Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Security 2010 Virus


  • Please log in to reply
2 replies to this topic

#1 rhps_kat

rhps_kat

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:54 AM

Posted 31 December 2009 - 07:36 PM

My computer was recently infected with the internet security 2010 virus. I followed the very helpful steps on the website and thought I had everything fixed. The next day when I logged back in the virus was not only back, but now it had duplicated itself I had two of the virus programs on my computer.
I ran the steps again, and the internet security virus seems to be gone now, but my computer is still running very slowly... It was always pretty fast before the virus. I haven't noticed any programs running that I do not recognize, but I'm not too sure what to look for either. I have run AVG a few times after removal of the virus(es) but it comes up clean every time.

Additionally, there is no attachment section in this post window so I cannot attach the other DDS log. If you need to view the DDS log or the RootRepeal log please let me know and I will post them.

**side note: this may be unrelated but when I go to mail.yahoo.com it shows as a text only page - no coding/HTML/images. I haven't noticed this with any other websites yet, so it may just be a yahoo error.**

Please help if you can. Thank you so much

DDS LOG:
DDS (Ver_09-12-01.01) - NTFSx86
Run by OWNER at 17:35:32.87 on Sat 01/31/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.57 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\ZCfgSvc.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hotspot Shield\bin\openvpntray.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Documents and Settings\OWNER\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com
uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
uURLSearchHooks: SweetIM ToolbarURLSearchHook Class: {eee6c35d-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgHelper.dll
mURLSearchHooks: H - No File
mURLSearchHooks: SweetIM ToolbarURLSearchHook Class: {eee6c35d-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgHelper.dll
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {11700183-454f-42e8-a85c-f9968d58913c} - c:\windows\system32\ljJButSk.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Yahoo! IE Suggest: {5a263cf7-56a6-4d68-a8cf-345be45bc911} - c:\program files\yahoo!\searchsuggest\YSearchSuggest.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SweetIM Toolbar Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: SweetIM Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\RegistryBooster.exe /S
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Messenger (Yahoo!)] ~"c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [SweetIM] c:\program files\sweetim\messenger\SweetIM.exe
mRun: [PRONoMgr.exe] c:\program files\intel\ncs\proset\PRONoMgr.exe
mRun: [ZCfgSvc.exe] c:\windows\system32\ZCfgSvc.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [CARPService] carpserv.exe
mRun: [EssSpkPhone] essspk.exe -c
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Sprint SmartView] "c:\program files\sprint\sprint smartview\SprintSV.exe" -a
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\0XkzSxaPm.exe" /runcleanupscript
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10c.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: live.com\onecare
Trusted Zone: microsoft.com\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: Sebring - c:\windows\system32\LgNotify.dll
AppInit_DLLs: c:\windows\system32\kbdsock.dll,nosadepu.dll c:\windows\system32\jelosonu.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\ljJButSk
LSA: Notification Packages = scecli sosafimi.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\kgq7s483.default\extensions\personas@christopher.beard\defaults\preferences\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2009-1-30 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-1-30 161800]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-29 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-29 28424]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-29 360584]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-1-30 285392]
R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2009-1-30 2303680]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-1-30 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2009-1-30 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2009-1-30 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2009-1-30 25736]
R3 EuMusDesignVirtualAudioCableWdm_s2x;Sound2x Audio Cable (WDM);c:\windows\system32\drivers\vacs2xkd.sys [2009-2-27 42880]
R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\drivers\ozscr.sys [2006-5-24 92550]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2009-1-30 5832712]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2009-2-27 16512]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-1-30 30104]
S3 ndisdrv;ndisdrv;\??\c:\windows\system32\ndisdrv.sys --> c:\windows\system32\ndisdrv.sys [?]
S3 TIACXLN;TI ACX100 WLAN Adapter;c:\windows\system32\drivers\tiacxln.sys --> c:\windows\system32\drivers\tiacxln.sys [?]

=============== Created Last 30 ================

2009-12-30 22:45:25 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2009-12-30 22:45:01 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-12-30 22:44:59 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-30 07:36:13 0 d-----w- c:\windows\system32\NtmsData
2009-12-30 05:49:30 0 d-----w- c:\windows\system32\appmgmt
2009-12-30 00:00:32 773120 ----a-w- c:\windows\system32\drivers\rhfkccru.sys
2009-11-15 06:34:31 0 d-----w- c:\program files\mIRC
2009-11-15 06:34:31 0 d-----w- c:\docume~1\owner\applic~1\mIRC
2009-11-09 16:35:13 267272 ----a-w- c:\windows\system32\xactengine2_10.dll
2009-11-09 16:35:09 444776 ----a-w- c:\windows\system32\d3dx10_36.dll
2009-11-09 16:35:09 1374232 ----a-w- c:\windows\system32\D3DCompiler_36.dll
2009-11-09 16:35:07 3734536 ----a-w- c:\windows\system32\d3dx9_36.dll
2009-11-09 16:35:05 267112 ----a-w- c:\windows\system32\xactengine2_9.dll
2009-11-09 16:35:02 444776 ----a-w- c:\windows\system32\d3dx10_35.dll
2009-11-09 16:35:02 1358192 ----a-w- c:\windows\system32\D3DCompiler_35.dll
2009-11-09 16:35:00 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2009-11-09 16:34:58 266088 ----a-w- c:\windows\system32\xactengine2_8.dll
2009-11-09 16:34:58 17928 ----a-w- c:\windows\system32\X3DAudio1_2.dll
2009-11-09 16:34:51 443752 ----a-w- c:\windows\system32\d3dx10_34.dll
2009-11-09 16:34:51 1124720 ----a-w- c:\windows\system32\D3DCompiler_34.dll
2009-11-09 16:34:44 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2009-11-09 16:34:36 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2009-11-09 16:34:29 261480 ----a-w- c:\windows\system32\xactengine2_7.dll
2009-11-09 16:34:18 443752 ----a-w- c:\windows\system32\d3dx10_33.dll
2009-11-09 16:34:18 1123696 ----a-w- c:\windows\system32\D3DCompiler_33.dll
2009-11-09 16:34:05 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2009-11-09 16:34:02 255848 ----a-w- c:\windows\system32\xactengine2_6.dll
2009-11-09 16:34:01 251672 ----a-w- c:\windows\system32\xactengine2_5.dll
2009-11-09 16:30:34 0 d-----w- c:\windows\SxsCaPendDel
2009-10-31 02:28:17 0 d-----w- c:\program files\Mozilla ActiveX Control v1.7.12
2009-10-22 22:37:10 0 d-sh--w- c:\documents and settings\owner\PrivacIE
2009-10-22 22:34:27 0 d-sh--w- c:\documents and settings\owner\IETldCache
2009-10-22 22:28:43 0 d-----w- c:\windows\ie8updates
2009-10-22 22:22:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-10-22 22:22:00 81920 ----a-w- c:\windows\system32\dllcache\ieencode.dll
2009-10-22 22:12:19 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-10-22 22:12:19 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-10-22 22:12:19 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-10-22 22:12:13 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-10-22 22:12:12 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-22 22:12:03 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-10-22 22:11:50 0 d-----w- c:\docume~1\owner\applic~1\MSNInstaller
2009-10-22 22:11:31 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-10-20 14:58:48 263552 -c----w- c:\windows\system32\dllcache\http.sys
2009-10-17 02:24:45 90112 ----a-w- c:\windows\unvise32.exe
2009-09-27 23:21:10 19648 ----a-w- c:\docume~1\owner\applic~1\GDIPFONTCACHEV1.DAT
2009-09-15 20:04:58 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2009-09-04 23:13:38 0 d-----w- c:\docume~1\owner\applic~1\Sprint
2009-09-04 23:10:23 27072 ----a-w- c:\windows\system32\drivers\PCASp50.sys
2009-09-04 23:09:01 17920 ----a-w- c:\windows\system32\apintfnt.dll
2009-09-04 23:07:03 26496 ----a-r- c:\windows\system32\drivers\RimSerial.sys
2009-09-04 23:05:31 0 d-----w- c:\program files\common files\Research in Motion
2009-09-04 23:05:29 0 d-----w- c:\program files\Sierra Wireless
2009-09-04 23:04:37 0 d-----w- c:\program files\common files\Motorola Shared
2009-09-04 23:04:35 0 d-----w- c:\program files\Novatel Wireless
2009-09-04 23:04:14 0 d-----w- c:\program files\Sprint
2009-09-04 23:04:14 0 d-----w- c:\docume~1\alluse~1\applic~1\Sprint
2009-09-04 23:01:11 0 d-----w- c:\program files\Sierra Wireless Inc
2009-09-04 23:01:11 0 d-----w- c:\docume~1\owner\applic~1\Sierra Wireless
2009-09-01 00:34:09 0 d-----w- c:\program files\common files\DivX Shared
2009-08-21 08:24:43 0 d-----w- C:\9d2afb89a9073f9c0323a911c875
2009-08-21 08:12:06 0 d-----w- c:\windows\system32\XPSViewer
2009-08-21 08:10:26 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-21 08:10:25 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-21 08:10:24 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-21 08:10:23 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-21 08:10:23 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-21 08:10:22 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-21 08:10:22 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-21 08:10:19 0 d-----w- C:\a638d7aecb8f712f728a09cf90708d
2009-08-21 08:02:29 0 d-----w- c:\program files\MSXML 6.0
2009-08-19 23:07:18 1415000 ----a-w- c:\windows\system32\msxml6.dll
2009-08-12 08:02:13 0 d-----w- c:\windows\ServicePackFiles
2009-08-07 00:40:37 0 d-----w- c:\docume~1\owner\applic~1\Canneverbe_Limited
2009-07-21 23:22:24 28592 ----a-w- c:\windows\system32\drivers\tap0901.sys
2009-07-20 02:03:17 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2009-07-20 02:01:56 0 d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2009-07-20 02:01:43 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-06-18 23:02:09 77824 ----a-r- c:\windows\system32\HPZIDS01.dll
2009-06-18 23:02:02 38400 ----a-w- c:\windows\system32\hpz3l054.dll
2009-06-18 23:01:47 254026 ----a-r- c:\windows\system32\hpovst09.dll
2009-06-18 23:01:46 827392 ----a-r- c:\windows\system32\hpotiop2.dll
2009-06-18 23:01:45 659456 ----a-r- c:\windows\system32\hpowiax2.dll
2009-06-18 23:01:42 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-06-18 23:01:42 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-06-18 23:01:20 282624 ----a-r- c:\windows\system32\HPZc3212.dll
2009-06-18 23:01:19 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2009-06-18 22:59:31 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-06-18 22:59:31 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-05-25 20:17:43 0 d-----w- C:\Hotspot Shield
2009-05-25 20:16:50 0 d-----w- c:\program files\Hotspot Shield
2009-05-20 19:54:36 37376 ----a-w- c:\windows\system32\drivers\hssdrv.sys
2009-05-14 18:08:40 27136 ----a-w- c:\windows\system32\drivers\tapvpn.sys
2009-05-01 18:30:36 3366912 -c--a-w- c:\windows\system32\GPhotos.scr
2009-04-07 00:47:25 120056 -c----w- c:\windows\system32\pxcpyi64.exe
2009-04-07 00:47:24 118520 -c----w- c:\windows\system32\pxinsi64.exe
2009-04-07 00:47:22 129784 -c----w- c:\windows\system32\pxafs.dll
2009-04-07 00:45:44 0 d-----w- c:\program files\DivX
2009-04-04 06:08:13 0 d-----w- c:\program files\WideStep Software
2009-04-01 00:39:28 0 d-----w- c:\program files\Windows Media Connect 2
2009-03-31 01:51:49 0 d-----w- c:\windows\system32\CatRoot_bak
2009-03-31 01:50:27 272128 -c--a-w- c:\windows\system32\dllcache\bthport.sys
2009-03-31 01:50:27 272128 -c----w- c:\windows\system32\drivers\bthport.sys
2009-03-31 01:48:45 2142720 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-03-31 01:48:31 2185984 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-03-31 01:48:10 2020864 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-03-31 01:47:59 2062976 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-03-31 01:47:00 453632 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-03-30 04:37:14 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-03-30 04:37:13 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-03-30 04:37:05 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-03-30 04:36:53 0 d-----w- c:\windows\system32\drivers\Avg
2009-03-28 20:09:15 2422 -c--a-w- c:\windows\system32\wpa.bak
2009-03-28 19:50:59 101376 -c--a-w- c:\windows\system32\dllcache\srusbusd.dll
2009-03-28 19:49:57 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
2009-03-28 19:48:58 8192 -c--a-w- c:\windows\system32\dllcache\httpmb51.dll
2009-03-28 19:47:59 82172 -c--a-w- c:\windows\system32\dllcache\bopomofo.nls
2009-03-28 19:46:33 221184 -c--a-w- c:\windows\system32\wmpns.dll
2009-03-28 19:44:34 488 ---ha-r- c:\windows\system32\logonui.exe.manifest
2009-03-28 19:44:25 749 -c-ha-r- c:\windows\system32\wuaucpl.cpl.manifest
2009-03-28 19:44:25 749 -c-ha-r- c:\windows\system32\sapi.cpl.manifest
2009-03-28 19:44:25 749 -c-ha-r- c:\windows\system32\nwc.cpl.manifest
2009-03-28 19:44:25 749 -c-ha-r- c:\windows\system32\ncpa.cpl.manifest
2009-03-28 19:44:25 749 ---ha-r- c:\windows\WindowsShell.Manifest
2009-03-28 19:29:10 13312 -c--a-w- c:\windows\system32\irclass.dll
2009-03-28 19:29:10 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2009-03-28 19:29:09 24661 -c--a-w- c:\windows\system32\spxcoins.dll
2009-03-28 19:29:09 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-03-28 19:13:48 0 d-----w- c:\windows\setup.pss
2009-03-28 16:50:35 0 d-----w- c:\windows\pss
2009-03-28 13:17:05 0 d-----w- c:\windows\Config
2009-03-24 03:01:54 0 d-----w- c:\docume~1\owner\applic~1\Uniblue
2009-03-22 01:34:51 0 d-----w- c:\program files\AVG
2009-03-22 00:32:21 0 d-----w- c:\docume~1\owner\applic~1\HouseCall 6.6
2009-03-22 00:32:13 0 d-----w- c:\windows\system32\HouseCall 6.6
2009-03-22 00:26:15 0 d-----w- c:\program files\common files\Symantec Shared
2009-03-22 00:26:01 0 d-----w- c:\program files\Norton Security Scan
2009-03-22 00:16:23 1820534 -csha-w- c:\windows\system32\ndmjorkf.ini
2009-03-22 00:04:22 1820516 -csha-w- c:\windows\system32\xfqtitck.ini
2009-03-20 02:28:26 1820498 -csha-w- c:\windows\system32\quejhsob.ini
2009-03-19 01:11:37 1817796 -csha-w- c:\windows\system32\ssxdpmad.ini
2009-03-18 11:56:56 1761259 -csha-w- c:\windows\system32\tmlsxher.ini
2009-03-18 03:02:04 1024 -csha-r- c:\windows\speedy.pif
2009-03-18 03:02:04 1024 -csha-r- c:\windows\speedy.exe
2009-03-18 03:02:04 1024 -csha-r- c:\windows\scrsvr.exe
2009-03-18 03:02:04 1024 -csha-r- c:\windows\puta!!.exe
2009-03-18 03:02:04 1024 -csha-r- c:\windows\marco!.scr
2009-03-18 03:02:04 1024 -csha-r- c:\windows\instit.bat
2009-03-18 03:02:04 1024 -csha-r- c:\windows\brasil.pif
2009-03-18 03:02:04 1024 -csha-r- c:\windows\brasil.exe
2009-03-18 03:02:04 1024 -csha-r- c:\windows\alevir.exe
2009-03-17 23:42:17 1757302 -csha-w- c:\windows\system32\mhxkwdgf.ini
2009-03-16 23:37:41 1757302 -csha-w- c:\windows\system32\vfpqsbut.ini
2009-03-15 10:32:09 124688 -c--a-w- c:\windows\system32\MSWINSCK.OCX
2009-03-15 10:20:00 1732983 --sha-w- c:\windows\system32\ykbyedmb.ini
2009-03-15 10:19:11 8205 -csha-w- c:\windows\system32\kStuBJjl.ini2
2009-03-15 10:19:10 8205 -csha-w- c:\windows\system32\kStuBJjl.ini
2009-03-15 10:04:49 0 d-sh--w- c:\windows\system32\28463
2009-03-11 03:18:14 934792 -c----w- c:\windows\system32\dllcache\WgaTray.exe
2009-03-11 03:18:00 239496 -c----w- c:\windows\system32\dllcache\wgaLogon.dll
2009-03-04 04:09:03 0 d-----w- C:\CtDriverInstTemp
2009-03-04 04:08:52 0 d-----w- C:\WebcamProeX
2009-02-28 04:40:20 22528 -c--a-w- c:\windows\system32\WNASPI32.DLL
2009-02-28 04:40:20 16512 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
2009-02-28 04:40:19 42880 ----a-w- c:\windows\system32\drivers\vacs2xkd.sys
2009-02-28 04:40:15 0 d-----w- c:\program files\4Musics Multiformat Converter
2009-02-27 00:29:21 19472 -c-ha-w- c:\windows\system32\mlfcache.dat
2009-02-23 01:47:28 0 d-----w- c:\program files\Vampire The Masquerade - Redemption
2009-02-23 01:29:28 1048 -c--a-w- c:\windows\vampire.ini
2009-02-23 01:12:44 0 d-----w- c:\documents and settings\owner\WINDOWS
2009-02-23 01:10:13 0 d-----w- c:\program files\MagicISO
2009-01-31 21:00:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-31 21:00:43 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-01-31 03:28:33 0 d--h--w- C:\$AVG
2009-01-31 03:27:37 25608 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2009-01-31 03:27:36 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-01-31 03:25:11 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2009-01-31 03:25:10 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2009-01-31 03:24:51 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2009-01-29 03:04:39 73728 -c--a-w- c:\windows\system32\javacpl.cpl
2009-01-29 03:04:39 410984 -c--a-w- c:\windows\system32\deploytk.dll
2009-01-28 15:52:18 0 d-----w- c:\program files\SweetIM
2009-01-28 15:52:18 0 d-----w- c:\docume~1\alluse~1\applic~1\SweetIM
2009-01-23 02:08:55 0 d-----w- c:\docume~1\alluse~1\applic~1\Launcher
2009-01-13 02:59:31 0 d-----w- c:\docume~1\alluse~1\applic~1\Graboid Inc
2009-01-13 02:59:16 0 d-----w- c:\docume~1\owner\applic~1\MozillaControl
2009-01-13 02:57:13 0 d-----w- c:\program files\VideoLAN
2009-01-13 02:57:12 0 d-----w- c:\program files\Graboid
2009-01-12 02:58:01 9200 -c--a-w- c:\windows\system32\drivers\cdralw2k.sys
2009-01-12 02:58:01 9072 -c--a-w- c:\windows\system32\drivers\cdr4_xp.sys
2009-01-12 02:57:34 0 d-----w- c:\windows\system32\IOSUBSYS
2009-01-12 02:53:12 0 d-----w- c:\program files\Easy Photo Editor
2009-01-07 23:20:18 265720 ----a-w- c:\windows\system32\msdbg2.dll

==================== Find3M ====================

2009-10-21 06:00:55 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 06:00:55 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 14:58:48 263552 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:53:29 266752 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:54:17 69632 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:54:17 112128 ----a-w- c:\windows\system32\rastls.dll
2009-09-25 05:56:36 662016 ----a-w- c:\windows\system32\wininet.dll
2009-09-11 14:03:37 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 20:45:26 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:16:37 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-25 09:47:14 352256 ----a-w- c:\windows\system32\winhttp.dll
2009-08-14 12:19:41 1850112 ----a-w- c:\windows\system32\win32k.sys
2009-08-05 09:11:47 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 12:51:17 2185984 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 12:02:00 2062976 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-07-31 04:57:32 1172480 ----a-w- c:\windows\system32\msxml3.dll
2009-07-17 18:55:28 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 16:27:47 1435648 ----a-w- c:\windows\system32\query.dll
2009-07-14 04:43:24 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-25 18:36:08 95744 ----a-w- c:\windows\system32\mqsec.dll
2009-06-25 18:36:08 661504 ----a-w- c:\windows\system32\mqqm.dll
2009-06-25 18:36:08 517120 ----a-w- c:\windows\system32\mqsnap.dll
2009-06-25 18:36:08 48640 ----a-w- c:\windows\system32\mqupgrd.dll
2009-06-25 18:36:08 471552 ----a-w- c:\windows\system32\mqutil.dll
2009-06-25 18:36:08 47104 ----a-w- c:\windows\system32\mqdscli.dll
2009-06-25 18:36:08 225280 ----a-w- c:\windows\system32\mqoa.dll
2009-06-25 18:36:08 186880 ----a-w- c:\windows\system32\mqtrig.dll
2009-06-25 18:36:08 177152 ----a-w- c:\windows\system32\mqrt.dll
2009-06-25 18:36:08 16896 ----a-w- c:\windows\system32\mqise.dll
2009-06-25 18:36:08 138240 ----a-w- c:\windows\system32\mqad.dll
2009-06-25 18:36:08 123392 ----a-w- c:\windows\system32\mqrtdep.dll
2009-06-25 08:17:27 729600 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:17:27 59392 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:17:27 56320 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:17:27 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:17:27 168448 ----a-w- c:\windows\system32\schannel.dll
2009-06-22 11:49:23 19968 ----a-w- c:\windows\system32\mqbkup.exe
2009-06-22 11:49:23 117248 ----a-w- c:\windows\system32\mqtgsvc.exe
2009-06-22 11:49:04 4608 ----a-w- c:\windows\system32\mqsvc.exe
2009-06-22 11:48:44 91776 ----a-w- c:\windows\system32\drivers\mqac.sys
2009-06-22 11:35:44 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:55:16 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55:16 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 11:50:54 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 11:50:53 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:21:48 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:32:40 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-05 07:42:37 655872 ----a-w- c:\windows\system32\mstscax.dll
2009-06-03 19:27:58 1290752 ----a-w- c:\windows\system32\quartz.dll
2009-05-07 15:44:00 344064 ----a-w- c:\windows\system32\localspl.dll
2009-04-15 15:11:19 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-02 04:02:22 604160 ----a-w- c:\windows\system32\wmspdmod.dll
2009-03-28 19:42:44 22720 -c--a-w- c:\windows\system32\emptyregdb.dat
2009-03-06 14:00:22 284160 ----a-w- c:\windows\system32\pdh.dll
2009-02-10 23:31:54 453120 ----a-w- c:\windows\system32\wbem\wmiprvsd.dll
2009-02-09 10:01:53 617984 ----a-w- c:\windows\system32\advapi32.dll
2009-02-09 10:01:53 473088 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-02-09 10:01:53 401408 ----a-w- c:\windows\system32\rpcss.dll
2009-02-09 10:01:52 715264 ----a-w- c:\windows\system32\ntdll.dll
2009-02-06 18:46:09 408064 ----a-w- c:\windows\system32\netlogon.dll
2009-02-06 10:22:21 110592 ----a-w- c:\windows\system32\services.exe
2009-02-06 09:54:17 35328 -c--a-w- c:\windows\system32\sc.exe
2009-02-06 09:41:05 227840 ----a-w- c:\windows\system32\wbem\wmiprvse.exe
2009-01-07 23:21:00 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-01-07 23:20:38 24576 ----a-w- c:\windows\system32\nlsdl.dll
2009-01-07 23:20:36 26112 ----a-w- c:\windows\system32\idndl.dll
2009-01-07 23:20:36 23552 ----a-w- c:\windows\system32\normaliz.dll
2008-12-11 11:57:21 333184 ----a-w- c:\windows\system32\drivers\srv.sys
2008-11-28 23:54:50 18840 ----a-w- c:\windows\fonts\Canaith.ttf

============= FINISH: 17:39:12.52 ===============

Edited by rhps_kat, 31 December 2009 - 07:41 PM.


BC AdBot (Login to Remove)

 


#2 rhps_kat

rhps_kat
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:54 AM

Posted 03 January 2010 - 01:48 PM

**Update**

After removing the internet security 2010 virus several times, not downloading anything from the internet, and only visiting "trusted" sites, I have been infected with the virus AGAIN. It just won't stay away.
Is there something I'm doing wrong? Is it hiding a piece of itself so it looks like it gone but then just comes back a few days later?
Additionally I should mention that when I try to use Yahoo the majority of the links are redirecting me to a different random page. Google, however is working perfectly.
Please help, I'm getting tired of removing this virus over and over again.
-kat

Edited by rhps_kat, 03 January 2010 - 04:07 PM.


#3 rhps_kat

rhps_kat
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:54 AM

Posted 05 January 2010 - 11:08 AM

well, my computer is now total shot and will not turn on.
</sarcasm>appreciate the help.</end sarcasm>




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users