Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virus and Malware

Started by hockeybum16 , Jul 09 2008 07:32 PM

  • Please log in to reply

#1
hockeybum16
Posted 09 July 2008 - 07:32 PM

hockeybum16

    New Member

  • Member
  • Pip
  • 1 posts
Got a Windows XP antivirus program that kept coming up. It changed my background and everything. I think I may have got rid of that, but now there is a Malware Protecter 2008 that always pops up. Here is my log from combo fix.



ComboFix 08-07-09.2 - Micky P 2008-07-09 21:06:49.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.478 [GMT -4:00]
Running from: C:\Documents and Settings\Micky P\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\How to Register Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\License Agreement.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Register Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Uninstall.lnk
C:\Documents and Settings\Micky P\Application Data\inst.exe
C:\Documents and Settings\Micky P\Application Data\Microsoft\Internet Explorer\Quick Launch\Malware Protector 2008.lnk
C:\Documents and Settings\Micky P\Application Data\rhce5pj0en8e
C:\Documents and Settings\Micky P\Application Data\shcc5pj0en8e
C:\Program Files\shcc5pj0en8e
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\mainms.vpi
C:\WINDOWS\megavid.cdt
C:\WINDOWS\muotr.so
C:\WINDOWS\system32\blphca5pj0en8e.scr
C:\WINDOWS\system32\hljwugsf.bin
C:\WINDOWS\system32\hrvtmoutopqk.dll
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\oeminfo.ini
C:\WINDOWS\system32\phca5pj0en8e.bmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSSECURITY1.209.4
-------\Legacy_NETWORK_MONITOR


((((((((((((((((((((((((( Files Created from 2008-06-10 to 2008-07-10 )))))))))))))))))))))))))))))))
.

2008-07-09 21:11 . 1,349 C:\WINDOWS\BPSADB.fix
2008-07-09 20:28 . 2008-07-09 21:11 <DIR> d-------- C:\Program Files\BPS Remover
2008-07-09 20:28 . 2005-08-27 03:38 1,435,272 --a------ C:\WINDOWS\system32\Flash.ocx
2008-07-08 12:35 . 2008-07-08 12:36 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-07-06 15:33 . 2008-07-06 15:33 <DIR> d-------- C:\Documents and Settings\Micky P\Application Data\Malwarebytes
2008-07-06 15:33 . 2008-07-06 15:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-06 15:18 . 2008-07-06 15:18 <DIR> d-------- C:\VundoFix Backups
2008-07-06 15:12 . 2008-07-06 15:12 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-07-06 15:03 . 2008-07-06 15:03 <DIR> d-------- C:\Program Files\uTorrent
2008-07-06 15:03 . 2008-07-06 15:03 <DIR> d-------- C:\Documents and Settings\Micky P\Application Data\uTorrent
2008-07-06 14:51 . 2008-07-06 14:55 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-07-06 14:49 . 2008-01-19 14:50 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-07-06 14:45 . 2008-07-08 18:15 <DIR> d--hs---- C:\WINDOWS\TWlja3kgUA
2008-07-06 14:45 . 2008-07-06 14:45 64,317 --a------ C:\WINDOWS\system32\vijhtqvkopryguq.exe
2008-07-06 14:44 . 2008-07-08 18:16 <DIR> d-------- C:\WINDOWS\system32\tfig
2008-07-06 14:44 . 2008-07-08 18:16 <DIR> d-------- C:\WINDOWS\system32\olixds06
2008-07-06 14:44 . 2008-07-08 18:16 <DIR> d-------- C:\WINDOWS\system32\net
2008-07-06 14:44 . 2008-07-06 14:44 <DIR> d-------- C:\WINDOWS\system32\cREG
2008-07-06 14:44 . 2008-07-08 18:16 <DIR> d-------- C:\WINDOWS\system32\1030
2008-07-06 14:44 . 2008-07-06 14:45 <DIR> d-------- C:\Temp\stmpv4
2008-07-06 14:44 . 2008-07-06 14:44 <DIR> d-------- C:\Program Files\fqbhune
2008-07-06 14:44 . 2008-07-08 14:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\wfyzafwv
2008-07-06 12:20 . 2008-07-06 12:36 <DIR> d-------- C:\Program Files\Google
2008-07-06 12:20 . 2008-07-09 21:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-02 21:43 . 2008-07-02 21:43 <DIR> d-------- C:\Documents and Settings\Micky P\Application Data\acccore
2008-07-02 21:42 . 2008-07-02 21:42 <DIR> d-------- C:\Program Files\AIM Search
2008-07-02 21:42 . 2008-07-02 21:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-07-02 21:42 . 2008-07-02 21:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\acccore
2008-07-02 21:41 . 2008-07-02 21:42 <DIR> d-------- C:\Program Files\AIM6
2008-06-30 16:16 . 2008-07-08 14:21 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-30 16:16 . 2008-06-30 16:16 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-30 16:08 . 2008-06-30 16:08 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-06-30 16:08 . 2008-06-30 16:09 <DIR> d-------- C:\Program Files\QuickTime
2008-06-30 16:08 . 2008-06-30 16:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-30 16:05 . 2008-06-30 16:07 <DIR> d-------- C:\Program Files\Common Files\Kodak
2008-06-30 16:01 . 2008-06-30 16:08 <DIR> d-------- C:\Program Files\Kodak
2008-06-30 15:59 . 2008-06-30 16:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kodak
2008-06-20 13:41 . 2008-06-20 13:41 245,248 --------- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 06:44 . 2008-06-20 06:44 138,368 --------- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-10 15:49 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 15:49 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-03 01:42 --------- d-----w C:\Program Files\Viewpoint
2008-07-03 01:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-07-03 01:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-07-03 01:41 --------- d-----w C:\Program Files\Common Files\AOL
2008-07-01 19:37 --------- d-----w C:\Documents and Settings\Micky P\Application Data\LimeWire
2008-06-21 14:18 --------- d-----w C:\Documents and Settings\Micky P\Application Data\U3
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-16 00:29 --------- d-----w C:\Documents and Settings\Micky P\Application Data\Vso
2008-06-07 17:15 --------- d-----w C:\Program Files\Azureus
2008-06-07 17:15 --------- d-----w C:\Documents and Settings\Micky P\Application Data\Azureus
2008-05-31 17:16 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-05-31 17:16 47,360 ----a-w C:\Documents and Settings\Micky P\Application Data\pcouffin.sys
2008-05-29 17:40 --------- d-----w C:\Documents and Settings\Micky P\Application Data\PC Tools
2008-05-29 17:39 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-29 17:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8(2)
2008-05-29 14:17 --------- d-----w C:\Program Files\VSO
2007-06-08 01:14 88 --sh--r C:\WINDOWS\system32\27D3D62817.sys
2007-06-08 01:15 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-08-28 23:57 395776]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-06-19 13:51 50528]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-06 12:20 68856]
"BPS Spyware Remover"="C:\Program Files\BPS Remover\BPSRem.exe" [2007-09-17 10:18 610304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 22:49 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 22:46 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 22:50 114688]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 20:48 761947]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 17:08 1347584]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 18:19 53248]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 03:05 127035]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 18:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 18:50 81920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 15:49 1121280]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 01:30 282624 C:\WINDOWS\stsystra.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 20:48 434528]

C:\Documents and Settings\Micky P\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-11-22 17:16:28 24576]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-05-10 07:15:28 282624]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-04 00:07:32 81920]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2008-02-05 15:29:20 54512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"strappadm"= {1C2AB994-3CF2-5BF3-24FE-04F843ABF5F7} - C:\Program Files\fqbhune\strappadm.dll [2008-07-06 14:44 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 17:38]
S1 compbattt;compbattt;C:\WINDOWS\system32\drivers\compbattt.sys []
S3 GameConsoleService;GameConsoleService;C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe [2008-01-08 02:25]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{262c3456-ccfa-11dc-a99f-0015c57451da}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-06-30 20:00:14 C:\WINDOWS\Tasks\EasyShare Registration RunOnce Task.job"
- C:\WINDOWS\system32\rundll32.exesC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.8.20.2.sxt _RegistrationOfferSilence@16
"2008-06-30 19:59:50 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.8.20.2.sxt _RegistrationOffer@16
"2008-07-10 01:13:53 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-BPS Remover - C:\Program Files\BPS Remover\SpyRem.exe
HKLM-Run-{4d02f227-2de0-47aa-ad76-bc01d6ca32cd} - C:\WINDOWS\system32\hrvtmoutopqk.dll
HKLM-Run-SMshcc5pj0en8e - C:\Program Files\shcc5pj0en8e\shcc5pj0en8e.exe
Notify-WgaLogon - (no file)


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-09 21:11:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2008-07-09 21:16:19 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-10 01:16:15

Pre-Run: 35,324,731,392 bytes free
Post-Run: 37,398,310,912 bytes free

202 --- E O F --- 2008-07-09 23:00:05





any help would be great....thanks in advance
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP