Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

VIRUS ALERT in taskbar! [CLOSED]


  • This topic is locked This topic is locked

#1
hisom09

hisom09

    New Member

  • Member
  • Pip
  • 1 posts
Hi!

Just wondering if anyone can help me.
I have some malware which has thrown my pc into a bit of trouble at the moment.
It shows up VIRUS ALERT! in the bottom righthand corner of my task bar, and comes up with the words VIRUS ALERT after everything where the date/time are used. ie at the end of my emails after the date I received them, or in folder where I change the list of files in there to detail.
I have downloaded and ran SUPERAntiSpyware, Malwarebytes' Anti-Malware, AVG (free edition), Spyware Doctor, and adaware, but its still coming up with this problem.
It also doesnt show my 'C Drive' when I open the My Computer icon.

When I ran Combo Fix, it no longer says VIRUS ALERT in my taskbar but the time is in military time and I wanted to see if there are any lingering virus's still.


Please help!

Thanks in advance!


Here is my Combo Fix Log:

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\ebvs.exe
C:\WINDOWS\gpefaowr.exe
C:\WINDOWS\setup.exe
C:\WINDOWS\Sys4.exe
C:\WINDOWS\Sys5.exe
C:\WINDOWS\system32\CJijQqss.ini
C:\WINDOWS\system32\CJijQqss.ini2
C:\WINDOWS\system32\cltuxgks.ini
C:\WINDOWS\system32\guhounrg.dll
C:\WINDOWS\system32\iweebekp.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\pybhmeaj.dll
C:\WINDOWS\system32\rtqrwaog.ini
C:\WINDOWS\system32\tqtihsks.ini
C:\WINDOWS\system32\vnvtucgb.ini

.
((((((((((((((((((((((((( Files Created from 2008-06-15 to 2008-07-15 )))))))))))))))))))))))))))))))
.

2008-07-15 14:07 . 2008-07-15 14:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-15 14:06 . 2008-07-15 14:06 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-07-15 14:06 . 2008-07-15 14:06 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-15 14:06 . 2008-07-15 14:06 <DIR> d-------- C:\Documents and Settings\Kevin Mickaelian\Application Data\SUPERAntiSpyware.com
2008-07-15 12:26 . 2008-07-15 12:26 <DIR> d-------- C:\Program Files\CCleaner
2008-07-10 22:56 . 2008-07-10 22:58 184 --a------ C:\WINDOWS\wininit.ini
2008-07-10 20:48 . 2008-07-10 01:33 24,064 --a------ C:\WINDOWS\Sys5F.exe
2008-07-10 20:48 . 2008-07-10 01:33 23,552 --a------ C:\WINDOWS\Sys60.exe
2008-07-10 20:48 . 2008-07-10 01:33 23,040 --a------ C:\WINDOWS\Sys61.exe
2008-07-02 19:13 . 2008-07-02 19:25 <DIR> d-------- C:\Holly-IS Work File
2008-06-28 13:31 . 2008-06-28 13:31 25,088 --a------ C:\Bidding Procedure 3.17.08.xls
2008-06-28 13:20 . 2008-06-28 13:20 17,920 --a------ C:\Job Handoff Meeting Agenda 5.13.08.xls
2008-06-28 13:16 . 2008-06-28 13:16 149,733 --a------ C:\Role description - Estimator 3.31.08.rtf
2008-06-28 13:04 . 2008-06-28 13:04 14,336 --a------ C:\Strategic planning follow-up meeting 6.26.08.xls
2008-06-28 13:04 . 2008-06-28 13:04 0 --a------ C:\WINDOWS\webica.ini
2008-06-23 18:08 . 2008-02-28 17:57 12,800 --a------ C:\WINDOWS\system32\EKDeviceServices.dll
2008-06-23 17:02 . 2008-02-15 06:03 335,872 --a------ C:\WINDOWS\system32\EKIJ5000MON.dll
2008-06-22 11:51 . 2008-06-22 11:51 <DIR> d-------- C:\Program Files\Intuit
2008-06-22 11:51 . 2008-06-22 11:51 <DIR> d-------- C:\Program Files\Common Files\AnswerWorks 4.0
2008-06-22 11:51 . 1999-05-10 00:00 1,694,992 --a------ C:\WINDOWS\system32\vba6.dll
2008-06-22 11:51 . 1999-05-07 00:00 1,009,136 --a------ C:\WINDOWS\system32\Mschrt20.ocx
2008-06-22 11:51 . 2000-11-15 13:46 999,424 --a------ C:\WINDOWS\system32\SPR32X30.ocx
2008-06-22 11:51 . 2000-11-15 13:46 737,280 --a------ C:\WINDOWS\system32\spr32d30.dll
2008-06-22 11:51 . 2003-07-07 18:30 647,872 --a------ C:\WINDOWS\system32\mscomct2.ocx
2008-06-22 11:51 . 2002-09-20 08:45 339,968 --a------ C:\WINDOWS\system32\cdintf.dll
2008-06-22 11:51 . 1999-05-07 00:00 244,232 --a------ C:\WINDOWS\system32\Msflxgrd.ocx
2008-06-22 11:51 . 2000-12-06 13:02 209,608 --a------ C:\WINDOWS\system32\TABCTL32.OCX
2008-06-22 11:51 . 2000-05-22 01:00 203,976 --a------ C:\WINDOWS\system32\RICHTX32.OCX
2008-06-22 11:51 . 1996-01-12 00:00 200,704 --a------ C:\WINDOWS\system32\THREED32.OCX
2008-06-22 11:50 . 2008-06-22 11:52 <DIR> d-------- C:\WINDOWS\Intuit
2008-06-20 10:41 . 2008-06-20 10:41 245,248 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 03:44 . 2008-06-20 03:44 138,368 -----c--- C:\WINDOWS\system32\dllcache\afd.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-15 19:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-11 06:11 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-11 03:54 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-28 19:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\kds_kodak
2008-06-24 01:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company
2008-06-23 23:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kodak
2008-06-22 18:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-22 18:52 --------- d-----w C:\Program Files\Common Files\Intuit
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 23:28 --------- d-----w C:\Documents and Settings\Kevin Mickaelian\Application Data\Apple Computer
2008-05-28 19:22 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-05-08 00:59 836 ----a-w C:\Documents and Settings\Kevin Mickaelian\Application Data\wklnhst.dat
2007-07-10 21:29 31,744 ----a-w C:\Program Files\km graphix.ve
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-03-11 18:48 4841472]
"CreateCD_Reminder"="C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe" [2004-07-16 12:17 53248]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe" [2004-08-16 11:38 32881]
"VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [2004-01-17 03:36 135168]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-12-22 17:45 71280]
"URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [2003-12-11 12:35 70800]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 22:08 28672]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 17:19 129536]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 21:26 368706]
"IPInSightLAN 02"="C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" [2003-06-11 01:52 380928]
"IPInSightMonitor 02"="C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" [2003-06-11 01:52 122880]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2003-12-10 04:52 380928]
"EPSON Stylus Photo R300 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE" [2003-06-04 03:00 99840]
"Tracker"="C:\Program Files\MySoftware\MyInvoices\tracker.exe" [2002-11-25 12:22 102400]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 16:57 282624]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-04-11 17:46 95960]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-03-13 20:47 6731312]
"EKIJ5000StatusMonitor"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2008-02-15 06:03 1052672]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-23 11:43 88363 C:\WINDOWS\AGRSMMSG.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
IEEE 802.11g USB Wireless LAN Utility.lnk - C:\Program Files\IEEE 802.11g USB Wireless LAN\Wireless LAN\WlanUtil.exe [2008-05-08 20:52:14 479232]
MySoftware NewsFlash.lnk - C:\Program Files\Common Files\MySoftware\Newsflsh.exe [2005-04-08 19:54:29 233472]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-06-22 11:51:55 724992]
Remocon Driver.lnk - C:\Program Files\sony\usbsircs\usbsircs.exe [2004-11-24 16:14:53 229376]
SBC Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2005-04-07 19:55:29 217088]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= C:\PROGRA~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll
"SENTINEL"= snti386.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\VE LXi Expert 6\\Program\\App.exe"=
"C:\\Program Files\\IEEE 802.11g USB Wireless LAN\\Wireless LAN\\WlanUtil.exe"=

R2 KodakSvc;Kodak AiO Device Service;C:\Program Files\Kodak\printer\center\KodakSvc.exe [2008-02-28 17:57]
R2 Par1284;Par1284;C:\Program Files\VE LXi Expert 6\Program\Par1284.sys [2001-05-07 12:04]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\BRGSp50.sys [2005-06-08 18:44]
S3 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe [2004-07-08 22:26]
S3 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe [2004-07-08 22:17]
S3 ZD1211BU(WLAN);IEEE 802.11g USB Wireless LAN(WLAN);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 11:38]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{665a1dba-04ea-11dc-b350-0011d80010ed}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da747384-3e6d-11d9-9ff2-806d6172696f}]
\shell\AutoRun\command - R:\Autorun.exe

.
- - - - ORPHANS REMOVED - - - -

BHO-{2795888A-D593-46AB-A756-2ED3FBFDECE7} - (no file)
BHO-{5BF80E72-9D8F-47B0-9CC5-A951202037B2} - C:\WINDOWS\system32\ssqQjiJC.dll
BHO-{DE9494CD-A282-456F-8B7C-00CCD25FD69C} - (no file)
BHO-{F16BA8D7-3DA7-4C34-9CDD-FAF8E2218B0B} - (no file)
HKCU-Run-Yahoo! Pager - C:\Program Files\Yahoo!\Messenger\ypager.exe
HKCU-Run-Sys3.exe - C:\Windows\Sys3.exe
HKLM-Run-Antivirus - C:\Program Files\VAV\vav.exe
HKLM-Run-Sys8.exe - C:\Windows\Sys8.exe
HKLM-Run-Sys9.exe - C:\Windows\Sys9.exe
HKLM-Run-5c7bb784 - C:\WINDOWS\system32\pkebeewi.dll
HKLM-Run-Sys2.exe - C:\Windows\Sys2.exe
HKLM-Run-Sys3.exe - C:\Windows\Sys3.exe
SSODL-fdxbameg-{72AC2ACB-4DF4-4155-A864-36FC55E9610C} - C:\WINDOWS\fdxbameg.dll
SSODL-fsrpknov-{19B620C1-C944-4DBC-948C-91605E1D7DD1} - C:\WINDOWS\fsrpknov.dll
Notify-pmnoNDUN - pmnoNDUN.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-15 15:12:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jucheck.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\symwsc.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-07-15 15:15:18 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-15 22:15:13

Pre-Run: 175,768,637,440 bytes free
Post-Run: 175,654,998,016 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

197 --- E O F --- 2008-07-10 16:41:20
  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Welcome to GTG.

Double click on C:\WINDOWS\wininit.ini and post the contents of that file here. Delete all the contents. Then copy & paste the below two lines back and save it:

[rename]
nul=

Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy the text from the quotebox below into Notepad:

KILLALL::
File::
C:\WINDOWS\Sys5F.exe
C:\WINDOWS\Sys60.exe
C:\WINDOWS\Sys61.exe

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.
  • 0

#3
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP