|
| ||
| Gay Fetish Sex virus At some point last night my computer was infected with some Virus, and it freezes my screen, blue screens the computer and just made it unusable.... Any ideas. |
| ||
| Re: Gay Fetish Sex virus Follow the instructions given HERE Ignore the section about Deckard Scanner and use instead HiJackThis post back with all requested logs. |
| ||
| Re: Gay Fetish Sex virus Here is the report from Malwarebytes: Malwarebytes' Anti-Malware 1.31 Database version: 1596 Windows 5.1.2600 Service Pack 3 1/2/2009 10:29:25 AM mbam-log-2009-01-02 (10-29-25).txt Scan type: Full Scan (C:\|) Objects scanned: 111533 Time elapsed: 31 minute(s), 8 second(s) Memory Processes Infected: 0 Memory Modules Infected: 3 Registry Keys Infected: 24 Registry Values Infected: 3 Registry Data Items Infected: 4 Folders Infected: 0 Files Infected: 22 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\system32\ljJyXpNg.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\hkbglr.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\pmnKbxVl.dll (Trojan.Vundo) -> Delete on reboot. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{072b19b0-d951-4b75-9058-3090470c3cfa} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{072b19b0-d951-4b75-9058-3090470c3cfa} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{ce4e9c33-e7ad-494b-957d-478110a078ae} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ce4e9c33-e7ad-494b-957d-478110a078ae} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnkbxvl (Trojan.Vundo) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.VirusRemover) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.VirusRemover) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Rapid Antivirus (Rogue.RapidAntivirus) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c004d467 (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c004f280 (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c009077b (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00b2474 (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00ecaec (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\7c6abff6 (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msiexec.exe (Trojan.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\ljjyxpng -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ljjyxpng -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\ljJyXpNg.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\gNpXyJjl.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\gNpXyJjl.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hlgfcktk.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ktkcfglh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hkbglr.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\pmnKbxVl.dll (Trojan.Vundo) -> Delete on reboot. C:\Documents and Settings\Matt\Local Settings\Temp\winsinstall.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\Documents and Settings\Matt\Local Settings\Temp\winvsnet.tmp (Rogue.Installer) -> Quarantined and deleted successfully. C:\WINDOWS\system32\senekanmixstqv.dll (Trojan.Seneka) -> Delete on reboot. C:\WINDOWS\Temp\~rtB8F.tmp (Rogue.Installer) -> Quarantined and deleted successfully. C:\WINDOWS\fmark2.dat (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\senekafoxirrfl.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\senekarjcbwker.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\senekadf.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\seneka.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\senekalog.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\seneka.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\senekaekpapyvu.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ (Trojan.Vundo) -> Delete on reboot. C:\Documents and Settings\All Users\Desktop\Best BDSM P0rn.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Desktop\Gay Fetish Sex.url (Rogue.Link) -> Quarantined and deleted successfully. Here is the log file from ESET: # version=4 # OnlineScanner.ocx=1.0.0.635 # OnlineScannerDLLA.dll=1, 0, 0, 79 # OnlineScannerDLLW.dll=1, 0, 0, 78 # OnlineScannerUninstaller.exe=1, 0, 0, 49 # vers_standard_module=3732 (20090102) # vers_arch_module=1.064 (20080214) # vers_adv_heur_module=1.064 (20070717) # EOSSerial=ff40720f3fb3214fa4cd091ab968035e # end=finished # remove_checked=false # unwanted_checked=true # utc_time=2009-01-02 05:10:58 # local_time=2009-01-02 12:10:58 (-0500, Eastern Standard Time) # country="United States" # osver=5.1.2600 NT Service Pack 3 # scanned=294827 # found=0 # scan_time=5133 |
| ||
| Re: Gay Fetish Sex virus With these infections removed has the computer improved? Post a full system scan with HiJackThis |
| ||
| Re: Gay Fetish Sex virus It seems to work which is am improvment..... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:40:22 PM, on 1/2/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Citrix\ICA Client\ssonsvr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Dell Network Assistant\hnm_svc.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\Program Files\McAfee\VirusScan\McShield.exe C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\WINDOWS\stsystra.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\WINDOWS\system32\ICO.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\AIM6\aolsoftware.exe C:\WINDOWS\system32\dwwin.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://127.0.0.1:4664/first_usage&s=...3zPk2Zd9AL9QC0 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9090 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local> O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [msiexec.exe] msiconf.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1197148054848 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1198936094484 O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab O16 - DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} (WebSlingPlayer) - http://betaimg.sling.com/sli/sling_p...r.cab?1.0.0.19 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/ge...sh/swflash.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...89/mcfscan.cab O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: DNS Client (Dnscache) - Unknown owner - C:\Program Files\tinyproxy\tinyproxy.exe (file missing) O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: SlingAgent Service (SlingAgentService) - Sling Media Inc. - C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 11435 bytes |
| ||
| Re: Gay Fetish Sex virus Download ComboFix Click on the Save button and then when it asks you where to save it, make sure you save it directly to your Windows Desktop. Once the download is complete you will see the Combofix on the desktop. * Close all open Windows including this one. * Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Doubleclick the combofix icon on the desktop to run the program. Windows will issue a prompt asking whether you wish to run the program, click Run You will then see a Disclaimer screen asking you to agree to the disclaimer. Press the number 1 key to accept the disclaimer. Now just sit back and allow the program to run Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete. When ComboFix has finished running, you will see a screen stating that it is preparing the log report. This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt. When all is complete then please post back here with that log. |
| ||
| Re: Gay Fetish Sex virus Here you go... ComboFix 09-01-01.02 - Matt 2009-01-02 14:23:38.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.451 [GMT -5:00] Running from: c:\documents and settings\Matt\Desktop\ComboFix.exe AV: McAfee VirusScan *On-access scanning disabled* (Updated) FW: McAfee Personal Firewall *disabled* * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\program files\tinyproxy\tinyproxy.exe c:\windows\f49f4daa.dat ----- BITS: Possible infected sites ----- hxxp://childhe.com . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_DNS_CLIENT_(DNSCACHE)_ -------\Legacy_PACKET -------\Service_DNS Client (Dnscache) -------\Service_Packet -------\Service_seneka ((((((((((((((((((((((((( Files Created from 2008-12-02 to 2009-01-02 ))))))))))))))))))))))))))))))) . 2009-01-02 12:40 . 2009-01-02 12:40 <DIR> d-------- c:\program files\Trend Micro 2009-01-02 10:38 . 2009-01-02 12:10 <DIR> d-------- c:\program files\EsetOnlineScanner 2009-01-02 10:14 . 2009-01-02 10:14 33,832 --a------ c:\windows\system32\rliuwksb.exe 2009-01-02 09:54 . 2009-01-02 09:54 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-02 09:54 . 2009-01-02 09:54 <DIR> d-------- c:\documents and settings\Matt\Application Data\Malwarebytes 2009-01-02 09:54 . 2009-01-02 09:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-02 09:54 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-02 09:54 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-01-02 09:14 . 2007-11-22 04:29 <DIR> d-------- c:\documents and settings\Administrator\Application Data\InstallShield 2009-01-02 09:14 . 2007-11-22 04:35 <DIR> d-------- c:\documents and settings\Administrator\Application Data\GTek 2009-01-02 09:14 . 2007-11-22 04:33 <DIR> d-------- c:\documents and settings\Administrator\Application Data\ATI 2009-01-02 09:14 . 2009-01-02 09:14 <DIR> d-------- c:\documents and settings\Administrator 2009-01-02 08:49 . 2009-01-02 08:49 <DIR> d-------- c:\documents and settings\Administrator\Application Data\McAfee 2008-12-29 06:42 . 2008-12-29 06:42 <DIR> d-------- c:\windows\system32\runtime 2008-12-28 15:52 . 2008-12-28 15:52 <DIR> d-------- c:\program files\Pure Digital Technologies 2008-12-28 15:52 . 2008-12-28 15:52 <DIR> d-------- c:\program files\3ivx 2008-12-28 15:52 . 2008-12-28 15:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Pure Digital Technologies 2008-12-21 07:37 . 2008-12-21 07:37 0 --a------ c:\windows\nsreg.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-02 16:40 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2009-01-02 14:31 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee 2008-12-29 11:51 --------- d-----w c:\program files\Google 2008-12-02 02:16 --------- d-----w c:\program files\iTunes 2008-12-02 02:16 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-12-02 02:15 --------- d-----w c:\program files\iPod 2008-12-02 02:15 --------- d-----w c:\program files\Common Files\Apple 2008-12-02 02:12 --------- d-----w c:\program files\QuickTime 2008-12-02 02:12 --------- d-----w c:\program files\Bonjour 2008-11-16 12:48 --------- d-----w c:\program files\McAfee 2008-11-16 11:37 --------- d-----w c:\program files\Common Files\McAfee 2008-11-16 11:36 --------- d-----w c:\program files\McAfee.com 2008-11-16 11:21 --------- d-----w c:\documents and settings\All Users\Application Data\Avg8 2008-11-02 12:01 995,383 ----a-w c:\documents and settings\Matt\MFC42.DLL 2008-11-02 12:01 401,462 ----a-w c:\documents and settings\Matt\MSVCP60.DLL 2008-11-02 12:01 266,293 ----a-w c:\documents and settings\Matt\MSVCRT.DLL 2008-11-02 12:01 26,176 ----a-w c:\documents and settings\Matt\PHLASHNT.SYS 2008-11-02 12:01 253,952 ----a-w c:\documents and settings\Matt\WINPHLASH.EXE 2008-11-02 12:01 106,496 ----a-w c:\documents and settings\Matt\PHLASHLC.DLL 2008-11-02 11:56 5 ----a-w c:\windows\system32\drivers\DELL_XPS_Vostro 1000 .MRK 2008-11-02 11:56 5 ----a-w c:\windows\system32\drivers\1028_DELL_XPS_Vostro 1000 .MRK 2008-11-02 11:52 --------- d-----w c:\program files\DIFX 2008-11-02 11:39 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-02 11:28 --------- d-----w c:\program files\Free Star Wars Screensaver 2008-11-02 00:21 --------- d-----w c:\program files\Dell 2008-10-18 00:12 72,748 ----a-w c:\windows\unins000.exe 2008-07-31 18:55 16,688,696 ----a-w c:\documents and settings\Matt\PCTuneUp2.exe 2008-07-13 14:43 61,224 ----a-w c:\documents and settings\Matt\GoToAssistDownloadHelper.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-08 68856] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "Aim6"="c:\program files\AIM6\aim6.exe" [2008-08-06 50472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1024000] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-06-02 2220032] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-20 1228800] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784] "ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-24 17920] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "SigmatelSysTrayApp"="stsystra.exe" [2007-04-23 c:\windows\stsystra.exe] "PMX Daemon"="ICO.EXE" [2007-03-08 c:\windows\system32\ico.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-11-22 50688] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.3IV2"= 3ivxVfWCodec.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ "autocheck autochk *"\0lsdelete [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk backup=c:\windows\pss\Dell Network Assistant.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter] --a------ 2008-08-13 17:32 206064 c:\program files\Dell Support Center\bin\sprtcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "10421:UDP"= 10421:UDP:SingleClick Discovery Protocol "10426:UDP"= 10426:UDP:SingleClick ICC R0 atiide;atiide;c:\windows\system32\DRIVERS\atiide.sys [2007-11-22 3456] R2 FlipShare Service;FlipShare Service;"c:\program files\Pure Digital Technologies\FlipShare\FlipShareService.exe" [2008-11-13 439616] R2 SlingAgentService;SlingAgent Service;"c:\program files\Sling Media\SlingAgent\SlingAgentService.exe" [2008-09-21 93960] R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-12-29 24652] R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5951d95a-d521-11dd-aebb-001c23ae4259}] \Shell\AutoRun\command - E:\Setup_FlipShare.exe \Shell\Setup FlipShare\command - E:\Setup_FlipShare.exe . Contents of the 'Scheduled Tasks' folder 2008-12-30 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2008-12-15 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32] 2008-12-01 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32] 2009-01-02 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20] 2009-01-02 c:\windows\Tasks\ozxxqkjg.job - c:\windows\system32\rundll32.exe [2008-04-13 19:12] . - - - - ORPHANS REMOVED - - - - HKU-Default-Run-msiexec.exe - msiconf.exe . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://www.google.com/ig uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/first_usage&s=dqoLlIW5uDAlX3zPk2Zd9AL9QC0 uInternet Settings,ProxyOverride = *.local;<local> uInternet Settings,ProxyServer = http=127.0.0.1:9090 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 O16 -: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} - hxxp://betaimg.sling.com/sli/sling_player_ax/WebSlingPlayer.cab?1.0.0.19 c:\windows\Downloaded Program Files\SlingPlayer.inf FF - ProfilePath - c:\documents and settings\Matt\Application Data\Mozilla\Firefox\Profiles\bobfri2e.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig FF - plugin: c:\program files\Google\Google Updater\2.4.1439.6872\npCIDetect13.dll FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll . . ------- File Associations ------- . JSEFile=NOTEPAD.EXE %1 VBEFile=NOTEPAD.EXE %1 VBSFile=NOTEPAD.EXE %1 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-02 14:28:39 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Driver Signing] @Denied: (2) (Administrators) @Allowed: (2) (Administrators) "Policy"=hex:00,00,00,00 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1204) c:\windows\system32\Ati2evxx.dll c:\windows\System32\BCMLogon.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\WLTRYSVC.EXE c:\windows\system32\BCMWLTRY.EXE c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\windows\system32\ati2evxx.exe c:\program files\Citrix\ICA Client\ssonsvr.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Cisco Systems\VPN Client\cvpnd.exe c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe c:\program files\Dell Network Assistant\hnm_svc.exe c:\progra~1\McAfee\MSC\mcmscsvc.exe c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe c:\program files\Dell Support Center\bin\sprtsvc.exe c:\program files\ATI Technologies\ATI.ACE\CLI.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\ATI Technologies\ATI.ACE\CLI.exe c:\program files\McAfee\MPF\MpfSrv.exe c:\progra~1\McAfee\MSC\mcuimgr.exe . ************************************************************************** . Completion time: 2009-01-02 14:35:40 - machine was rebooted ComboFix-quarantined-files.txt 2009-01-02 19:35:27 Pre-Run: 101,575,708,672 bytes free Post-Run: 101,622,214,656 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect 244 --- E O F --- 2009-01-02 19:35:15 |
| ||
| Re: Gay Fetish Sex virus Ok, update and run another MBA-M scan and allow it to remove all found. Reboot and then run a new HJT scan and save the log. Post back with both logs. |
| ||
| Re: Gay Fetish Sex virus I just ran the MBA-M (Malwarebytes) and it found nothing, should I reboot and run HJT? Malwarebytes' Anti-Malware 1.31 Database version: 1596 Windows 5.1.2600 Service Pack 3 1/2/2009 5:23:57 PM mbam-log-2009-01-02 (17-23-57).txt Scan type: Full Scan (C:\|) Objects scanned: 113346 Time elapsed: 45 minute(s), 15 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) |
| ||
| Re: Gay Fetish Sex virus Yes, reboot and do another HJT scan. |
| All times are GMT -4. The time now is 8:36 pm. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC