmixer.sys 2009-07-04 21:28 . 2005-12-18 17:30 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys 2009-07-04 21:28 . 2005-12-18 17:30 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys 2009-07-04 21:28 . 2005-12-18 17:30 7552 ----a-w- c:\windows\system32\drivers\MSKSSRV.sys 2009-07-04 21:28 . 2005-12-18 17:30 4992 ----a-w- c:\windows\system32\drivers\MSPQM.sys 2009-07-04 21:27 . 2005-12-18 17:30 5376 ----a-w- c:\windows\system32\drivers\MSPCLOCK.sys 2009-07-04 21:27 . 2005-12-18 17:30 4096 ----a-w- c:\windows\system32\ksuser.dll 2009-07-04 21:27 . 2005-12-18 17:30 60288 ----a-w- c:\windows\system32\drivers\drmk.sys 2009-07-04 21:23 . 2009-07-04 21:23 -------- d-----w- c:\documents and settings\Brian\Application Data\Malwarebytes 2009-07-04 21:23 . 2009-06-17 18:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-07-04 21:23 . 2009-07-04 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-07-04 21:23 . 2009-07-04 21:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-07-04 21:23 . 2009-06-17 18:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-05 00:00 . 2009-07-04 12:53 86811 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-07-04 23:54 . 2009-07-04 23:53 -------- d-----w- c:\program files\ATI Technologies 2009-07-04 12:50 . 2009-07-04 12:50 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2009-07-04 12:49 . 2009-07-04 12:49 -------- d-----w- c:\program files\Windows Plus . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-29 344064] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-05 136600] "High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" - c:\windows\system32\Hdaudpropshortcut.exe [2004-03-17 61952] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\AIM\\aim.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8085:TCP"= 8085:TCP:drv R2 WUSB54GSSVC;WUSB54GSSVC;c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe [7/4/2009 7:56 PM 41025] --- Other Services/Drivers In Memory --- *NewlyCreated* - GTNDIS5 . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.altavista.com/ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-05 23:08 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\netdde.exe c:\windows\ehome\ehRecvr.exe c:\windows\ehome\ehSched.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GS.exe c:\windows\system32\dllhost.exe c:\windows\ehome\ehmsas.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2009-07-06 23:09 - machine was rebooted ComboFix-quarantined-files.txt 2009-07-06 03:09 Pre-Run: 27,535,749,120 bytes free Post-Run: 27,704,389,632 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect 150
  10. havoc
    Not sure what happened to my other post.. But i just re ran malwarebytes again and this is the new log.. went from the few in my last post to a multiple amount of virus's along with xp delux protector popped up.. I havent' downloaded anything new since reinstalling window's not sure where they are coming from..Anyway here is the new log thanks for any help Malwarebytes' Anti-Malware 1.38 Database version: 2374 Windows 5.1.2600 Service Pack 2 7/5/2009 10:48:54 PM mbam-log-2009-07-05 (22-48-54).txt Scan type: Quick Scan Objects scanned: 88306 Time elapsed: 4 minute(s), 16 second(s) Memory Processes Infected: 2 Memory Modules Infected: 4 Registry Keys Infected: 16 Registry Values Infected: 10 Registry Data Items Infected: 4 Folders Infected: 0 Files Infected: 30 Memory Processes Infected: c:\WINDOWS\pp10.exe (Worm.Koobface) -> Unloaded process successfully. c:\WINDOWS\ld12.exe (Worm.KoobFace) -> Unloaded process successfully. Memory Modules Infected: C:\WINDOWS\system32\mkfght1.dll (Spyware.OnlineGames) -> Delete on reboot. c:\program files\drv\drv.dll (Rootkit.Agent) -> Delete on reboot. C:\WINDOWS\system32\gdi32lib.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\afmain4.dll (Spyware.OnlineGames) -> Delete on reboot. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3113c6d7-d1bf-4096-94fe-5df265ac881d} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{3113c6d7-d1bf-4096-94fe-5df265ac881d} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\drv (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\drv (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{b360243e-09e8-402f-8721-00b6798089ad} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{4b66e1df-4de3-4cda-83b5-11673eadab0b} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{9692be2f-eb8f-49d9-a11c-c24c1ef734d5} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3113c6d7-d1bf-4096-94fe-5df265ac881d} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{bb4c402f-882a-4526-8c08-51278ea437c1} (Spyware.OnlineGames) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XP Deluxe Protector (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\vmwareapp.vmware (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\vmwareapp.vmware.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\drvdrv (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\drvdrv (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_DRVDRV (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_DRV (Trojan.Agent) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pp (Worm.Koobface) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ertyuop (Spyware.OnlineGames) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{bb4c402f-882a-4526-8c08-51278ea437c1} (Spyware.OnlineGames) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kava (Spyware.OnlineGames) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysldtray (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdoosoft (Spyware.OnlineGames) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\don't load\scui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\don't load\wscui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xpprotect (Rogue.DeluxeProtector) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\drv (Trojan.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\gdi32lib.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mkfght1.dll (Spyware.OnlineGames) -> Delete on reboot. c:\WINDOWS\pp10.exe (Worm.Koobface) -> Quarantined and deleted successfully. c:\program files\drv\drv.dll (Rootkit.Agent) -> Delete on reboot. C:\WINDOWS\system32\rttrwq.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\WINDOWS\system32\afmain4.dll (Spyware.OnlineGames) -> Delete on reboot. c:\WINDOWS\system32\mkfght0.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\autorun.inf (Spyware.OnlineGames) -> Quarantined and deleted successfully. c:\il0byu3h.com (Spyware.OnlineGames) -> Quarantined and deleted successfully. c:\documents and settings\Brian\local settings\Temp\32n1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. c:\documents and settings\Brian\local settings\Temp\32n2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. c:\documents and settings\Brian\local settings\Temp\32n3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. c:\documents and settings\Brian\local settings\temporary internet files\Content.IE5\DHBGV97V\zz[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\documents and settings\Brian\local settings\temporary internet files\Content.IE5\OW9GU7XN\pdrv[1].exe (Worm.Koobface) -> Quarantined and deleted successfully. c:\documents and settings\Brian\local settings\temporary internet files\Content.IE5\P3ZIMJQV\pp.10[1].exe (Worm.Koobface) -> Quarantined and deleted successfully. c:\documents and settings\Brian\local settings\temporary internet files\Content.IE5\Q9E4SS2Z\gdi32lib[1].dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\kavo0.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\WINDOWS\system32\kavo.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. c:\WINDOWS\ld12.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\Brian\Local Settings\Temp\olhrwef.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. c:\WINDOWS\system32\afmain0.dll (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\system32\afmain1.dll (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\system32\afmain2.dll (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\system32\afmain3.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\AhnRpta.exe (Trojan.Backdoor) -> Quarantined and deleted successfully. c:\documents and settings\Brian\Start Menu\XP Deluxe Protector.LNK (Rogue.DeluxeProtector) -> Quarantined and deleted successfully. C:\WINDOWS\system32\e8main0.dll (Worm.Autorun) -> Quarantined and deleted successfully. C:\WINDOWS\010112010146118114.dat (Worm.KoobFace) -> Quarantined and deleted successfully. c:\WINDOWS\0101120101464849.dat (Worm.KoobFace) -> Quarantined and deleted successfully. C:\Program Files\drv\drv.sys (Trojan.Agent) -> Quarantined and deleted successfully.
  11. havoc
    Yes its the linksys speedbooster adapter.. Its the little box with the anteanna that slides up the side of it and a usb cord about 4 feet long. I think i acutally figured it out i went into the service.msc and fooled around with some of the network connections so i think i'm ok now. But if you have any advice on it i'd love to hear it
  12. havoc
    I reinstalled my speedbooster adapter.. when it was installed before instead of using the speedbooster program my computer was set up that my network manager would automatically log me on and also give me a list of available networks in my area.. I had to go threw service.msc and then change some setting there for it to do this instead of using the linksys program.. Now all i get hwne i open wireless network connections is window's cannot configure this connection if you have enabled another program to manage this wirelss connection use that software... My question is how do i go about getting it back to the way it was before i reinstalled.. Thanks in advance
  13. havoc
    i'm actually going to reinstall window's i found my disc.. this should take care of all viruses correct? If that will do it then You can lock this thread.. if not Should i run malware bytes as soon as its reinstalled? Thanks for your help and I'm sorry for any inconvenience
  14. havoc
    sorry it took so long i couldnt get my avg turned off so i had to uninstall it first... here's my combo fix log ComboFix 09-07-02.02 - Tony Montana 07/03/2009 1:25.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.722 [GMT -4:00] Running from: c:\documents and settings\Tony Montana\Desktop\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2009-06-03 to 2009-07-03 ))))))))))))))))))))))))))))))) . 2009-07-01 16:34 . 2009-07-01 16:34 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-06-27 06:16 . 2009-06-27 06:16 -------- d-----w- c:\documents and settings\Tony Montana\Application Data\DivX 2009-06-27 06:14 . 2009-06-27 08:15 -------- d-----w- c:\program files\DivX 2009-06-27 02:24 . 2009-07-02 12:30 -------- d-----w- c:\documents and settings\Tony Montana\Application Data\BitTorrent 2009-06-27 02:24 . 2009-07-03 05:23 -------- d-----w- c:\program files\DNA 2009-06-27 02:24 . 2009-07-03 05:23 -------- d-----w- c:\documents and settings\Tony Montana\Application Data\DNA 2009-06-27 02:24 . 2009-06-27 02:24 -------- d-----w- c:\program files\BitTorrent 2009-06-27 02:24 . 2009-06-27 02:24 -------- d-----w- c:\documents and settings\Tony Montana\Local Settings\Application Data\DNA 2009-06-27 01:21 . 2009-06-30 02:26 -------- d-----w- C:\Downloads 2009-06-27 01:21 . 2009-06-27 05:52 -------- d-----w- c:\program files\BitComet 2009-06-25 21:57 . 2009-06-25 21:57 -------- d-----w- c:\program files\SystemRequirementsLab 2009-06-21 04:08 . 2009-06-21 04:08 135 ----a-w- c:\documents and settings\Tony Montana\Local Settings\Application Data\fusioncache.dat 2009-06-21 04:08 . 2009-06-21 04:08 -------- d-----w- c:\documents and settings\Tony Montana\Application Data\Pandora's Box 2 2009-06-21 04:07 . 2009-06-21 04:07 -------- d-----w- c:\windows\system32\URTTEMP 2009-06-20 08:04 . 2009-06-20 08:04 -------- d-----w- c:\documents and settings\Tony Montana\Application Data\Camfrog 2009-06-20 08:04 . 2009-06-20 08:11 -------- d-----w- c:\program files\Camfrog 2009-06-18 01:49 . 2009-06-18 01:49 -------- d-----w- c:\windows\system32\wbem\snmp 2009-06-18 01:49 . 2009-06-18 01:49 -------- d-----w- c:\windows\system32\xircom 2009-06-18 01:49 . 2009-06-18 01:49 -------- d-----w- c:\program files\microsoft frontpage 2009-06-18 01:27 . 2009-06-18 01:27 -------- d-----w- c:\windows\system32\scripting 2009-06-18 01:27 . 2009-06-18 01:27 -------- d-----w- c:\windows\l2schemas 2009-06-18 01:27 . 2009-06-18 01:27 -------- d-----w- c:\windows\system32\en 2009-06-18 01:27 . 2009-06-18 01:27 -------- d-----w- c:\windows\system32\bits 2009-06-18 01:21 . 2009-06-18 01:28 -------- d-----w- c:\windows\ServicePackFiles 2009-06-16 07:57 . 2009-06-16 07:57 -------- d-----w- c:\program files\Razor 2009-06-16 07:56 . 1998-10-02 17:43 179712 ----a-w- c:\windows\UOUninst.exe 2009-06-16 07:54 . 2009-06-17 02:24 -------- d-----w- c:\program files\Ultima Online 2009-06-16 02:10 . 2009-06-16 02:10 -------- d-----w- c:\program files\uo 2009-06-15 06:02 . 2009-06-15 06:02 -------- d-----w- c:\program files\iDump (Freeware) 2009-06-15 02:10 . 2009-06-15 02:10 -------- d-----w- c:\program files\PowerQuest 2009-06-14 19:55 . 2009-06-14 19:55 -------- d--h--w- c:\windows\PIF 2009-06-14 06:37 . 2009-06-14 06:37 97248 ----a-w- c:\windows\system32\drivers\snapman.sys 2009-06-14 00:44 . 2008-04-14 00:12 32768 ------w- c:\windows\system32\setupn.exe 2009-06-14 00:43 . 2008-04-14 00:11 61440 ------w- c:\windows\system32\kmsvc.dll 2009-06-14 00:42 . 2008-04-14 00:11 94208 ------w- c:\windows\system32\eappgnui.dll 2009-06-11 22:42 . 2008-06-10 15:57 2364472 ------w- c:\windows\system32\dllcache\WMVCore.dll 2009-06-11 22:08 . 2009-06-11 22:08 152576 ----a-w- c:\documents and settings\Tony Montana\Application Data\Sun\Java\jre1.6.0_14\lzma.dll 2009-06-11 21:23 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys 2009-06-11 21:23 . 2008-10-24 11:21 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys 2009-06-11 21:22 . 2009-06-02 17:37 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll 2009-06-11 21:20 . 2008-12-11 10:57 333952 ------w- c:\windows\system32\dllcache\srv.sys 2009-06-11 21:20 . 2008-05-01 14:33 331776 ------w- c:\windows\system32\dllcache\msadce.dll 2009-06-11 21:20 . 2008-04-11 19:04 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll 2009-06-11 21:20 . 2008-10-03 10:02 247326 ------w- c:\windows\system32\dllcache\strmdll.dll 2009-06-11 21:19 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll 2009-06-11 21:19 . 2008-09-04 17:15 1106944 ------w- c:\windows\system32\dllcache\msxml3.dll 2009-06-11 21:19 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll 2009-06-11 21:19 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe 2009-06-11 21:19 . 2009-06-11 21:22 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar 2009-06-10 06:54 . 2009-06-10 06:54 -------- d-----w- c:\documents and settings\Tony Montana\Local Settings\Application Data\Help 2009-06-10 06:50 . 2008-10-16 18:06 268648 ----a-w- c:\windows\system32\mucltui.dll 2009-06-10 06:50 . 2008-10-16 18:06 208744 ----a-w- c:\windows\system32\muweb.dll 2009-06-08 01:16 . 2009-06-08 01:16 -------- d-----w- c:\documents and settings\Tony Montana\Local Settings\Application Data\Identities 2009-06-07 19:06 . 2009-06-07 19:06 -------- d-----w- c:\windows\Sun 2009-06-05 02:32 . 2009-06-05 02:32 -------- d-----w- c:\documents and settings\Tony Montana\Local Settings\Application Data\Gas Powered Games 2009-06-04 00:57 . 2009-06-20 21:43 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-01 16:35 . 2009-05-27 22:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-06-21 04:15 . 2009-05-24 01:47 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-06-19 03:39 . 2009-05-20 21:32 44304 ----a-w- c:\documents and settings\Tony Montana\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-06-18 01:30 . 2009-05-20 06:30 86811 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-06-17 15:27 . 2009-05-27 22:39 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-17 15:27 . 2009-05-27 22:39 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-16 02:38 . 2009-05-20 17:05 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-06-11 22:09 . 2009-05-20 06:35 -------- d-----w- c:\program files\Java 2009-06-03 01:34 . 2009-06-03 01:34 -------- d-----w- c:\program files\Microsoft 2009-06-03 01:34 . 2009-06-03 01:33 -------- d-----w- c:\program files\Windows Live 2009-06-03 01:33 . 2009-06-03 01:33 -------- d-----w- c:\program files\Windows Live SkyDrive 2009-05-31 23:39 . 2009-05-31 23:39 -------- d-----w- c:\documents and settings\Tony Montana\Application Data\MySpace 2009-05-31 23:39 . 2009-05-31 23:38 7040776 ----a-w- c:\documents and settings\Tony Montana\Application Data\MySpace\IM\Install\MSIMClientSetup.1.0.789.0-static-A.exe 2009-05-30 21:50 . 2009-05-30 21:50 -------- d-----w- c:\program files\AVG 2009-05-30 01:15 . 2009-05-30 01:15 2560 ----a-w- c:\windows\_MSRSTRT.EXE 2009-05-29 18:48 . 2009-05-29 05:58 -------- d-----w- c:\documents and settings\Tony Montana\Application Data\SUPERAntiSpyware.com 2009-05-29 06:05 . 2009-05-29 06:04 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2009-05-29 06:04 . 2009-05-29 06:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com 2009-05-29 06:01 . 2009-05-29 06:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-05-29 05:58 . 2009-05-29 05:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-05-27 05:48 . 2009-05-27 05:48 123904 ----a-w- c:\windows\system32\cdmr.dll 2009-05-27 05:48 . 2009-05-27 05:48 123904 ----a-w- c:\windows\system32\ativcox.dll 2009-05-27 05:37 . 2009-05-27 05:37 -------- d-----w- c:\documents and settings\Tony Montana\Application Data\Malwarebytes 2009-05-27 05:37 . 2009-05-27 05:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-05-24 01:49 . 2009-05-24 01:48 -------- d-----w- c:\documents and settings\Tony Montana\Application Data\Ventrilo 2009-05-24 01:48 . 2009-05-24 01:48 -------- d-----w- c:\program files\Ventrilo 2009-05-23 20:06 . 2009-05-23 20:06 -------- d-----w- c:\documents and settings\Tony Montana\Application Data\Viewpoint 2009-05-23 17:41 . 2009-05-23 17:41 0 ----a-w- c:\windows\nsreg.dat 2009-05-23 06:08 . 2009-05-20 20:02 152576 ----a-w- c:\documents and settings\Tony Montana\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2009-05-22 05:00 . 2009-05-22 05:00 -------- d-----w- c:\program files\Common Files\Windows Live 2009-05-22 04:51 . 2009-05-21 23:20 -------- d-----w- c:\program files\Viewpoint 2009-05-21 23:21 . 2009-05-21 23:21 -------- d-----w- c:\documents and settings\Tony Montana\Application Data\Aim 2009-05-21 23:21 . 2009-05-21 23:20 -------- d-----w- c:\program files\AIM 2009-05-21 23:20 . 2009-05-21 23:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint 2009-05-21 23:20 . 2009-05-21 23:20 -------- d-----w- c:\program files\AOD 2009-05-21 15:33 . 2009-05-20 06:35 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-05-21 04:19 . 2009-05-20 06:38 -------- d-----w- c:\program files\Common Files\Adobe 2009-05-21 03:44 . 2009-05-21 03:44 -------- d-----w- c:\program files\Realtek 2009-05-21 02:35 . 2009-05-21 02:35 -------- d-----w- c:\documents and settings\Tony Montana\Application Data\InstallShield 2009-05-21 02:32 . 2009-05-21 02:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Corporation 2009-05-21 02:32 . 2009-05-21 02:31 -------- d-----w- c:\program files\Sony 2009-05-21 02:32 . 2009-05-20 17:05 -------- d-----w- c:\program files\Common Files\InstallShield 2009-05-21 02:31 . 2009-05-21 02:31 -------- d-----w- c:\program files\Common Files\Sony Shared 2009-05-21 02:31 . 2009-05-21 02:31 -------- d-----w- c:\documents and settings\Tony Montana\Application Data\Sony Corporation 2009-05-21 01:47 . 2009-05-21 01:47 -------- d-----w- c:\documents and settings\LocalService\Application Data\DivX 2009-05-20 22:17 . 2009-05-20 22:01 -------- d-----w- c:\program files\CamStudio 2009-05-20 21:56 . 2009-05-20 21:51 -------- d-----w- c:\program files\Yahoo! 2009-05-20 21:55 . 2009-05-20 21:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! 2009-05-20 21:54 . 2009-05-20 21:54 -------- d-----w- c:\documents and settings\Tony Montana\Application Data\Yahoo! 2009-05-20 19:45 . 2009-05-20 19:45 -------- d-----w- c:\program files\Linksys Wireless-G USB Wireless Network Monitor 2009-05-20 19:33 . 2009-05-20 19:33 1915520 ----a-w- c:\documents and settings\Tony Montana\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe 2009-05-20 17:14 . 2009-05-20 17:14 -------- d-----w- c:\program files\Intel 2009-05-20 17:11 . 2009-05-20 17:11 -------- d-----w- c:\program files\ATI Technologies 2009-05-20 07:09 . 2009-05-20 07:09 -------- d-----w- c:\program files\Microsoft.NET 2009-05-20 07:09 . 2009-05-20 07:09 -------- d-----w- c:\program files\Microsoft ActiveSync 2009-05-20 06:57 . 2009-05-20 06:57 -------- d-----w- c:\program files\UltraISO 2009-05-20 06:57 . 2009-05-20 06:57 -------- d-----w- c:\program files\Common Files\EZB Systems 2009-05-20 06:56 . 2009-05-20 06:56 -------- d-----w- c:\documents and settings\Tony Montana\Application Data\Media Player Classic 2009-05-20 06:55 . 2009-05-20 06:55 -------- d-----w- c:\program files\K-Lite Codec Pack 2009-05-20 06:38 . 2009-05-20 06:38 -------- d-----w- c:\program files\Common Files\Adobe AIR 2009-05-20 06:27 . 2009-05-20 06:27 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2009-05-20 06:26 . 2009-05-20 06:26 -------- d-----w- c:\program files\Windows Plus 2009-05-13 19:32 . 2009-05-20 21:51 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe 2009-05-07 15:32 . 2004-08-10 05:00 345600 ----a-w- c:\windows\system32\localspl.dll 2009-05-01 21:03 . 2009-05-21 02:32 129784 ------w- c:\windows\system32\pxafs.dll 2009-05-01 21:03 . 2009-05-21 02:32 120056 ------w- c:\windows\system32\pxcpyi64.exe 2009-05-01 21:03 . 2009-05-21 02:32 118520 ------w- c:\windows\system32\pxinsi64.exe 2009-05-01 21:03 . 2009-05-20 06:26 43528 ------w- c:\windows\system32\drivers\pxhelp20.sys 2009-04-29 04:46 . 2004-08-10 05:00 666624 ----a-w- c:\windows\system32\wininet.dll 2009-04-29 04:46 . 2004-08-10 05:00 81920 ----a-w- c:\windows\system32\ieencode.dll 2009-04-17 12:26 . 2004-08-10 05:00 1847168 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 14:51 . 2004-08-10 05:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-06-16 13:29 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-06-27 342848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-29 344064] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888] "SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-07-28 77824] "AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2004-07-28 2551808] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Documents and Settings\\Tony Montana\\Desktop\\New Folder\\RunUO.exe"= "c:\\Program Files\\Ultima Online\\transerv\\transerv.exe"= "c:\\Program Files\\Ultima Online\\client.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\DNA\\btdna.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list] "19163:TCP"= 19163:TCP:BitComet 19163 TCP "19163:UDP"= 19163:UDP:BitComet 19163 UDP R2 WUSB54GSSVC;WUSB54GSSVC;c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe [5/20/2009 3:45 PM 41025] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.altavista.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Tony Montana\Application Data\Mozilla\Firefox\Profiles\pfy3fxmt.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.altavista.com/ FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-03 01:28 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1004336348-287218729-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID] @Denied: (Full) (LocalSystem) . Completion time: 2009-07-03 1:29 ComboFix-quarantined-files.txt 2009-07-03 05:29 Pre-Run: 34,622,193,664 bytes free Post-Run: 34,922,938,368 bytes free 203 --- E O F --- 2009-07-02 16:13
  15. havoc
    Ok i have the first log from last night after i removed everything from the above... and then i have the log that i just did after updating malwarebytes.... I have avg anti virus free running constantly.. thats the only anti virus i'm running right now... Malwarebytes' Anti-Malware 1.37 Database version: 2195 Windows 5.1.2600 Service Pack 3 6/30/2009 6:40:29 PM mbam-log-2009-06-30 (18-40-29).txt Scan type: Full Scan (C:\|) Objects scanned: 136600 Time elapsed: 25 minute(s), 0 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 9 Folders Infected: 0 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.12,85.255.112.112 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{90a680c2-b00d-4d4a-b03f-a6a99fd24fdd}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.12,85.255.112.112 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c0e956b6-5036-47ea-8d94-bddfb8f9c6c3}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.12,85.255.112.112 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.12,85.255.112.112 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{90a680c2-b00d-4d4a-b03f-a6a99fd24fdd}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.12,85.255.112.112 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{c0e956b6-5036-47ea-8d94-bddfb8f9c6c3}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.12,85.255.112.112 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.12,85.255.112.112 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{90a680c2-b00d-4d4a-b03f-a6a99fd24fdd}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.12,85.255.112.112 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{c0e956b6-5036-47ea-8d94-bddfb8f9c6c3}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.12,85.255.112.112 -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: c:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\WINDOWS\temp\tempo-1516421.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully. c:\WINDOWS\temp\tempo-1516640.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully. here is the updated scan as well Malwarebytes' Anti-Malware 1.38 Database version: 2358 Windows 5.1.2600 Service Pack 3 7/1/2009 1:17:05 PM mbam-log-2009-07-01 (13-17-05).txt Scan type: Full Scan (C:\|) Objects scanned: 148520 Time elapsed: 30 minute(s), 52 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 3 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSIVXserv.sys (Trojan.Agent) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mms (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\documents and settings\tony montana\doctorweb\quarantine\A0022081.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully. c:\WINDOWS\KBPK090527.log (Malware.Trace) -> Quarantined and deleted successfully.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.