Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

extremely bad virus which disabled my firewall


  • Please log in to reply
3 replies to this topic

#1 Freezer Boy

Freezer Boy

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ
  • Local time:08:09 PM

Posted 22 February 2009 - 08:47 PM

On Thursday night I somehow got my computer infected from a website I think. The next morning my computer starting acting really weird with tons of pop-ups and going extremely slow. Every time I ran a scanner on my computer it just shut down to the blue screen. I then noticed that my firewall had been turned off. I've tried almost everything I know to get it back on, but all the options are grayed out, so my firewall has been off for some time now. I'm using the firewall that comes with windows xp. Eventually I started up my computer in safe mode and was able to run some anti-virus scanners and anti-malware scanners. It deleted tons of infections but it didn't get everything.

I'm not sure what the name of the virus I have is but I noticed AVG keeps finding something called win32/heur and every time I delete it, it just keeps coming back. I also noticed something that was starting every time my computer restarted that when I googled it, I found out it was pretty dangerous. It's called reader_s. I disabled it from starting up, but that doesn't seem to be doing much.

I'm not the best with computers so I hope I explained everything good, If you need me to be more clear with anything please let me know. This virus I have is unlike anything I've ever had on my computer before.


DDS (Ver_09-02-01.01) - NTFSx86
Run by Zac at 20:26:56.50 on Sun 02/22/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1067 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\AstSrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\Administrator.WHEEZY\reader_s.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\FirefoxPreloader\FirefoxPreloader.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\ehome\McrdSvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Logitech\SetPoint\LU\LULnchr.exe
C:\Program Files\Logitech\SetPoint\LU\LogitechUpdate.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\FirefoxPreloader\FirefoxPreloader.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Documents and Settings\Zac\My Documents\Downloads\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\temp\init.exe,c:\windows\system32\actcontroller.exe,c:\windows\system32\ndetect.exe,c:\windows\system32\c++.exe,
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.4.2\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
EB: Groove Folder Synchronization: {2a541ae1-5bf6-4665-a8a3-cfa9672e4291} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [reader_s] c:\documents and settings\zac\reader_s.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [EPSON Stylus Photo R220 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [services] c:\windows\services.exe
mRun: [reader_s] c:\windows\system32\reader_s.exe
dRun: [bndhebtq.exe] c:\windows\bndhebtq.exe
dRun: [reader_s] c:\documents and settings\administrator.wheezy\reader_s.exe
dRun: [phkakizx.exe] c:\windows\phkakizx.exe
StartupFolder: c:\docume~1\zac\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\extend~1.lnk - c:\windows\ehome\RMSysTry.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\firefo~1.lnk - c:\program files\firefoxpreloader\FirefoxPreloader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\orbit.lnk - c:\program files\orbitdownloader\orbitdm.exe
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.4.2\gears.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} - hxxp://simcity.ea.com/update/EARTPX.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} - hxxp://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
Notify: WB - c:\program files\alienguise\fastload.dll
AppInit_DLLs: c:\progra~1\google\google~4\GOEC62~1.DLL,wbsys.dll
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - No File
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\hgGwXroL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\zac\applic~1\mozilla\firefox\profiles\8u2qq2oc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - IMDb
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?sourceid=navclient-ff&ie=UTF-8&rlz=1B3GGGL_enUS269US269&hl=en&source=iglk
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=chrff-brandt_off&type=000115X001US&p=
FF - component: c:\documents and settings\zac\application data\mozilla\firefox\profiles\8u2qq2oc.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\google\google gears\firefox\components\gears.dll
FF - plugin: c:\program files\google\google updater\2.4.1508.6312\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll

============= SERVICES / DRIVERS ===============

R0 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2009-2-12 42376]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-12 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-19 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-10-13 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-19 107272]
R1 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2009-2-12 66952]
R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2009-2-12 81288]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-1-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 55024]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-19 298264]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 950096]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]
S0 frotz;frotz;c:\windows\system32\drivers\itnnjdo.sys --> c:\windows\system32\drivers\itnnjdo.sys [?]
S1 etharwmq;etharwmq;c:\windows\system32\drivers\etharwmq.sys --> c:\windows\system32\drivers\etharwmq.sys [?]
S1 ethdzjfj;ethdzjfj;c:\windows\system32\drivers\ethdzjfj.sys --> c:\windows\system32\drivers\ethdzjfj.sys [?]
S1 ethesbka;ethesbka;c:\windows\system32\drivers\ethesbka.sys --> c:\windows\system32\drivers\ethesbka.sys [?]
S1 ethijyid;ethijyid;c:\windows\system32\drivers\ethijyid.sys --> c:\windows\system32\drivers\ethijyid.sys [?]
S1 ethqszbg;ethqszbg;c:\windows\system32\drivers\ethqszbg.sys --> c:\windows\system32\drivers\ethqszbg.sys [?]
S1 ethtpwvt;ethtpwvt;c:\windows\system32\drivers\ethtpwvt.sys --> c:\windows\system32\drivers\ethtpwvt.sys [?]
S1 ethuupal;ethuupal;c:\windows\system32\drivers\ethuupal.sys --> c:\windows\system32\drivers\ethuupal.sys [?]
S1 ethxbgrt;ethxbgrt;c:\windows\system32\drivers\ethxbgrt.sys --> c:\windows\system32\drivers\ethxbgrt.sys [?]
S2 gupdate1c97f2ad90f87c;Google Update Service (gupdate1c97f2ad90f87c);c:\program files\google\update\GoogleUpdate.exe [2009-1-25 133104]
S2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2009-1-6 19456]

=============== Created Last 30 ================

2009-02-22 09:41 36,864 a------- c:\windows\system32\28.tmp
2009-02-22 09:41 67,585 a------- c:\windows\system32\25.tmp
2009-02-22 09:41 64,512 a------- c:\windows\system32\c++.exe
2009-02-22 09:41 12,782 a------- c:\windows\system32\23.tmp
2009-02-22 09:41 212 a------- c:\windows\system32\21.tmp
2009-02-22 08:57 36,864 a------- c:\windows\system32\1F.tmp
2009-02-22 08:57 67,585 a------- c:\windows\system32\1C.tmp
2009-02-22 08:57 25,601 a------- c:\windows\system32\1B.tmp
2009-02-22 08:57 212 a------- c:\windows\system32\17.tmp
2009-02-22 08:20 36,864 a------- c:\windows\system32\E.tmp
2009-02-22 08:19 67,585 a------- c:\windows\system32\C.tmp
2009-02-22 08:19 212 a------- c:\windows\system32\2.tmp
2009-02-21 21:05 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\~0
2009-02-21 20:47 67,585 a------- c:\windows\system32\A.tmp
2009-02-21 20:47 168 a------- c:\windows\system32\7.tmp
2009-02-21 20:32 <DIR> --d----- c:\windows\pss
2009-02-21 19:55 37,376 a------- c:\windows\system32\8.tmp
2009-02-21 19:55 168 a------- c:\windows\system32\4.tmp
2009-02-19 19:52 208 a------- c:\windows\system32\38.tmp
2009-02-19 19:43 208 a------- c:\windows\system32\33.tmp
2009-02-19 19:33 208 a------- c:\windows\system32\31.tmp
2009-02-19 19:10 <DIR> --d----- c:\windows\setup.pss
2009-02-19 18:56 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-02-19 18:46 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-02-19 18:46 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-02-19 18:46 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-02-19 18:46 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-02-19 18:46 <DIR> --d----- c:\program files\AVG
2009-02-19 18:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-02-19 18:33 208 a------- c:\windows\system32\2F.tmp
2009-02-19 18:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-02-19 18:12 208 a------- c:\windows\system32\2C.tmp
2009-02-19 17:13 88,065 a------- c:\windows\system32\2B.tmp
2009-02-19 17:13 208 a------- c:\windows\system32\27.tmp
2009-02-19 16:27 <DIR> --d----- c:\docume~1\zac\applic~1\SUPERAntiSpyware.com
2009-02-19 16:13 208 a------- c:\windows\system32\22.tmp
2009-02-19 16:10 208 a------- c:\windows\system32\1A.tmp
2009-02-19 15:59 0 a------- c:\windows\system32\3E.tmp
2009-02-19 15:44 88,065 a------- c:\windows\system32\1D.tmp
2009-02-19 14:49 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-02-19 14:47 168 a------- c:\windows\system32\16.tmp
2009-02-19 14:43 0 a------- c:\windows\system32\18.tmp
2009-02-19 14:43 168 a------- c:\windows\system32\14.tmp
2009-02-19 14:37 664 a------- c:\windows\system32\d3d9caps.dat
2009-02-19 14:34 4 a------- c:\windows\pmmxbtml
2009-02-19 06:20 16,341 a--sh--- c:\windows\system32\HjllkUtv.ini2
2009-02-19 05:59 1,104 a------- c:\windows\hdmgvjdr
2009-02-19 05:26 19,805 a----r-- c:\windows\system32\drivers\usbio.sys.bak
2009-02-19 05:26 93,872 a----r-- c:\windows\system32\drivers\sscdmdm.sys.bak
2009-02-19 05:26 73,696 a----r-- c:\windows\system32\drivers\sscdserd.sys.bak
2009-02-19 05:26 58,352 a----r-- c:\windows\system32\drivers\sscdbus.sys.bak
2009-02-19 05:26 8,272 a----r-- c:\windows\system32\drivers\sscdmdfl.sys.bak
2009-02-19 05:22 182,656 ac------ c:\windows\system32\dllcache\ndis.sys
2009-02-17 17:16 25,088 a------- c:\windows\system32\drivers\rglmbzxb.sys
2009-02-16 19:36 28,672 a------- c:\windows\system32\regclass.dll
2009-02-16 19:36 <DIR> --d----- c:\program files\FirefoxPreloader
2009-02-12 17:45 15,688 a------- c:\windows\system32\lsdelete.exe
2009-02-12 15:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\comodo
2009-02-12 15:58 <DIR> --d----- c:\program files\COMODO
2009-02-12 15:38 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-02-12 15:36 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-12 15:11 81,288 a------- c:\windows\system32\drivers\iksyssec.sys
2009-02-12 15:11 66,952 a------- c:\windows\system32\drivers\iksysflt.sys
2009-02-12 15:11 42,376 a------- c:\windows\system32\drivers\ikfilesec.sys
2009-02-12 15:11 29,576 a------- c:\windows\system32\drivers\kcom.sys
2009-02-12 15:11 <DIR> --d----- c:\program files\Spyware Doctor
2009-02-12 15:11 <DIR> --d----- c:\docume~1\zac\applic~1\PC Tools
2009-02-12 15:10 <DIR> --d----- c:\program files\common files\Download Manager
2009-02-08 21:45 3,264 a------- C:\drmHeader.bin
2009-02-08 17:53 <DIR> --d----- C:\Downloads
2009-02-08 17:53 <DIR> --d----- c:\program files\Orbitdownloader
2009-02-08 17:48 323,584 a------- c:\windows\system32\AUDIOGENIE2.DLL
2009-02-08 17:48 <DIR> --d----- c:\program files\Replay Media Catcher
2009-02-08 12:05 <DIR> --d----- c:\docume~1\zac\applic~1\VSRevoGroup
2009-01-27 17:25 <DIR> --d----- c:\program files\common files\SWF Studio
2009-01-27 17:24 <DIR> --d----- c:\program files\The Weather Channel FW
2009-01-26 19:40 5,632 a------- c:\windows\system32\ptpusb.dll
2009-01-26 19:40 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2009-01-26 19:40 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-01-26 19:40 159,232 a------- c:\windows\system32\ptpusd.dll

==================== Find3M ====================

2009-02-19 05:22 182,656 a------- c:\windows\system32\drivers\ndis.sys
2009-02-19 05:20 90,112 a------- c:\windows\DUMP495d.tmp
2009-02-18 22:21 90,112 a------- c:\windows\DUMP5a74.tmp
2009-02-11 10:19 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 10:19 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-10 12:37 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-06 15:07 19,456 a------- c:\windows\Runservice.exe
2008-12-25 12:14 107,888 a------- c:\windows\system32\CmdLineExt.dll
2008-12-20 18:15 826,368 a------- c:\windows\system32\wininet.dll
2008-10-01 16:17 87,608 a------- c:\docume~1\zac\applic~1\inst.exe
2008-10-01 16:17 47,360 a------- c:\docume~1\zac\applic~1\pcouffin.sys
2007-12-19 16:30 890 a------- c:\docume~1\zac\applic~1\wklnhst.dat
2008-08-31 02:06 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008083120080901\index.dat

============= FINISH: 20:28:18.90 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:02:09 AM

Posted 24 February 2009 - 11:44 AM

Hello Freezer Boy,

I'm afraid I have bad news for you :thumbup2:

I see you're dealing with Virut on top of the other nasty malware present on your system. In that case, it's unfortunately a lost cause - Game over situation and a format and reinstall is the fastest and especially the safest solution.

You may want to read this why:
Virut and other File infectors - Throwing in the Towel?

So, I suggest you to start backup all of your valuable data/documents/pictures/movies/songs/etc.. Do NOT backup any applications/installers and Do NOT backup any .exe/.scr/.htm/.html/.xml/.zip/.rar files...
This because these files may be infected as well. If you back them up and replace them afterwards, it will infect your computer again.


Read here for instructions how to format and reinstall Windows: http://web.mit.edu/ist/products/winxp/adva...all-format.html

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#3 Freezer Boy

Freezer Boy
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ
  • Local time:08:09 PM

Posted 24 February 2009 - 03:22 PM

Well that definitly does suck, but at least I'll be able to backup all my important stuff. Thanks for the link on how to reinstall windows,because I didn't remember how to do it. Do you have any advice on an anti-virus scanner or firewall for me to download once I do this so that I don't get something this bad again.

#4 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:02:09 AM

Posted 25 February 2009 - 04:18 AM

Hello Freezer Boy,

I see you prefer free security programs ?

In that case : Avira AntiVir would be my first choice, SuperAntispyware as antispyware protection is OK :thumbup2:
Just make sure you install and UPDATE your security programs before even considering restoring backed up data !!

Please read this Prevention page with lots of info and tips how to prevent this in the future.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks.
To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users