WiredWX Hobby Weather ToolsLog in

 


Pretty sure I have a virus

2 posters

descriptionPretty sure I have a virus EmptyPretty sure I have a virus

more_horiz
I have recently obtained a very annoying virus. I ran the information from your site and here are my results.  Thanks for your help! Lance

descriptionPretty sure I have a virus EmptyRe: Pretty sure I have a virus

more_horiz
checkup file

descriptionPretty sure I have a virus EmptyRe: Pretty sure I have a virus

more_horiz
adwcleaner

descriptionPretty sure I have a virus EmptyRe: Pretty sure I have a virus

more_horiz
Mbamb

descriptionPretty sure I have a virus EmptyRe: Pretty sure I have a virus

more_horiz
Every minute or so, my computer will sound out a USB Connection.

descriptionPretty sure I have a virus EmptyRe: Pretty sure I have a virus

more_horiz
Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.  

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
Every minute or so, my computer will sound out a USB Connection. .

I don't understand this. Could you please give me more info?
*************************************************
1. Download this diagnostics tool MGADiag.ext and save this to your Desktop.
2. Double-click on MGADiag.exe and click Continue
3. When the program has finished, click on Copy
4. Post the results in your next reply.
***************************************
Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.


First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
****************************************
Please download Junkware Removal Tool to your desktop.

Warning! Once the scan is complete JRT will shut down your browser with NO warning.

Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

Pretty sure I have a virus Junkware-icon

•The tool will open and start scanning your system. At the Command Prompt, you’ll need to press any key to perform a scan.

Pretty sure I have a virus Junkware-removal-tool

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.
***************************************************
Download Combofix from any of the links below, and save it to your DESKTOP.  
If your version of Windows defaults to you download folder you will need to copy it to your desktop.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with  ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click ComboFix.exe to run it.

    You will see the following image:

Pretty sure I have a virus NSIS_disclaimer_ENG

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

Pretty sure I have a virus NSIS_extraction

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to  have this pre-installed on your machine before doing any malware  removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair  mode that will allow us to more easily help you should your computer  have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.

Pretty sure I have a virus RcAuto1

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Pretty sure I have a virus Whatnext

Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

descriptionPretty sure I have a virus EmptyRe: Pretty sure I have a virus

more_horiz
When I plug in a USB device to the front of my computer, it pops up in my command bar that their is a USB device detected. That detection comes with an audible sound. That sound keeps popping up every few minutes on my computer, and when it does, it either freezes my computer, or slows it for a few seconds. I will run these and post results. Thank you!!

descriptionPretty sure I have a virus EmptyRe: Pretty sure I have a virus

more_horiz
I haven't seen the other logs yet.

descriptionPretty sure I have a virus EmptyRe: Pretty sure I have a virus

more_horiz
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-4QTVT-T3BV2-C96V8
Windows Product Key Hash: Sv7INy2VH4NRrkl/y2qnEiQEt44=
Windows Product ID: 76487-OEM-2211906-00103
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010100.2.0.pro
ID: {69F7893B-92B4-44DC-9340-4C06538F226A}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.40.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.9.40.0
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Professional Edition 2003 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-b01a_E2AD56EA-766-0_E2AD56EA-148-80004005_16E0B333-89-80004005_B4D0AA8B-1029-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: {69F7893B-92B4-44DC-9340-4C06538F226A}1.9.0027.05.1.2600.2.00010100.2.0.prox32*****-*****-*****-*****-C96V876487-OEM-2211906-001032S-1-5-21-3152786837-564042706-46695988Gateway 9310S Intel Corp.SE91510J.15A.2525.2005.0414.161020050414000000.000000+000Gateway,Gateway,Gateway,Gateway17BE3E470184407D04090409Pacific Standard Time(GMT-08:00)02Gateway9310S100100Microsoft Office Professional Edition 20031137B4EEEB6AFCDF3KAkDniDSAMrt1HZhCJ/mjzPYADc=70145-761-4776981-570961

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 1E848:emachines inc|1E848:Gateway, Inc|1E840:Gateway, Inc
Marker string from OEMBIOS.DAT: Gateway,Gateway,Gateway,Gateway

OEM Activation 2.0 Data-->
N/A

descriptionPretty sure I have a virus EmptyRe: Pretty sure I have a virus

more_horiz
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Microsoft Windows XP x86
Ran by Administrator on Mon 03/17/2014 at 17:13:24.90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\bigfix"





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 03/17/2014 at 17:21:41.59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

descriptionPretty sure I have a virus EmptyRe: Pretty sure I have a virus

more_horiz
Were you able to run ComboFix?

descriptionPretty sure I have a virus EmptyRe: Pretty sure I have a virus

more_horiz
I attempted to run it a few times this morning. It was taking a bit of time. I will run it this evening and post results tomorrow morning.

Thanks for all your help!
Lance

descriptionPretty sure I have a virus EmptyRe: Pretty sure I have a virus

more_horiz
Lance Forney wrote:
I attempted to run it a few times this morning.  It was taking a bit of time. I will run it this evening and post results tomorrow morning.

Thanks for all your help!
Lance

Ok, please keep me informed.

descriptionPretty sure I have a virus EmptyRe: Pretty sure I have a virus

more_horiz
ComboFix 14-03-16.01 - Administrator 03/18/2014 17:06:46.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3046.2367 [GMT -7:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AVG AntiVirus 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{9786E1A5-2E7F-4801-91A9-EF3D4F91683E}\RP1632\A0210077.exe
.
.
((((((((((((((((((((((((( Files Created from 2014-02-19 to 2014-03-19 )))))))))))))))))))))))))))))))
.
.
2014-03-18 21:42 . 2014-03-18 21:53 -------- d-----w- C:\access
2014-03-18 16:57 . 2014-03-18 16:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG2014
2014-03-18 16:56 . 2014-03-18 16:56 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Avg2014
2014-03-18 16:56 . 2014-03-18 16:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\TuneUp Software
2014-03-18 16:55 . 2014-03-18 16:55 -------- d-----w- C:\$AVG
2014-03-18 16:55 . 2014-03-18 16:56 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2014
2014-03-18 16:53 . 2014-03-18 22:02 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2014-03-18 16:53 . 2014-03-18 16:56 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Avg2014
2014-03-18 16:53 . 2014-03-18 16:53 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\MFAData
2014-03-18 00:13 . 2014-03-18 00:13 -------- d-----w- c:\windows\ERUNT
2014-03-17 23:46 . 2014-03-17 23:45 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-03-17 23:36 . 2014-03-17 23:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2014-03-08 00:47 . 2014-03-08 00:55 -------- d-----w- C:\AdwCleaner
2014-03-08 00:20 . 2014-03-08 00:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2014-03-08 00:20 . 2014-03-08 00:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2014-03-08 00:20 . 2014-03-08 00:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-03-08 00:20 . 2013-04-04 22:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-17 23:45 . 2010-09-01 16:24 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-03-03 16:22 . 2012-08-29 15:21 42784 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2014-01-30 18:55 . 2014-01-30 18:25 73216 ----a-w- c:\windows\ST6UNST.EXE
2014-01-20 04:46 . 2014-01-20 04:46 22808 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\documents and settings\Administrator\Local Settings\Application Data\Akamai\netsession_win.exe" [2013-06-05 4489472]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-25 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"Gateway Extended Warranty"="c:\program files\Gateway\GWCares\GWCares.exe" [2004-02-08 73728]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"CHotkey"="mHotkey.exe" [2004-09-21 550400]
"ShowWnd"="ShowWnd.exe" [2003-09-19 36864]
"ledpointer"="CNYHKey.exe" [2004-03-03 5576704]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-08-13 61952]
"Mixersel"="c:\program files\Realtek\InstallShield\mixersel.exe" [2003-11-11 369664]
"SoundMan"="SOUNDMAN.EXE" [2004-10-21 77824]
"AlcWzrd"="ALCWZRD.EXE" [2004-10-22 2744832]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-07-06 98304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2014-01-22 4962320]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-3-5 10872]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2014\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1069:TCP"= 1069:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [11/25/2013 9:56 PM 149272]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [10/31/2013 10:30 PM 222520]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/10/2013 12:43 AM 27448]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [11/25/2013 9:49 PM 120600]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [11/25/2013 9:56 PM 210712]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [1/19/2014 9:46 PM 22808]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/31/2013 11:00 PM 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [8/1/2013 4:08 PM 193848]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [8/29/2012 8:21 AM 42784]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [5/26/2004 12:30 PM 14336]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [1/22/2014 12:19 PM 3788816]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [9/24/2013 1:33 AM 348008]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [3/7/2014 5:20 PM 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/7/2014 5:20 PM 701512]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [10/8/2012 5:04 PM 166912]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/7/2014 5:20 PM 22856]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files\Autodesk\Content Service\Connect.Service.ContentService.exe [2/2/2011 3:08 PM 18656]
S2 vToolbarUpdater18.0.0;vToolbarUpdater18.0.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe --> c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe [?]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [5/17/2013 8:50 AM 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [10/8/2012 5:04 PM 21248]
S3 WPEServ;WPEServ;c:\program files\Common Files\WPE\wpeserv.exe [3/9/2007 12:39 PM 323584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-17 15:45 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-26 21:02]
.
2014-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-16 22:33]
.
2014-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-16 22:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
uInternet Settings,ProxyOverride =
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com
TCP: Interfaces\{83953282-6822-4422-9D17-5544F0E7543B}: NameServer = 4.2.2.1,4.2.2.2
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-Weather - c:\program files\AWS\WeatherBug\Weather.exe
AddRemove-BigFix - c:\program files\BigFix\Uninst.isu
AddRemove-Topcon Link v.8 - c:\documents and settings\All Users\Application Data\{A599C51D-52F6-44B7-868A-E282F23A19EF}\TopconLinkSetup.8.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-03-18 19:25
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_8fa3539.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3152786837-564042706-46695988-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,13,13,2e,01,1f,a4,04,41,b7,46,01,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,58,de,8c,ee,07,74,3b,46,8f,f1,9a,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,60,6f,e6,18,12,33,50,4a,8d,0e,bd,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,60,6f,e6,18,12,33,50,4a,8d,0e,bd,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,60,6f,e6,18,12,33,50,4a,8d,0e,bd,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1304)
c:\windows\system32\WININET.dll
c:\windows\system32\AcSignIcon.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\program files\Common Files\Autodesk Shared\AcSignCore16.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\mHotkey.exe
c:\windows\CNYHKey.exe
c:\windows\SOUNDMAN.EXE
c:\windows\ALCWZRD.EXE
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Completion time: 2014-03-18 19:33:09 - machine was rebooted
ComboFix-quarantined-files.txt 2014-03-19 02:33
.
Pre-Run: 50,098,872,320 bytes free
Post-Run: 60,338,827,264 bytes free
.
- - End Of File - - D92AFF3AD28851D8D52571E667312CF9
B20939CD98B7710036274839082AE757

descriptionPretty sure I have a virus EmptyRe: Pretty sure I have a virus

more_horiz
Here are the combo fix results. Thanks!

descriptionPretty sure I have a virus EmptyRe: Pretty sure I have a virus

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum