Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help I picked up a virus

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Help I picked up a virus

Unread postby golf1here » March 28th, 2008, 5:16 pm

Help I picked up a virus. May I ask for your help once again? I have managed to stay virus free for quite a while now but I just picked up something today. Here s my log file. Thank you, Golf

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:12, on 08-03-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\NetProject\scit.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NetProject\sbmntr.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\NetProject\scm.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\NetProject\sbsm.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - C:\Program Files\NetProject\sbmdl.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DelayShred] "C:\Program Files\McAfee\MSHR\ShrCL.EXE" /P7 /q C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\HSPERF~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\QURV86L4\HP300X~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\MVDMMQT1\PARTNE~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\DT5D9DAL\DORITO~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\BANIYQFM\AM_WIN~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\DT5D9DAL\PARTNE~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\BANIYQFM\_SZ_16~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\BANIYQFM\GUIDE_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\QURV86L4\B25102~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\6AAHTEKP\B24854~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\TS6IWO8M\ADS_2_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\1Q53L1ZJ\ADS_4_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\1Q53L1ZJ\ADS_3_~1.SH! C:\DOCUME~1\COMPAQ~1\
O4 - HKCU\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\K06ARDC9\ADS_2_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\3PSKMBAG\ADS_2_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\3PSKMBAG\ADS_1_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\K06ARDC9\ADS_3_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\GA1H79F1\ADS_2_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\K06ARDC9\PPOST_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\K06ARDC9\INDEX_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\HC4DCGCS\APARTM~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\HC4DCGCS\THS_1_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\13CMG078\MAIN_1~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\MRHZ7BGO\1_1_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\MRHZ7BGO\INDEX_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\E78O5Q02\ARCHIV~
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
O4 - Startup: WinPatrol.lnk = C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: *.ameritrade.com
O15 - Trusted Zone: http://*.download.microsoft.com
O15 - Trusted Zone: *.tdameritrade.com
O15 - Trusted Zone: http://*.update.microsoft.com
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3483485342
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O22 - SharedTaskScheduler: bimaculate - {d70e9b0f-aabc-4066-8176-c6de84d92fa1} - C:\WINDOWS\system32\kknwg.dll
O23 - Service: McAfee Application Installer Cleanup (0196051206738216) (0196051206738216mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\019605~1.EXE
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

--
End of file - 10874 bytes
golf1here
Regular Member
 
Posts: 77
Joined: December 8th, 2005, 8:47 pm
Advertisement
Register to Remove

Re: Help I picked up a virus

Unread postby Scotty » March 29th, 2008, 6:59 am

Hi! Welcome to the MWR forums.
My name is Scotty. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research.

Please be patient as my posts to you have to be checked before I reply, so they make take longer.

Please make a uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in a reply.
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

Re: Help I picked up a virus

Unread postby golf1here » March 29th, 2008, 1:05 pm

Hi Sotty, Thank you for your help! I can't open Hijackthis now. . A little window pops up and says out of memory. I tried to uninstall it and the same window pops up. I tried to download it again and the same window pops up. Help! Thank you.
Golf
golf1here
Regular Member
 
Posts: 77
Joined: December 8th, 2005, 8:47 pm

Re: Help I picked up a virus

Unread postby golf1here » March 29th, 2008, 1:14 pm

Hi Scotty,
I was able to open Hijack this by going to my program files and opened it from there. Here is the uninstall list:

Acoustica MP3 CD Burner
Ad-Aware 2007
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Help Center 2.0
Adobe MPEG Encoder
Adobe Premiere Pro 2.0
Adobe Reader 8.1.1
Adobe Stock Photos 1.0
AltoMP3 Gold 5.10
APHS VoiceStream
Apple Mobile Device Support
Apple Software Update
ArcSoft Camera Suite 1.3
Avery DesignPro
AVI MPEG Video Converter
AVS DVD Player version 2.3
CCleaner (remove only)
Cleaner 5 EZ
Compaq Connections
Coupon Printer for Windows
DivX
DivX Player
DVD Decrypter (Remove Only)
DVD Shrink 3.2
e-motional Greeting Card Creator 1.20
eMule
Express Burn
Flock 1.1
Google Earth
Greeting Card Creator 32
GSpot Codec Information Appliance
Help and Support Additions
High Definition Audio Driver Package - KB835221
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB926239)
HP Image Zone 3.5
HP Photo and Imaging 1.0 - Scanjet 3500c Series
HP PSC & OfficeJet 3.5
HP Software Update
Image Resizer Powertoy for Windows XP
Intel(R) Extreme Graphics Driver
InterActual Player
Internet Service
InterVideo DeviceService
InterVideo WinDVD 8
iTunes
Java(TM) 6 Update 3
Kaspersky Online Scanner
KBD
LabelCreator Pro
LimeWire 4.16.6
Macromedia Flash Player 8
McAfee SecurityCenter
MemoriesOnTV 3.1.7
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Standard Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (2.0.0.7)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
MWSnap 3
Nero 7
neroxml
overland
Panda ActiveScan
PC-Doctor for Windows
PrintMaster Gold 3.00
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
QuickBooks Product Listing Service
QuickBooks Simple Start Edition
Quicken 2005
QuickTime
RealPlayer
RegCure 1.3.0.2
Replay Music 2.51
Secure Browsing
Security Task Manager 1.7e
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Sonic Express Labeler
Sonic RecordNow!
Sonic Update Manager
Sony USB Driver
SpywareBlaster 4.0
SupportSoft Assisted Service
Switch
Triscape FxFoto
Update for Windows XP (KB920342)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
URGE
VideoReDo/Plus Version 2.5.5.512
WavePad Uninstall
WinAVIVideoConverter
Windows Defender
Windows Defender Signatures
Windows Installer Clean Up
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Safety Alert
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB891781
WinPatrol
WinZip
Wise Registry Cleaner 1.4
Xilisoft MP3 CD Burner
Yahoo! Photos Easy Upload Tool
Yahoo! SiteBuilder
Yahoo! Toolbar
golf1here
Regular Member
 
Posts: 77
Joined: December 8th, 2005, 8:47 pm

Re: Help I picked up a virus

Unread postby Scotty » March 29th, 2008, 5:35 pm

Hi

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back in your next reply with a new HijackThis log.
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

Re: Help I picked up a virus

Unread postby golf1here » March 29th, 2008, 8:02 pm

Hin Scotty,

I am still getting the pop ups and sytem alert. Also Win Patrol has dtedted a change in the following monitored file c:\windows\system32\drivers\etc\hosts should I acceptchange or reject change? Thanks again,Here are the reports:


SDFix: Version 1.164

Run by Compaq_Owner on 08-03-29 at 16:34

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default IE HomePage

Rebooting


Checking Files :

Trojan Files Found:

C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url - Deleted
C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url - Deleted
C:\Program Files\NetProject\ot.ico - Deleted
C:\Program Files\NetProject\sbmdl.dll - Deleted
C:\Program Files\NetProject\sbmntr.exe - Deleted
C:\Program Files\NetProject\sbsm.exe - Deleted
C:\Program Files\NetProject\sbun.exe - Deleted
C:\Program Files\NetProject\scit.exe - Deleted
C:\Program Files\NetProject\scm.exe - Deleted
C:\Program Files\NetProject\scu.exe - Deleted
C:\Program Files\NetProject\ts.ico - Deleted
C:\Program Files\NetProject\wamdl.dll - Deleted
C:\Program Files\NetProject\waun.exe - Deleted



Folder C:\Program Files\NetProject - Removed
Folder C:\WINDOWS\system32\375013 - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-29 16:42:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3EC8374E-5BB3-18C1-BDDF-92CA8F7993AB}]
"iajbcjpicihibbdmmm"=hex:69,61,64,69,63,6f,65,6e,6d,61,62,6c,6e,6a,62,67,6e,6d,00,00
"hapbijdlbfhfjimi"=hex:69,61,64,69,63,6f,65,6e,6d,61,62,6c,6e,6a,62,67,6e,6d,00,00

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"="C:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe:*:Enabled:BackWeb for Presario"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Disabled:RealPlayer"
"C:\\WINDOWS\\system32\\fxsclnt.exe"="C:\\WINDOWS\\system32\\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\\Program Files\\WinMX\\WinMX.exe"="C:\\Program Files\\WinMX\\WinMX.exe:*:Enabled:WinMX Application"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare\\BearShare.exe:*:Enabled:BearShare"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\WINDOWS\\system32\\mshta.exe"="C:\\WINDOWS\\system32\\mshta.exe:*:Enabled:Microsoft (R) HTML Application host"
"C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"="C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe:*:Enabled:HP Software Update Client"
"C:\\Program Files\\Lavasoft\\Ad-Aware SE Personal\\Ad-Aware.exe"="C:\\Program Files\\Lavasoft\\Ad-Aware SE Personal\\Ad-Aware.exe:*:Enabled:Ad-Aware SE Personal"
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"="C:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe:*:Enabled:QuickBooks 2007 Data Manager"
"C:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"="C:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe:*:Enabled:WinDVD"
"C:\\Program Files\\Netscape\\Netscape Browser\\netscape.exe"="C:\\Program Files\\Netscape\\Netscape Browser\\netscape.exe:*:Enabled:Netscape"
"C:\\Program Files\\Grouper\\grouper.exe"="C:\\Program Files\\Grouper\\grouper.exe:*:Enabled:Grouper"
"C:\\Program Files\\Replay Music 2\\ReplayMusic.exe"="C:\\Program Files\\Replay Music 2\\ReplayMusic.exe:*:Enabled:Replay Music"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe:*:Disabled:Nero ShowTime"
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"="C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\\iTunes\\iTunes.exe"="%ProgramFiles%\\iTunes\\iTunes.exe:*:enabled:iTunes"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Thu 10 Feb 2005 213 A.SHR --- "C:\BOOT.BAK"
Tue 29 Mar 2005 56 ..SHR --- "C:\WINDOWS\system32\A99018CD99.sys"
Thu 1 Sep 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 1 Feb 2008 192 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti27C.tmp"
Fri 28 Mar 2008 20,487 A.SHR --- "C:\Program Files\McAfee\MQC\MRU.bak"
Fri 28 Mar 2008 265 A.SHR --- "C:\Program Files\McAfee\MQC\qcconf.bak"
Thu 30 Aug 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Tue 22 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT6.tmp"
Thu 1 Sep 2005 4,348 ...H. --- "C:\Documents and Settings\Compaq_Owner\My Documents\My Music\License Backup\drmv1key.bak"
Wed 9 Nov 2005 20 A..H. --- "C:\Documents and Settings\Compaq_Owner\My Documents\My Music\License Backup\drmv1lic.bak"
Wed 9 Nov 2005 400 A.SH. --- "C:\Documents and Settings\Compaq_Owner\My Documents\My Music\License Backup\drmv2key.bak"
Fri 3 Nov 2006 569,344 A.SH. --- "C:\Documents and Settings\Compaq_Owner\My Documents\My Pictures\101CANON\SIV35.tmp"
Fri 20 Jul 2007 487,424 A..H. --- "C:\Documents and Settings\Compaq_Owner\My Documents\My Pictures\102CANON\SIV151.tmp"
Fri 20 Jul 2007 487,424 A.SH. --- "C:\Documents and Settings\Compaq_Owner\My Documents\My Pictures\My thailand 2007\102CANON\SIV151.tmp"

Finished!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:01, on 08-03-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DelayShred] "C:\Program Files\McAfee\MSHR\ShrCL.EXE" /P7 /q C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\HSPERF~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\QURV86L4\HP300X~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\MVDMMQT1\PARTNE~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\DT5D9DAL\DORITO~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\BANIYQFM\AM_WIN~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\DT5D9DAL\PARTNE~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\BANIYQFM\_SZ_16~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\BANIYQFM\GUIDE_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\QURV86L4\B25102~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\6AAHTEKP\B24854~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\TS6IWO8M\ADS_2_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\1Q53L1ZJ\ADS_4_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\1Q53L1ZJ\ADS_3_~1.SH! C:\DOCUME~1\COMPAQ~1\
O4 - HKCU\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\K06ARDC9\ADS_2_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\3PSKMBAG\ADS_2_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\3PSKMBAG\ADS_1_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\K06ARDC9\ADS_3_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\GA1H79F1\ADS_2_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\K06ARDC9\PPOST_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\K06ARDC9\INDEX_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\HC4DCGCS\APARTM~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\HC4DCGCS\THS_1_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\13CMG078\MAIN_1~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\MRHZ7BGO\1_1_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\MRHZ7BGO\INDEX_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\E78O5Q02\ARCHIV~
O4 - Startup: WinPatrol.lnk = C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: *.ameritrade.com
O15 - Trusted Zone: http://*.download.microsoft.com
O15 - Trusted Zone: *.tdameritrade.com
O15 - Trusted Zone: http://*.update.microsoft.com
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3483485342
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O22 - SharedTaskScheduler: bimaculate - {d70e9b0f-aabc-4066-8176-c6de84d92fa1} - C:\WINDOWS\system32\kknwg.dll
O23 - Service: McAfee Application Installer Cleanup (0196051206738216) (0196051206738216mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\019605~1.EXE (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

--
End of file - 10091 bytes
golf1here
Regular Member
 
Posts: 77
Joined: December 8th, 2005, 8:47 pm

Re: Help I picked up a virus

Unread postby Scotty » March 30th, 2008, 10:01 am

Hi

Allow the Hosts file change. SDFix restores the original Windows Hosts file.


Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Post that log back here with a new HijackThis log.
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

Re: Help I picked up a virus

Unread postby golf1here » March 30th, 2008, 4:45 pm

Hi Scotty,

That seemed to get rid of the virus but now I can't open Internet Explorer. I get an error saying that IE has encountered a problem and needs to close. Thanks again. Here are the log files:

Malwarebytes' Anti-Malware 1.09
Database version: 569

Scan type: Full Scan (A:\|C:\|D:\|G:\|H:\|I:\|J:\|K:\|L:\|)
Objects scanned: 161192
Time elapsed: 1 hour(s), 36 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 11
Registry Values Infected: 5
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 27

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\system32\kknwg.dll (Trojan.Zlob) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{d70e9b0f-aabc-4066-8176-c6de84d92fa1} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cpbrkpie.coupon6ctrl.1 (Adware.CouponBar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.CouponBar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a85a5e6a-de2c-4f4e-99dc-f469df5a0eec} (Adware.CouponBar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e94eb13e-d78f-0857-7734-5e67a49ffff1} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{db9fba9d-ab1b-4cc6-9745-f3b549d64e40} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\NetProject (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Service (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Secure Browsing (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\videoPl.chl (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{d70e9b0f-aabc-4066-8176-c6de84d92fa1} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{db9fba9d-ab1b-4cc6-9745-f3b549d64e40} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\kknwg.dll (Trojan.Zlob) -> Delete on reboot.
C:\WINDOWS\CouponPrinter.ocx (Adware.CouponBar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP781\A0071533.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP781\A0071534.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP781\A0071535.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP781\A0071663.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP781\A0071664.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP781\A0071665.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP781\A0071697.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP781\A0071698.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP781\A0071699.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP781\A0071700.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP781\A0071701.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP781\A0071702.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP781\A0071703.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP781\A0071705.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP781\A0071706.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP781\A0071712.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP781\A0071713.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP781\A0071714.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP781\A0071715.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP781\A0071716.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP781\A0071717.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP781\A0071718.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP781\A0071721.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP781\A0071722.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Favorites\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:44, on 08-03-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Flock\flock\flock.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DelayShred] "C:\Program Files\McAfee\MSHR\ShrCL.EXE" /P7 /q C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\HSPERF~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\QURV86L4\HP300X~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\MVDMMQT1\PARTNE~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\DT5D9DAL\DORITO~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\BANIYQFM\AM_WIN~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\DT5D9DAL\PARTNE~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\BANIYQFM\_SZ_16~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\BANIYQFM\GUIDE_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\QURV86L4\B25102~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\6AAHTEKP\B24854~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\TS6IWO8M\ADS_2_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\1Q53L1ZJ\ADS_4_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\1Q53L1ZJ\ADS_3_~1.SH! C:\DOCUME~1\COMPAQ~1\
O4 - HKCU\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\K06ARDC9\ADS_2_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\3PSKMBAG\ADS_2_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\3PSKMBAG\ADS_1_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\K06ARDC9\ADS_3_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\GA1H79F1\ADS_2_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\K06ARDC9\PPOST_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\K06ARDC9\INDEX_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\HC4DCGCS\APARTM~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\HC4DCGCS\THS_1_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\13CMG078\MAIN_1~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\MRHZ7BGO\1_1_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\MRHZ7BGO\INDEX_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\E78O5Q02\ARCHIV~
O4 - Startup: WinPatrol.lnk = C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: *.ameritrade.com
O15 - Trusted Zone: http://*.download.microsoft.com
O15 - Trusted Zone: *.tdameritrade.com
O15 - Trusted Zone: http://*.update.microsoft.com
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3483485342
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O23 - Service: McAfee Application Installer Cleanup (0196051206738216) (0196051206738216mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\019605~1.EXE (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

--
End of file - 9975 bytes
golf1here
Regular Member
 
Posts: 77
Joined: December 8th, 2005, 8:47 pm

Re: Help I picked up a virus

Unread postby golf1here » March 30th, 2008, 5:55 pm

Hi Scotty,
IE seems to be working fine now. Go figure?
golf1here
Regular Member
 
Posts: 77
Joined: December 8th, 2005, 8:47 pm

Re: Help I picked up a virus

Unread postby Scotty » March 31st, 2008, 3:35 pm

Hi

Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:

      + Extended(If available otherwise Standard)
    • Scan Options:

      + Scan Archives
      + Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button
  • Save the file to your desktop.
  • Copy and paste that information in your next post with a new HijackThis log.

With the exception of Internet Explorer, which is needed for the Kaspersky Scan, keep ALL programs closed until the scan is complete. This includes your anti-virus. Once you have installed the Scanner, and the updated definitions, you can disconnect from the Internet.Re-enable the anti-virus before reconnecting to the Internet.
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

Re: Help I picked up a virus

Unread postby golf1here » April 1st, 2008, 12:33 pm

Hi Scotty,
Here are the reports:

KASPERSKY ONLINE SCANNER REPORT
08-04-01 08:52
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 31/03/2008
Kaspersky Anti-Virus database records: 675122


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\

Scan Statistics
Total number of scanned objects 128281
Number of viruses found 4
Number of infected objects 10
Number of suspicious objects 0
Duration of the scan process 03:06:51

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{7B68B356-819E-4874-A20E-1100FECFA808}.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{E39DC2E1-9C2A-4D0F-8431-FE736D369765}.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR5.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-01022007-094509.log Object is locked skipped

C:\Documents and Settings\Compaq_Owner\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Compaq_Owner\Desktop\Download_mbam-setup.exe Infected: not-a-virus:Downloader.Win32.WinFixer.fs skipped

C:\Documents and Settings\Compaq_Owner\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\Compaq_Owner\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\Compaq_Owner\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped

C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Compaq_Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Perflib_Perfdata_534.dat Object is locked skipped

C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\~DF3C6.tmp Object is locked skipped

C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\~DF3D7.tmp Object is locked skipped

C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\~DF70FF.tmp Object is locked skipped

C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Compaq_Owner\ntuser.dat Object is locked skipped

C:\Documents and Settings\Compaq_Owner\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\SDFix\backups\backups.zip/backups/wamdl.dll Infected: Trojan-Downloader.Win32.Zlob.kiy skipped

C:\SDFix\backups\backups.zip ZIP: infected - 1 skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP784\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{BEC9F4D4-27A4-41D7-AD2A-96B137FB0B47}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\temp\Cookies\index.dat Object is locked skipped

C:\WINDOWS\temp\History\History.IE5\index.dat Object is locked skipped

C:\WINDOWS\temp\mcafee_MR7utg16WLy0gcZ Object is locked skipped

C:\WINDOWS\temp\mcmsc_3zaVTQF3oMsAKXI Object is locked skipped

C:\WINDOWS\temp\mcmsc_kaLTFsJsgZpKGud Object is locked skipped

C:\WINDOWS\temp\mcmsc_lrT8t7W5SfLX4rx Object is locked skipped

C:\WINDOWS\temp\mcmsc_qYFmE6JZrmABJkX Object is locked skipped

C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

L:\limewire\01 Track 1 (dance).wm Infected: Trojan-Downloader.WMA.Wimad.k skipped

L:\limewire\07 Track 7 (dance).wm Infected: Trojan-Downloader.WMA.Wimad.k skipped

L:\limewire\Eighties classic (dance).wm Infected: Trojan-Downloader.WMA.Wimad.k skipped

L:\limewire\Wicked Remix (dance).wm Infected: Trojan-Downloader.WMA.Wimad.k skipped

L:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:32, on 08-04-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DelayShred] "C:\Program Files\McAfee\MSHR\ShrCL.EXE" /P7 /q C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\HSPERF~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\QURV86L4\HP300X~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\MVDMMQT1\PARTNE~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\DT5D9DAL\DORITO~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\BANIYQFM\AM_WIN~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\DT5D9DAL\PARTNE~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\BANIYQFM\_SZ_16~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\BANIYQFM\GUIDE_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\QURV86L4\B25102~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\6AAHTEKP\B24854~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\TS6IWO8M\ADS_2_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\1Q53L1ZJ\ADS_4_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\1Q53L1ZJ\ADS_3_~1.SH! C:\DOCUME~1\COMPAQ~1\
O4 - HKCU\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\K06ARDC9\ADS_2_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\3PSKMBAG\ADS_2_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\3PSKMBAG\ADS_1_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\K06ARDC9\ADS_3_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\GA1H79F1\ADS_2_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\K06ARDC9\PPOST_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\K06ARDC9\INDEX_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\HC4DCGCS\APARTM~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\HC4DCGCS\THS_1_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\13CMG078\MAIN_1~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\MRHZ7BGO\1_1_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\MRHZ7BGO\INDEX_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\E78O5Q02\ARCHIV~
O4 - S-1-5-18 Startup: WinPatrol.lnk = C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: WinPatrol.lnk = C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (User 'Default user')
O4 - Startup: WinPatrol.lnk = C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: *.ameritrade.com
O15 - Trusted Zone: http://*.download.microsoft.com
O15 - Trusted Zone: *.tdameritrade.com
O15 - Trusted Zone: http://*.update.microsoft.com
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3483485342
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O23 - Service: McAfee Application Installer Cleanup (0196051206738216) (0196051206738216mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\019605~1.EXE (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

--
End of file - 10426 bytes
golf1here
Regular Member
 
Posts: 77
Joined: December 8th, 2005, 8:47 pm

Re: Help I picked up a virus

Unread postby golf1here » April 2nd, 2008, 12:01 pm

Hi Scotty,
Yesterday when I ran the scan I didn't notice I was to close all programs first. I still haven't been able to figure out how to close my McAfee program but I closed everything else and ran it again. Here it is:
KASPERSKY ONLINE SCANNER REPORT
08-04-02 08:50
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 1/04/2008
Kaspersky Anti-Virus database records: 676500


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\

Scan Statistics
Total number of scanned objects 128254
Number of viruses found 5
Number of infected objects 14
Number of suspicious objects 0
Duration of the scan process 03:10:10

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{7B68B356-819E-4874-A20E-1100FECFA808}.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR5.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-01022007-094509.log Object is locked skipped

C:\Documents and Settings\Compaq_Owner\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Compaq_Owner\Desktop\Download_mbam-setup.exe Infected: not-a-virus:Downloader.Win32.WinFixer.fs skipped

C:\Documents and Settings\Compaq_Owner\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\Compaq_Owner\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\Compaq_Owner\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped

C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Compaq_Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\~DF954C.tmp Object is locked skipped

C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\~DF955D.tmp Object is locked skipped

C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\~DFC08.tmp Object is locked skipped

C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Compaq_Owner\ntuser.dat Object is locked skipped

C:\Documents and Settings\Compaq_Owner\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\SDFix\backups\backups.zip/backups/wamdl.dll Infected: Trojan-Downloader.Win32.Zlob.kiy skipped

C:\SDFix\backups\backups.zip ZIP: infected - 1 skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP784\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\temp\Cookies\index.dat Object is locked skipped

C:\WINDOWS\temp\History\History.IE5\index.dat Object is locked skipped

C:\WINDOWS\temp\mcmsc_3BmrDQwGtd3EcLH Object is locked skipped

C:\WINDOWS\temp\mcmsc_BNqdIxH3GjZeFMB Object is locked skipped

C:\WINDOWS\temp\mcmsc_hoaSlE9RhbHuqyu Object is locked skipped

C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

G:\my music\Mak\better tom baxter.mp3 Infected: Trojan-Downloader.WMA.Wimad.n skipped

L:\limewire\01 Track 1 (dance).wm Infected: Trojan-Downloader.WMA.Wimad.k skipped

L:\limewire\07 Track 7 (dance).wm Infected: Trojan-Downloader.WMA.Wimad.k skipped

L:\limewire\Eighties classic (dance).wm Infected: Trojan-Downloader.WMA.Wimad.k skipped

L:\limewire\Wicked Remix (dance).wm Infected: Trojan-Downloader.WMA.Wimad.k skipped

L:\maks music\better tom baxter.mp3 Infected: Trojan-Downloader.WMA.Wimad.n skipped

L:\NOI 7 MAK IPOD\better tom baxter.mp3 Infected: Trojan-Downloader.WMA.Wimad.n skipped

L:\Noi's ipod\better tom baxter.mp3 Infected: Trojan-Downloader.WMA.Wimad.n skipped

L:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:59, on 08-04-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DelayShred] "C:\Program Files\McAfee\MSHR\ShrCL.EXE" /P7 /q C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\HSPERF~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\QURV86L4\HP300X~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\MVDMMQT1\PARTNE~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\DT5D9DAL\DORITO~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\BANIYQFM\AM_WIN~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\DT5D9DAL\PARTNE~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\BANIYQFM\_SZ_16~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\BANIYQFM\GUIDE_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\QURV86L4\B25102~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\6AAHTEKP\B24854~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\TS6IWO8M\ADS_2_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\1Q53L1ZJ\ADS_4_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\1Q53L1ZJ\ADS_3_~1.SH! C:\DOCUME~1\COMPAQ~1\
O4 - HKCU\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\K06ARDC9\ADS_2_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\3PSKMBAG\ADS_2_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\3PSKMBAG\ADS_1_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\K06ARDC9\ADS_3_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\GA1H79F1\ADS_2_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\K06ARDC9\PPOST_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\K06ARDC9\INDEX_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\HC4DCGCS\APARTM~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\HC4DCGCS\THS_1_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\13CMG078\MAIN_1~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\MRHZ7BGO\1_1_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\MRHZ7BGO\INDEX_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\E78O5Q02\ARCHIV~
O4 - S-1-5-18 Startup: WinPatrol.lnk = C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: WinPatrol.lnk = C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (User 'Default user')
O4 - Startup: WinPatrol.lnk = C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: *.ameritrade.com
O15 - Trusted Zone: http://*.download.microsoft.com
O15 - Trusted Zone: *.tdameritrade.com
O15 - Trusted Zone: http://*.update.microsoft.com
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3483485342
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O23 - Service: McAfee Application Installer Cleanup (0196051206738216) (0196051206738216mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\019605~1.EXE (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

--
End of file - 10255 bytes
golf1here
Regular Member
 
Posts: 77
Joined: December 8th, 2005, 8:47 pm

Re: Help I picked up a virus

Unread postby Scotty » April 3rd, 2008, 2:32 pm

Hello

P2P Warning!
Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation
Additional information on the safety of Peer to Peer programs themselves is here :
Clean/Infected P2P Programs


Navigate to and delete the following files and/or folder:

Files:
L:\limewire\01 Track 1 (dance).wm
L:\limewire\07 Track 7 (dance).wm
L:\limewire\Eighties classic (dance).wm
L:\limewire\Wicked Remix (dance).wm
C:\Documents and Settings\Compaq_Owner\Desktop\SmitfraudFix.exe
C:\Documents and Settings\Compaq_Owner\Desktop\SDFix

Folders:
C:\SDFix


Delete the older versions of Java and download the newest.
Please follow these steps to remove older version Java components.
  1. Close any programmes you may have running, ESPECIALLY your web browser
  2. Click Start > Control Panel.
  3. Click Add/Remove Programs.
  4. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  5. Click the Remove or Change/Remove button.
  6. Repeat as many times as necessary to remove all versions of Java.
  7. Reboot your computer once all Java components are removed.
Then download the latest version of Java Runtime Environment (JRE) (4th one down the list), which is JRE6u5, and click Yes at the page warning. Under "Platform" select Windows, then check the box to accept the Licence Agreement. Click Yes at the second page warning before downloading the Offline file.


Finally post back a new HijackThis log, and let me know if you are still having any problems.
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

Re: Help I picked up a virus

Unread postby golf1here » April 3rd, 2008, 4:02 pm

Hi Scotty,
Thank you very much! Everything seems to be working great! Thank you very much fdor your help. Here is the log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:35, on 08-04-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Windows Defender\MSASCui.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DelayShred] "C:\Program Files\McAfee\MSHR\ShrCL.EXE" /P7 /q C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\HSPERF~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\QURV86L4\HP300X~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\MVDMMQT1\PARTNE~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\DT5D9DAL\DORITO~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\BANIYQFM\AM_WIN~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\DT5D9DAL\PARTNE~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\BANIYQFM\_SZ_16~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\BANIYQFM\GUIDE_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\QURV86L4\B25102~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\6AAHTEKP\B24854~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\TS6IWO8M\ADS_2_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\1Q53L1ZJ\ADS_4_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\1Q53L1ZJ\ADS_3_~1.SH! C:\DOCUME~1\COMPAQ~1\
O4 - HKCU\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\K06ARDC9\ADS_2_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\3PSKMBAG\ADS_2_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\3PSKMBAG\ADS_1_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\K06ARDC9\ADS_3_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\GA1H79F1\ADS_2_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\K06ARDC9\PPOST_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\K06ARDC9\INDEX_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\HC4DCGCS\APARTM~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\HC4DCGCS\THS_1_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\13CMG078\MAIN_1~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\MRHZ7BGO\1_1_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\MRHZ7BGO\INDEX_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5\E78O5Q02\ARCHIV~
O4 - S-1-5-18 Startup: WinPatrol.lnk = C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: WinPatrol.lnk = C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (User 'Default user')
O4 - Startup: WinPatrol.lnk = C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: *.ameritrade.com
O15 - Trusted Zone: http://*.download.microsoft.com
O15 - Trusted Zone: *.tdameritrade.com
O15 - Trusted Zone: http://*.update.microsoft.com
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3483485342
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O23 - Service: McAfee Application Installer Cleanup (0196051206738216) (0196051206738216mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\019605~1.EXE (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

--
End of file - 10286 bytes
golf1here
Regular Member
 
Posts: 77
Joined: December 8th, 2005, 8:47 pm

Re: Help I picked up a virus

Unread postby Scotty » April 8th, 2008, 5:43 am

My apologies, I missed your reply. Ill be right back.
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 483 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware