WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


UNOWN VIRUS

3 posters

descriptionUNOWN VIRUS - Page 1 EmptyRe: UNOWN VIRUS10th May 2009, 10:15 am

more_horiz
Combo Fix Log Part 1 :ComboFix 09-05-08.03 - Sachin 10/05/2009 20:08.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1014.556 [GMT 10:00]
Running from: c:\documents and settings\Sachin\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\IE4 Error Log.txt

.
((((((((((((((((((((((((( Files Created from 2009-04-10 to 2009-05-10 )))))))))))))))))))))))))))))))
.

2009-05-09 20:11 . 2009-05-09 20:11 -------- d-----w C:\db1b252966fcaf2a7a6a17f5
2009-05-09 09:45 . 2009-05-09 09:45 -------- d--h--w c:\windows\PIF
2009-05-09 03:25 . 2009-05-09 03:25 -------- d-----w C:\b9c72a595bad00161290
2009-05-08 09:00 . 2009-05-08 09:00 -------- d-----w C:\51e10784afcf560d81df
2009-05-08 08:52 . 2009-05-08 08:52 -------- d-----w C:\24666bd8615e1f5a24b87816e8
2009-05-07 21:46 . 2009-05-07 21:46 -------- d-----w C:\95d559c4049e0c0e546fbaa615c3
2009-05-07 11:19 . 2009-05-07 11:19 -------- d-----w C:\4d061dbb97808dfdbd61ca25e955
2009-05-07 05:43 . 2009-05-07 05:43 -------- d-----w C:\168ef2098fb0c3c800f9475c2253f4
2009-05-06 11:22 . 2009-05-06 11:22 -------- d-----w C:\fddd79bbd7f45733d10d6b9f366d
2009-05-05 06:19 . 2009-05-05 06:19 -------- d-----w C:\c73c16d745851fd7788ec54573d6bd73
2009-05-05 06:08 . 2009-05-05 06:08 -------- d-----w C:\11673c1e8d2db2b39689
2009-05-05 06:04 . 2009-05-05 06:04 -------- d-----w C:\6fbc72d38a4bb4a75aeb8d4b6496d1d5
2009-05-05 05:56 . 2009-05-05 05:56 -------- d-----w C:\29c219ebda3850a974ae
2009-05-05 05:27 . 2009-05-05 05:27 -------- d-----w C:\68d3a1eeb2519b4430
2009-05-04 12:25 . 2009-05-04 12:25 -------- d-----w C:\39b5633542121fa4b79e
2009-05-03 22:07 . 2009-05-03 22:07 -------- d-----w C:\9433ccfcd4fcc4274e313ea625
2009-05-03 22:00 . 2009-05-03 22:00 -------- d-----w C:\3257a866a8440bf7e5a322
2009-05-03 11:28 . 2009-05-03 11:28 -------- d-----w C:\c2abe9c822491f8b6a7ce2
2009-05-01 23:11 . 2009-05-01 23:11 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2009-05-01 22:56 . 2009-05-01 22:56 -------- d-----w C:\2297372a13f96eb76026a9
2009-05-01 08:58 . 2009-05-01 08:58 -------- d-----w C:\53eaa7ee0c863f0ef879dca9
2009-05-01 08:52 . 2009-05-01 08:52 -------- d-----w C:\336aaff6f854eea427642e11
2009-05-01 08:39 . 2009-05-01 08:39 -------- d-----w C:\818876746628e39a8131
2009-05-01 08:33 . 2009-05-01 08:33 -------- d-----w C:\fdd411b8bf4abbbf92841b24eee6
2009-05-01 08:24 . 2009-05-01 08:24 -------- d-----w C:\d70f92684c3bd5899c969d223dba5b87
2009-05-01 08:20 . 2009-05-01 08:20 -------- d-----w C:\69a1c8af19cafa47fa99
2009-04-30 22:08 . 2009-04-30 22:09 -------- d-----w C:\e6c174ad9c7736a10ff18023212dc5
2009-04-30 22:04 . 2009-04-30 22:04 -------- d-----w C:\b18c54a9480d8fe34913
2009-04-30 21:59 . 2009-04-30 21:59 -------- d-----w C:\242eae73176f5d554bab064a63
2009-04-30 12:10 . 2009-04-30 12:10 -------- d-----w C:\c9be7a086aeafcce587b
2009-04-30 06:12 . 2009-03-24 06:08 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-04-30 06:12 . 2009-04-30 06:12 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-04-30 06:12 . 2009-04-30 06:12 -------- d-----w c:\program files\Avira
2009-04-17 23:24 . 2009-04-17 23:24 -------- d-----w c:\documents and settings\Sachin\Application Data\Malwarebytes
2009-04-17 23:24 . 2009-04-06 05:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-17 23:24 . 2009-04-06 05:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-17 23:24 . 2009-04-17 23:24 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-17 23:24 . 2009-04-17 23:24 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-17 13:12 . 2009-04-17 13:12 -------- d-----w c:\documents and settings\Sachin\Local Settings\Application Data\jZip
2009-04-17 13:06 . 2009-04-17 13:06 -------- d-----w c:\program files\Trend Micro
2009-04-17 11:17 . 2009-04-17 11:17 -------- d-----w c:\documents and settings\Sachin\Application Data\MSNInstaller
2009-04-17 04:32 . 2009-04-17 04:32 -------- d-----w c:\windows\system32\Adobe
2009-04-16 00:21 . 2008-10-16 04:06 208744 ----a-w c:\windows\system32\muweb.dll
2009-04-16 00:21 . 2008-10-16 04:06 268648 ----a-w c:\windows\system32\mucltui.dll
2009-04-15 23:59 . 2009-03-06 14:00 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-15 23:59 . 2005-07-26 04:20 60416 -c----w c:\windows\system32\dllcache\colbact.dll
2009-04-15 23:59 . 2009-02-06 09:54 35328 -c----w c:\windows\system32\dllcache\sc.exe
2009-04-15 23:59 . 2009-02-09 10:01 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 23:59 . 2009-02-06 10:22 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-15 23:59 . 2009-02-09 10:01 473088 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 23:59 . 2009-02-06 09:41 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 23:59 . 2009-02-09 10:01 728576 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 23:59 . 2009-02-09 10:01 617984 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 23:59 . 2009-02-09 10:01 715264 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 23:59 . 2008-04-21 10:02 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-15 08:11 . 2009-05-10 10:02 -------- d-----w c:\documents and settings\Sachin\Tracing
2009-04-15 08:10 . 2009-04-15 08:10 -------- d-----w c:\program files\Microsoft
2009-04-15 08:09 . 2009-04-15 08:09 -------- d-----w c:\program files\Windows Live SkyDrive
2009-04-15 08:09 . 2009-04-15 08:10 -------- d-----w c:\program files\Windows Live
2009-04-15 07:55 . 2009-04-15 07:55 -------- d-----w c:\program files\Common Files\Windows Live
2009-04-14 07:46 . 2009-04-14 07:46 -------- d-----w c:\documents and settings\Sachin\Local Settings\Application Data\Adobe
2009-04-13 21:43 . 2009-05-01 08:32 70832 ----a-w c:\documents and settings\Sachin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-13 14:00 . 2009-04-13 14:00 -------- d-----w c:\documents and settings\Sachin\Application Data\vlc

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-18 13:09 . 2006-08-31 23:48 -------- d-----w c:\program files\Microsoft Works
2009-04-14 06:50 . 2008-12-29 03:57 -------- d-----w c:\program files\RndLabs
2009-04-14 05:59 . 2008-12-25 09:27 -------- d-----w c:\program files\Accountants Office
2009-04-05 01:33 . 2009-03-27 22:26 -------- d-----w c:\program files\Pando Networks
2009-04-01 06:24 . 2006-08-31 23:04 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-28 20:14 . 2009-03-28 20:14 -------- d-----w c:\program files\Common Files\INCA Shared
2009-03-26 05:33 . 2009-03-21 23:56 -------- d-----w c:\program files\Hotspot_Shield
2009-03-21 23:56 . 2009-03-21 23:56 -------- d-----w c:\program files\Conduit
2009-03-06 14:00 . 2006-08-31 21:40 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-20 08:14 . 2006-08-31 21:40 668160 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:14 . 2006-08-31 21:40 81920 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 10:19 . 2006-08-31 21:40 1846272 ----a-w c:\windows\system32\win32k.sys
.

.

descriptionUNOWN VIRUS - Page 1 EmptyRe: UNOWN VIRUS10th May 2009, 10:16 am

more_horiz
Combo Fix part 2:
------- Sigcheck -------

[-] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\svchost.exe
[-] 2004-08-04 12:00 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\system32\svchost.exe

[-] 2005-03-02 18:19 577024 1800F293BCCC8EDE8A70E12B88D80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2004-08-04 12:00 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\user32.dll
[-] 2005-03-02 18:09 577024 DE2DB164BBB35DB061AF0997E4499054 c:\windows\system32\user32.dll

[-] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\ws2_32.dll
[-] 2004-08-04 12:00 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\system32\ws2_32.dll

[-] 2008-10-16 01:00 666112 1576318BF08D28CC61D1278114AD8D5B c:\windows\$hf_mig$\KB958215\SP3GDR\wininet.dll
[-] 2008-10-16 01:04 667136 E8FCE58A470999350F64C591557F9E42 c:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll
[-] 2009-02-20 08:10 666112 5B6A3EB7BB2F338BC2CB9F2FA4AAEA9E c:\windows\$hf_mig$\KB963027\SP3GDR\wininet.dll
[-] 2009-02-20 07:50 667648 711FEABED387B29FF7ED61BC6806A06C c:\windows\$hf_mig$\KB963027\SP3QFE\wininet.dll
[-] 2004-08-04 12:00 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\$NtUninstallKB916281$\wininet.dll
[-] 2006-05-10 05:25 663552 D94CFFDB53E7AC867438E2DFD50E7CBC c:\windows\$NtUninstallKB958215$\wininet.dll
[-] 2008-10-16 10:20 667648 93C9D0A216498EE14EB9B26119BB95EE c:\windows\$NtUninstallKB963027$\wininet.dll
[-] 2008-04-14 00:12 666112 7A4F775ABB2F1C97DEF3E73AFA2FAEDD c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\wininet.dll
[-] 2009-02-20 08:14 668160 1EA0E6DD74199209D60991FD46CE8643 c:\windows\system32\wininet.dll
[-] 2009-02-20 08:14 668160 1EA0E6DD74199209D60991FD46CE8643 c:\windows\system32\dllcache\wininet.dll

[-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2004-08-04 12:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\tcpip.sys
[-] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\system32\drivers\tcpip.sys

[-] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\winlogon.exe
[-] 2004-08-04 12:00 502272 01C3346C241652F43AED8E2149881BFE c:\windows\system32\winlogon.exe

[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\ndis.sys
[-] 2004-08-04 12:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\drivers\ndis.sys

[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\ip6fw.sys
[-] 2004-08-04 12:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\drivers\ip6fw.sys

[-] 2005-03-01 23:36 2056832 D8ABA3EAB509627E707A3B14F00FBB6B c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2009-02-07 09:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[-] 2009-02-06 10:30 2066176 607352B9CB3D708C67F6039097801B5A c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 09:33 2066048 4AC58F03EB94A72809949D757FC39D80 c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[-] 2008-08-14 05:39 2066048 A25E9B86EFFB2AF33BF51E676B68BFB0 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2004-08-04 12:00 2056832 947FB1D86D14AFCFFDB54BF837EC25D0 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
[-] 2005-03-02 00:34 2056832 81013F36B21C7F72CF784CC6731E0002 c:\windows\$NtUninstallKB896256$\ntkrnlpa.exe
[-] 2008-08-14 09:18 2020864 501FDE895F35DF1DAE49FD54BBF9D396 c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[-] 2005-09-28 23:35 2015744 48472D224E1703882B4DE0E28E205E9B c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2009-02-06 09:49 2062976 9D832AF3FD1917DB0E1E8B2F000A2E3A c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2008-04-13 18:31 2065792 109F8E3E3C82E337BB71B6BC9B895D61 c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\ntkrnlpa.exe
[-] 2009-02-06 09:49 2020864 243223E3FB74B68DFFBB41989F33DFB3 c:\windows\system32\ntkrnlpa.exe
[-] 2009-02-06 09:49 2062976 9D832AF3FD1917DB0E1E8B2F000A2E3A c:\windows\system32\dllcache\ntkrnlpa.exe

[-] 2005-03-02 01:04 2179456 28187802B7C368C0D3AEF7D4C382AABB c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[-] 2009-02-07 09:35 2189184 EFE8EACE83EAAD5849A7A548FB75B584 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 10:11 2189184 EEAF32F8E15A24F62BECB1BD403BB5C5 c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[-] 2008-08-14 06:11 2189184 31914172342BFF330063F343AC6958FE c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2004-08-04 12:00 2180992 CE218BC7088681FAA06633E218596CA7 c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
[-] 2005-03-02 00:59 2179328 4D4CF2C14550A4B7718E94A6E581856E c:\windows\$NtUninstallKB896256$\ntoskrnl.exe
[-] 2008-08-14 09:55 2142720 60794EA12961B7341AD54C731B50AE15 c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2005-09-29 00:02 2136064 25C36DBC46E8EFF2A811769A60715AC5 c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[-] 2009-02-06 10:32 2186112 6A936E9D7BADAF3CAAEED1E1966EC1B0 c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2008-04-13 19:27 2188928 0C89243C7C3EE199B96FCC16990E0679 c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\ntoskrnl.exe
[-] 2009-02-06 10:29 2142720 19A791C5DFE59AA9BB1461C4957004F6 c:\windows\system32\ntoskrnl.exe
[-] 2009-02-06 10:32 2186112 6A936E9D7BADAF3CAAEED1E1966EC1B0 c:\windows\system32\dllcache\ntoskrnl.exe

[-] 2004-08-04 12:00 1032192 A0732187050030AE399B241436565E64 c:\windows\explorer.exe
[-] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\explorer.exe

[-] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[-] 2009-02-06 11:06 110592 020CEAAEDC8EB655B6506B8C70D53BB6 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2004-08-04 12:00 108032 C6CE6EEC82F187615D1002BB3BB50ED4 c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 00:12 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\services.exe
[-] 2009-02-06 10:22 110592 4712531AB7A01B7EE059853CA17D39BD c:\windows\system32\services.exe
[-] 2009-02-06 10:22 110592 4712531AB7A01B7EE059853CA17D39BD c:\windows\system32\dllcache\services.exe

[-] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\lsass.exe
[-] 2004-08-04 12:00 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\system32\lsass.exe

[-] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\ctfmon.exe
[-] 2004-08-04 12:00 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\system32\ctfmon.exe

[-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2004-08-04 12:00 57856 7435B108B935E42EA92CA94F59C8E717 c:\windows\$NtUninstallKB896423$\spoolsv.exe
[-] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\spoolsv.exe
[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\system32\spoolsv.exe

[-] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\userinit.exe
[-] 2004-08-04 12:00 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\system32\userinit.exe

[-] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\termsrv.dll
[-] 2004-08-04 12:00 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\system32\termsrv.dll

[-] 2009-03-21 13:54 989184 80202858D245FF07DAA1739C57A3E19B c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[-] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[-] 2009-03-21 13:59 991744 DA11D9D6ECBDF0F93436A4B7C13F7BEC c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2004-08-04 12:00 983552 888190E31455FAD793312F8D087146EB c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 00:11 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\kernel32.dll
[-] 2009-03-21 14:18 986112 B6ACAED7588295129791E0E6A2B0FADE c:\windows\system32\kernel32.dll
[-] 2009-03-21 14:18 986112 B6ACAED7588295129791E0E6A2B0FADE c:\windows\system32\dllcache\kernel32.dll

[-] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\powrprof.dll
[-] 2004-08-04 12:00 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\system32\powrprof.dll

[-] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\imm32.dll
[-] 2004-08-04 12:00 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\system32\imm32.dll

[-] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\sfcfiles.dll
[-] 2004-08-04 12:00 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\system32\sfcfiles.dll

descriptionUNOWN VIRUS - Page 1 EmptyRe: UNOWN VIRUS10th May 2009, 10:17 am

more_horiz
Cobo Fix Log Part 3: ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2006-02-02 73728]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-08-02 364544]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-02 761948]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 122880]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-06 1077322]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-07-02 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-07-02 700416]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2006-04-26 299008]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2005-05-31 282624]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" - c:\windows\system32\TDispVol.exe [2005-03-11 73728]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-08-23 16050688]
"NDSTray.exe"="NDSTray.exe" [BU]
"CFSServ.exe"="CFSServ.exe" [BU]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2006-03-18 89541]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [30/04/2009 4:12 PM 108289]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [10/02/2007 5:29 AM 29178224]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [29/06/2006 4:50 AM 98816]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Sachin\Application Data\Mozilla\Firefox\Profiles\536f4od1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-10 20:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-05-10 20:11
ComboFix-quarantined-files.txt 2009-05-10 10:11

Pre-Run: 83,742,453,760 bytes free
Post-Run: 83,784,302,592 bytes free

259 --- E O F --- 2009-05-09 20:15

descriptionUNOWN VIRUS - Page 1 EmptyRe: UNOWN VIRUS10th May 2009, 5:18 pm

more_horiz
* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
  • Back at the main window, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found: UNOWN VIRUS - Page 1 Check
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    UNOWN VIRUS - Page 1 Move
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.




Try to run DDS again


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    Link 1
    Link 2
  • Double click DDS.scr to run
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.

descriptionUNOWN VIRUS - Page 1 EmptyRe: UNOWN VIRUS11th May 2009, 12:05 pm

more_horiz
DDS FILE:

DDS (Ver_09-03-16.01) - NTFSx86
Run by Sachin at 22:02:47.48 on Mon 11/05/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1014.625 [GMT 10:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Sachin\Desktop\dds.pif

============== Pseudo HJT Report ===============

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: jZip Webmail plugin: {647fd14a-c4f1-46f4-8fc3-0b40f54226f7} - c:\program files\jzip\WebmailPlugin.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [TPSMain] TPSMain.exe
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [TFncKy] TFncKy.exe
mRun: [TDispVol] TDispVol.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [SkyTel] SkyTel.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [DDWMon] c:\program files\toshiba\toshiba direct disc writer\\ddwmon.exe
mRun: [CFSServ.exe] CFSServ.exe -NoClient
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [AGRSMMSG] AGRSMMSG.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sachin\applic~1\mozilla\firefox\profiles\536f4od1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-4-30 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-4-30 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-4-30 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-4-30 55640]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2007-2-10 29178224]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2006-6-29 98816]

=============== Created Last 30 ================

2009-05-11 22:02 388,608 a------- c:\windows\system32\CF617.exe
2009-05-11 22:02 --d----- C:\ComboFix
2009-05-11 19:57 --d----- c:\documents and settings\sachin\DoctorWeb
2009-05-11 16:03 --d----- C:\b4807194bf73b5de7e756a72e1
2009-05-11 15:41 --d----- C:\db667816641ea5dd71e1490f
2009-05-10 21:26 --d----- C:\b2d9a2ee49f5edd353023b
2009-05-10 20:04 --d----- C:\cmdcons
2009-05-10 20:02 161,792 a------- c:\windows\SWREG.exe
2009-05-10 20:02 98,816 a------- c:\windows\sed.exe
2009-05-10 06:11 --d----- C:\db1b252966fcaf2a7a6a17f5
2009-05-09 19:45 --d-h--- c:\windows\PIF
2009-05-09 13:25 --d----- C:\b9c72a595bad00161290
2009-05-08 19:00 --d----- C:\51e10784afcf560d81df
2009-05-08 18:52 --d----- C:\24666bd8615e1f5a24b87816e8
2009-05-08 07:46 --d----- C:\95d559c4049e0c0e546fbaa615c3
2009-05-07 21:19 --d----- C:\4d061dbb97808dfdbd61ca25e955
2009-05-07 15:43 --d----- C:\168ef2098fb0c3c800f9475c2253f4
2009-05-06 21:22 --d----- C:\fddd79bbd7f45733d10d6b9f366d
2009-05-05 16:19 --d----- C:\c73c16d745851fd7788ec54573d6bd73
2009-05-05 16:08 --d----- C:\11673c1e8d2db2b39689
2009-05-05 16:04 --d----- C:\6fbc72d38a4bb4a75aeb8d4b6496d1d5
2009-05-05 15:56 --d----- C:\29c219ebda3850a974ae
2009-05-05 15:27 --d----- C:\68d3a1eeb2519b4430
2009-05-04 22:25 --d----- C:\39b5633542121fa4b79e
2009-05-04 08:07 --d----- C:\9433ccfcd4fcc4274e313ea625
2009-05-04 08:00 --d----- C:\3257a866a8440bf7e5a322
2009-05-03 21:28 --d----- C:\c2abe9c822491f8b6a7ce2
2009-05-02 09:10 --d----- c:\windows\pss
2009-05-02 08:56 --d----- C:\2297372a13f96eb76026a9
2009-05-01 18:58 --d----- C:\53eaa7ee0c863f0ef879dca9
2009-05-01 18:52 --d----- C:\336aaff6f854eea427642e11
2009-05-01 18:39 --d----- C:\818876746628e39a8131
2009-05-01 18:33 --d----- C:\fdd411b8bf4abbbf92841b24eee6
2009-05-01 18:24 --d----- C:\d70f92684c3bd5899c969d223dba5b87
2009-05-01 18:20 --d----- C:\69a1c8af19cafa47fa99
2009-05-01 08:08 --d----- C:\e6c174ad9c7736a10ff18023212dc5
2009-05-01 08:04 --d----- C:\b18c54a9480d8fe34913
2009-05-01 07:59 --d----- C:\242eae73176f5d554bab064a63
2009-04-30 22:10 --d----- C:\c9be7a086aeafcce587b
2009-04-30 16:12 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-04-30 16:12 --d----- c:\program files\Avira
2009-04-30 16:12 --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-04-18 09:24 --d----- c:\docume~1\sachin\applic~1\Malwarebytes
2009-04-18 09:24 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-18 09:24 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-18 09:24 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-18 09:24 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-17 23:06 --d----- c:\program files\Trend Micro
2009-04-17 21:17 --d----- c:\docume~1\sachin\applic~1\MSNInstaller
2009-04-17 14:32 --d----- c:\windows\system32\Adobe
2009-04-16 10:21 268,648 a------- c:\windows\system32\mucltui.dll
2009-04-16 10:21 208,744 a------- c:\windows\system32\muweb.dll
2009-04-16 10:21 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-04-15 18:11 --d----- c:\documents and settings\sachin\Tracing
2009-04-15 18:10 --d----- c:\program files\Microsoft
2009-04-15 18:09 --d----- c:\program files\Windows Live SkyDrive
2009-04-15 17:55 --d----- c:\program files\common files\Windows Live

==================== Find3M ====================

2009-03-07 00:00 284,160 a------- c:\windows\system32\pdh.dll
2009-02-20 18:14 668,160 a------- c:\windows\system32\wininet.dll
2009-02-20 18:14 81,920 a------- c:\windows\system32\ieencode.dll

============= FINISH: 22:03:08.78 ===============

descriptionUNOWN VIRUS - Page 1 EmptyRe: UNOWN VIRUS12th May 2009, 1:09 am

more_horiz
Please download the OTMoveIt3 by OldTimer.

  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :processes
    c:\windows\sed.exe
    c:\windows\system32\CF617.exe


  • Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.



Please download GooredFix and save it to your Desktop. Double-click GooredFix.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt). Note: Do not run Option #2 yet.

descriptionUNOWN VIRUS - Page 1 EmptyRe: UNOWN VIRUS12th May 2009, 6:19 am

more_horiz
LOG OTMOVE:

========== PROCESSES ==========
Unable to kill process: c:\windows\sed.exe
Unable to kill process: c:\windows\system32\CF617.exe

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05122009_161546

LOG GOORED FIX:

GooredFix v1.92 by jpshortstuff
Log created at 16:18 on 12/05/2009 running Option #1 (Sachin)
Firefox version 3.0.10 (en-GB)

=====Suspect Goored Entries=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

descriptionUNOWN VIRUS - Page 1 EmptyRe: UNOWN VIRUS

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum