Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

360 virus


  • Please log in to reply

#1
roacham

roacham

    Member

  • Member
  • PipPipPip
  • 245 posts
Hi I didnt get back to you in time so the subject was closed. My computer kept freezing. I did get it to work and did the ComboFix and these are my results. Thank you again.





ComboFix 09-04-27.05 - gina 04/28/2009 14:41.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.196 [GMT -5:00]
Running from: c:\documents and settings\gina\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\program files\Common Files\System\Uninstall

----- BITS: Possible infected sites -----

hxxp://dna65.fastaccess.com
.
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-28 )))))))))))))))))))))))))))))))
.

2009-04-28 02:12 . 2009-04-28 02:15 -------- d-----w c:\documents and settings\ty zook\Local Settings\Application Data\Adobe
2009-04-15 02:47 . 2009-04-15 02:47 -------- d-----w c:\documents and settings\ty zook\Application Data\MySpace
2009-04-15 01:40 . 2009-03-06 14:44 283648 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-15 01:40 . 2005-07-26 04:39 60416 -c----w c:\windows\system32\dllcache\colbact.dll
2009-04-15 01:40 . 2009-02-09 10:20 399360 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 01:40 . 2009-02-06 17:14 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-15 01:40 . 2009-02-09 10:20 473088 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 01:40 . 2009-02-06 16:39 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 01:40 . 2009-02-09 10:20 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 01:40 . 2009-02-09 10:20 616960 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 01:40 . 2009-02-09 10:20 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 01:38 . 2008-04-21 10:02 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-11 19:17 . 2009-04-11 20:38 -------- d-----w c:\program files\EsetOnlineScanner
2009-04-06 13:18 . 2009-04-06 13:18 -------- d-----w c:\documents and settings\ty zook\Local Settings\Application Data\Apple
2009-04-03 20:57 . 2009-04-03 20:57 -------- d-----w c:\program files\Fast Browser SearchP
2009-04-03 20:56 . 2009-04-03 20:56 -------- d-----w c:\program files\Fast Browser Search
2009-04-01 19:07 . 2009-04-01 19:07 -------- d-----w C:\_OTListIt
2009-03-31 22:23 . 2009-04-23 16:49 530083 ----a-w C:\HC4DecommissionScheduler.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-23 19:35 . 2008-05-28 21:48 -------- d-----w c:\program files\BellSouth
2009-04-16 01:38 . 2009-03-25 20:52 21016 ----a-w c:\documents and settings\ty zook\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-02 20:42 . 2009-01-30 00:07 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-03-26 21:49 . 2009-01-30 00:07 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-26 21:49 . 2009-01-30 00:07 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-26 19:14 . 2009-03-23 19:18 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-03-25 17:27 . 2009-03-25 17:27 -------- d-----w c:\program files\ERUNT
2009-03-23 19:18 . 2009-03-23 19:18 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-03-23 19:18 . 2009-03-23 19:18 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-03-23 19:18 . 2009-03-23 19:18 -------- d-----w c:\program files\AVG
2009-03-06 14:44 . 2003-10-15 17:06 283648 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-01-21 21:16 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2004-12-15 20:35 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 10:20 . 2004-04-12 15:02 399360 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:20 . 2001-08-23 12:00 723456 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:20 . 2001-08-23 12:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:20 . 2001-08-23 12:00 616960 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:19 . 2001-08-23 12:00 1846272 ----a-w c:\windows\system32\win32k.sys
2009-02-06 17:24 . 2001-08-23 12:00 2180480 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 17:14 . 2001-08-23 12:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 16:54 . 2001-08-23 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 16:49 . 2001-08-17 13:48 2057728 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-05 00:16 . 2009-02-05 00:16 410984 ----a-w c:\windows\system32\deploytk.dll
2009-02-03 20:08 . 2003-10-15 17:06 55808 ----a-w c:\windows\system32\secur32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-02-10 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-02-10 118784]
"DellTouch"="c:\windows\MMKeybd.exe" [2002-01-16 163840]
"EM_EXEC"="c:\progra~1\Logitech\SYSTEM\EM_EXEC.EXE" [2002-05-24 28672]
"IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-05 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"ISW.exe"="c:\program files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 2061816]
"HelpCenter4.1"="c:\program files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe" [2007-06-29 198184]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-23 1932568]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-23 19:18 10520 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1156801106\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1156801106\\ee\\aim6.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Guest\\Application Data\\MySpace\\IM\\bin\\MySpaceIM.exe"=
"c:\\Program Files\\att-nap\\McciBrowser.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service; [x]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-03-23 325640]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-03-26 108552]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-03-23 908056]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-23 298264]
S2 Nhksrv;Netropa NHK Server;c:\windows\Nhksrv.exe [2002-01-16 28672]
S3 Msikbd2k;DellTouch;c:\windows\system32\DRIVERS\msikbd2k.sys [2002-01-16 6656]
S3 qic157;qic157;c:\windows\system32\DRIVERS\qic157.sys [2004-08-04 6016]

.
Contents of the 'Scheduled Tasks' folder

2009-04-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-Download - c:\program files\Bellsouth\HelpCenter\ssGet.exe 120 http://patttbc.att.m...T_Installer.exe
HKLM-Run-FBSearch - c:\program files\Fast Browser SearchP\FastBrowserSearchProtectionV.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.net/
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: &Search
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-28 14:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
FBSearch = c:\program files\Fast Browser SearchP\FastBrowserSearchProtectionV.exe?e?). For purposes of this EU

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(676)
c:\windows\system32\igfxsrvc.dll
c:\windows\system32\hccutils.DLL
.
Completion time: 2009-04-28 14:49
ComboFix-quarantined-files.txt 2009-04-28 19:48

Pre-Run: 65,444,864,000 bytes free
Post-Run: 66,101,014,528 bytes free

155 --- E O F --- 2009-04-15 08:07
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP