virut generator virus, thought I got rid of it, need help

Discussion in 'Archive' started by mike69, Apr 15, 2009.

  1. mike69

    mike69 Guest

    Well, long story short could be found here

    http://www.geekpolice.net/virus-spyware-malware-removal-f11/reinstalling-spyware-doctor-bad-idea-trojan-madness-lurkin-t8317.htm

    I got this virus from downloading the spyware doctor app from one of the posters on this website, and spent the last couple of days trying to troubleshoot before giving up and just reformatting and reinstalling windows.

    I did that yesterday and copied over personal files like my documents, and stuff like that. Upon installing mcafee earlier today, I just caught note of this.

    [​IMG][/url][/img]

    I thought reformatting the drive woudl get rid of it, somehow it got attached to some other file or something

    someone help or know about this?
     
  2. Sephiroth

    Sephiroth Guest

    The file reported is main exe of jdownloader which is java based. Try the following:-
    1. Uninstall Java runtime.
    2. Remove jdownloader.(you can always D/L & install it later)
    3. Boot your pc in safe mode & scan your entire system with mcafee.
    4. Whatever is reported, if it can't be cleaned, delete it.
    5. Check msconfig & make sure that only legit program are running at boot time.
    6. Clean your temp folder as well.

    Looking at the link you have given (code it first) don't try too many things at the same time, it will lead to confusion. Also, you should have posted Hijackthis log & other stuff here also. It would have been easier to get to the root of the problem.
     
  3. mike69

    mike69 Guest

    I was told that this infection can linger on even after formatting complete,ly from scratch and reinstalling because it somehow stays on the RAM.

    how do you get rid of that? Would I just have to let the computer run until the battery dies out?
     
  4. mike69

    mike69 Guest

    [​IMG][/url][/img]
     
  5. mike69

    mike69 Guest

    Hijackthis log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:31:42 AM, on 4/15/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\WINDOWS\Explorer.EXE
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Elite Desktop\HPKEYBOARDg.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
    C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [HP KEYBOARDg] "C:\Program Files\Hewlett-Packard\HP Wireless Elite Desktop\HPKEYBOARDg.EXE"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
    O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"
    O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
    O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --
    End of file - 8722 bytes
     
  6. mike69

    mike69 Guest

    From MalwareMalBytes

    Malwarebytes' Anti-Malware 1.36
    Database version: 1981
    Windows 5.1.2600 Service Pack 3

    4/15/2009 12:46:02 AM
    mbam-log-2009-04-15 (00-46-02).txt

    Scan type: Quick Scan
    Objects scanned: 66425
    Time elapsed: 6 minute(s), 7 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 2
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  7. mike69

    mike69 Guest

    DDS Log


    DDS (Ver_09-03-16.01) - NTFSx86
    Run by Mike at 0:53:03.12 on Wed 04/15/2009
    Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.505 [GMT -7]

    AV: McAfee VirusScan *On-access scanning enabled* (Updated)
    FW: McAfee Personal Firewall *enabled*

    ============== Running Processes ===============

    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\WINDOWS\Explorer.EXE
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Elite Desktop\HPKEYBOARDg.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
    C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\WINDOWS\system32\wuauclt.exe
    c:\PROGRA~1\mcafee\msc\mcshell.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Documents and Settings\Mike\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [HP KEYBOARDg] "c:\program files\hewlett-packard\hp wireless elite desktop\HPKEYBOARDg.EXE"
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
    mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
    mRun: [McAfee Backup] "c:\program files\mcafee\mbk\McAfeeDataBackup.exe"
    mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
    mRun: [<NO NAME>]
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
    IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert link target to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Notify: AtiExtEvent - Ati2evxx.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\mike\applic~1\mozilla\firefox\profiles\wriqhq49.default\
    FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll

    ============= SERVICES / DRIVERS ===============

    R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-3-25 214024]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-4-14 203280]
    R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-4-14 359952]
    R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-4-14 144704]
    R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-4-14 606736]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-4-14 79880]
    R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-4-14 35272]
    R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-4-14 40552]
    S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
    S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
    S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-4-14 34216]
    S3 pctplsg;pctplsg;\??\c:\windows\system32\drivers\pctplsg.sys --> c:\windows\system32\drivers\pctplsg.sys [?]
    S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

    =============== Created Last 30 ================

    2009-04-15 00:35 <DIR> --d----- c:\program files\Unlocker
    2009-04-15 00:10 <DIR> --d----- c:\windows\system32\LogFiles
    2009-04-14 23:58 <DIR> --d----- c:\program files\common files\Macrovision Shared
    2009-04-14 23:57 45,392 a----r-- c:\windows\system32\AdobePDF.dll
    2009-04-14 23:57 22,872 a----r-- c:\windows\system32\AdobePDFUI.dll
    2009-04-14 14:31 7,179 a------- c:\windows\system32\Config.MPF
    2009-04-14 14:29 <DIR> --d----- c:\program files\SiteAdvisor
    2009-04-14 14:22 40,552 a------- c:\windows\system32\drivers\mfesmfk.sys
    2009-04-14 14:22 79,880 a------- c:\windows\system32\drivers\mfeavfk.sys
    2009-04-14 14:22 35,272 a------- c:\windows\system32\drivers\mfebopk.sys
    2009-04-14 14:22 120,136 a------- c:\windows\system32\drivers\Mpfp.sys
    2009-04-14 14:21 <DIR> --d----- c:\program files\common files\McAfee
    2009-04-14 14:21 <DIR> --d----- c:\program files\McAfee.com
    2009-04-14 14:21 <DIR> --d----- c:\program files\McAfee
    2009-04-14 14:20 34,216 a------- c:\windows\system32\drivers\mferkdk.sys
    2009-04-14 12:35 <DIR> --d----- c:\program files\Trend Micro
    2009-04-14 10:46 168,448 a------- c:\windows\system32\unrar.dll
    2009-04-14 10:46 <DIR> --d----- c:\program files\K-Lite Codec Pack
    2009-04-14 10:44 <DIR> --d----- c:\program files\CCleaner
    2009-04-14 10:43 33,664 a------- c:\windows\system32\drivers\BCMWLNPF.SYS
    2009-04-14 10:43 253,952 a------- c:\windows\system32\bcmwlu00.exe
    2009-04-14 10:43 86,016 a------- c:\windows\system32\preflib.dll
    2009-04-14 10:43 69,632 a------- c:\windows\system32\bcmwlpkt.dll
    2009-04-14 10:43 44,032 a------- c:\windows\system32\wltrynt.dll
    2009-04-14 10:43 3,395,584 a------- c:\windows\system32\BCMWLCPL.CPL
    2009-04-14 10:43 2,129,920 a------- c:\windows\system32\WLBCGCBPRO731.DLL
    2009-04-14 10:43 1,392,640 a------- c:\windows\system32\WLTRAY.EXE
    2009-04-14 10:43 1,253,376 a------- c:\windows\system32\BCMWLTRY.EXE
    2009-04-14 10:43 20,480 a------- c:\windows\system32\WLTRYSVC.EXE
    2009-04-14 10:43 757,760 a------- c:\windows\system32\bcm1xsup.dll
    2009-04-14 10:42 4,792 a------- c:\windows\bcm53.tmp
    2009-04-14 10:32 4,222 a------- c:\windows\bcm5.tmp
    2009-04-14 10:06 3,107,788 a------- c:\windows\system32\ativvaxx.dat
    2009-04-14 10:06 2,096 a------- c:\windows\system32\drivers\ativdkxx.vp
    2009-04-14 10:05 4,240 a------- c:\windows\bcm91.tmp
    2009-04-14 10:04 4,304 a------- c:\windows\bcm5B.tmp
    2009-04-14 10:03 <DIR> --d----- c:\program files\Broadcom
    2009-04-14 10:01 191,872 a------- c:\windows\system32\drivers\SynTP.sys
    2009-04-14 10:01 94,299 a------- c:\windows\system32\SynTPAPI.dll
    2009-04-14 10:01 81,920 a------- c:\windows\system32\SynTPCo2.dll
    2009-04-14 10:01 69,723 a------- c:\windows\system32\SynTPFcs.dll
    2009-04-14 10:01 114,688 a------- c:\windows\system32\SynCtrl.dll
    2009-04-14 10:01 82,014 a------- c:\windows\system32\SynCOM.dll
    2009-04-14 10:01 <DIR> --d----- c:\program files\Synaptics
    2009-04-14 09:59 36,864 a------- c:\windows\system32\drivers\AmdK8.sys
    2009-04-14 09:59 <DIR> --d----- c:\program files\AMD
    2009-04-14 09:49 146,944 a------- c:\windows\system32\st325602.dll
    2009-04-14 00:53 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
    2009-04-14 00:53 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
    2009-04-14 00:53 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll
    2009-04-14 00:53 267,776 -c------ c:\windows\system32\dllcache\iertutil.dll
    2009-04-14 00:53 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
    2009-04-14 00:53 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
    2009-04-14 00:53 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat
    2009-04-14 00:53 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
    2009-04-14 00:53 6,066,688 -c------ c:\windows\system32\dllcache\ieframe.dll
    2009-04-14 00:40 221,184 a------- c:\windows\system32\wmpns.dll
    2009-04-14 00:27 <DIR> --d----- c:\windows\system32\scripting
    2009-04-14 00:27 <DIR> --d----- c:\windows\l2schemas
    2009-04-14 00:27 <DIR> --d----- c:\windows\system32\en
    2009-04-14 00:27 <DIR> --d----- c:\windows\system32\bits
    2009-04-14 00:24 <DIR> --d----- c:\windows\ServicePackFiles
    2009-04-14 00:08 <DIR> --d----- c:\windows\EHome
    2009-04-13 23:52 <DIR> --d----- c:\windows\network diagnostic
    2009-04-13 23:35 381,425 -c------ c:\windows\system32\dllcache\copycd.wmv
    2009-04-13 23:35 9,585 -c------ c:\windows\system32\dllcache\controls.css
    2009-04-13 23:35 8,298 -c------ c:\windows\system32\dllcache\contents.htm
    2009-04-13 23:35 6,878 -c------ c:\windows\system32\dllcache\controls.js
    2009-04-13 23:35 129,045 -------- c:\windows\system32\drivers\cxthsfs2.cty
    2009-04-13 23:35 773 -c------ c:\windows\system32\dllcache\cnth.gif
    2009-04-13 23:35 773 -c------ c:\windows\system32\dllcache\cnt.gif
    2009-04-13 23:35 772 -c------ c:\windows\system32\dllcache\cntd.gif
    2009-04-13 23:35 760 -c------ c:\windows\system32\dllcache\cloapph.gif
    2009-04-13 23:35 717 -c------ c:\windows\system32\dllcache\cloapp.gif
    2009-04-13 23:35 999 -c------ c:\windows\system32\dllcache\bktrh.gif
    2009-04-13 23:26 410,984 a------- c:\windows\system32\deploytk.dll
    2009-04-13 23:26 73,728 a------- c:\windows\system32\javacpl.cpl
    2009-04-13 23:18 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
    2009-04-13 23:18 272,128 -------- c:\windows\system32\drivers\bthport.sys
    2009-04-13 23:16 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
    2009-04-13 23:16 2,189,184 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
    2009-04-13 23:16 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
    2009-04-13 23:16 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
    2009-04-13 23:16 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
    2009-04-13 23:16 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
    2009-04-13 23:16 333,952 -c------ c:\windows\system32\dllcache\srv.sys
    2009-04-13 23:16 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
    2009-04-13 23:15 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
    2009-04-13 23:14 <DIR> --d----- c:\windows\system32\PreInstall
    2009-04-13 23:14 26,488 a------- c:\windows\system32\spupdsvc.exe
    2009-04-13 22:59 <DIR> --d----- c:\windows\system32\SoftwareDistribution
    2009-04-13 22:53 21,504 a------- c:\windows\system32\hidserv.dll
    2009-04-13 20:42 <DIR> --d----- C:\downloads
    2009-04-13 20:31 <DIR> --d----- c:\program files\common files\L&H
    2009-04-13 20:27 376 a------- c:\windows\ODBC.INI
    2009-04-13 20:27 17,920 a------- c:\windows\system32\mdimon.dll
    2009-04-13 20:27 <DIR> --d----- c:\program files\Microsoft ActiveSync
    2009-04-13 20:27 <DIR> --d----- c:\windows\SHELLNEW
    2009-04-13 20:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
    2009-04-13 20:17 <DIR> --d----- c:\docume~1\mike\applic~1\Malwarebytes
    2009-04-13 20:17 15,504 a------- c:\windows\system32\drivers\mbam.sys
    2009-04-13 20:17 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-04-13 20:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2009-04-13 20:17 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
    2009-04-13 19:40 <DIR> --d----- c:\program files\CONEXANT
    2009-04-13 19:40 192,512 a------- c:\windows\system32\drivers\HSXHWAZL.sys
    2009-04-13 19:40 114,688 a------- c:\windows\system32\Uci32103.dll
    2009-04-13 19:40 86,016 a------- c:\windows\system32\mdmxsdk.dll
    2009-04-13 19:40 12,544 a------- c:\windows\system32\drivers\mdmxsdk.sys
    2009-04-13 19:40 936,960 a------- c:\windows\system32\drivers\HSX_DPV.sys
    2009-04-13 19:40 669,696 a------- c:\windows\system32\drivers\HSX_CNXT.sys
    2009-04-13 19:40 141,497 a------- c:\windows\system32\drivers\del1028.cty
    2009-04-13 19:40 6,272 a------- c:\windows\system32\drivers\splitter.sys
    2009-04-13 19:40 83,072 a------- c:\windows\system32\drivers\wdmaud.sys
    2009-04-13 19:40 52,864 a------- c:\windows\system32\drivers\dmusic.sys
    2009-04-13 19:39 <DIR> --d----- c:\program files\SigmaTel
    2009-04-13 19:36 <DIR> --d----- c:\windows\system32\URTTemp
    2009-04-13 19:36 <DIR> --d----- c:\program files\ATI Technologies
    2009-04-13 19:31 770,048 a------- c:\windows\system32\BCMLogon.dll
    2009-04-13 19:31 604,928 a------- c:\windows\system32\drivers\BCMWL5.SYS
    2009-04-13 19:31 89,088 a------- c:\windows\system32\ATL71.DLL
    2009-04-13 19:31 499,712 a------- c:\windows\system32\MSVCP71.DLL
    2009-04-13 19:31 348,160 a------- c:\windows\system32\MSVCR71.DLL
    2009-04-13 19:31 1,060,864 a------- c:\windows\system32\MFC71.DLL
    2009-04-13 19:30 45,568 a----r-- c:\windows\system32\drivers\bcm4sbxp.sys
    2009-04-13 19:29 32,256 a------- c:\windows\system32\drivers\rimmptsk.sys
    2009-04-13 19:25 <DIR> --d----- c:\windows\system32\ReinstallBackups
    2009-04-13 19:21 <DIR> --d----- c:\windows\system32\vmm32
    2009-04-13 19:21 <DIR> --d----- c:\program files\Dell
    2009-04-13 19:03 <DIR> --d----- c:\documents and settings\Mike
    2009-04-13 18:59 <DIR> --ds---- c:\windows\system32\Microsoft
    2009-04-13 18:42 8,192 a------- c:\windows\REGLOCS.OLD
    2009-04-13 18:40 57,856 ac------ c:\windows\system32\dllcache\EXCH_scripto.dll
    2009-04-13 18:39 132,608 ac------ c:\windows\system32\dllcache\fxsclntr.dll
    2009-04-13 18:38 2,577 a------- c:\windows\system32\CONFIG.NT
    2009-04-13 18:38 0 a------- c:\windows\control.ini
    2009-04-13 18:38 23,392 a------- c:\windows\system32\nscompat.tlb
    2009-04-13 18:38 16,832 a------- c:\windows\system32\amcompat.tlb
    2009-04-13 18:38 316,640 a------- c:\windows\WMSysPr9.prx
    2009-04-13 18:37 <DIR> --dsh--- c:\documents and settings\all users\DRM
    2009-04-13 18:37 <DIR> --d-h--- c:\program files\WindowsUpdate
    2009-04-13 18:36 <DIR> --d----- c:\program files\common files\MSSoap
    2009-04-13 18:34 <DIR> --d----- c:\program files\Online Services
    2009-04-13 18:34 <DIR> --d----- c:\program files\Messenger
    2009-04-13 18:34 <DIR> --d----- c:\program files\MSN Gaming Zone
    2009-04-13 18:34 <DIR> --d----- c:\program files\Windows NT
    2009-04-13 11:23 <DIR> --d----- c:\program files\common files\ODBC
    2009-04-13 11:23 <DIR> --d----- c:\program files\common files\SpeechEngines
    2009-04-13 11:23 <DIR> --d--r-- c:\documents and settings\all users\Documents

    ==================== Find3M ====================

    2009-04-14 00:31 77,423 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
    2009-04-13 18:35 21,640 a------- c:\windows\system32\emptyregdb.dat
    2009-03-25 11:06 214,024 a------- c:\windows\system32\drivers\mfehidk.sys
    2009-02-09 04:13 1,846,784 a------- c:\windows\system32\win32k.sys

    ============= FINISH: 0:54:09.70 ===============
     
  8. mike69

    mike69 Guest

    combofix report

    ComboFix 09-04-15.08 - Mike 04/15/2009 1:05.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.467 [GMT -7]
    Running from: c:\documents and settings\Mike\Desktop\ComboFix.exe
    AV: McAfee VirusScan *On-access scanning enabled* (Updated)
    FW: McAfee Personal Firewall *enabled*
    * Created a new restore point
    * Resident AV is active

    .

    ((((((((((((((((((((((((( Files Created from 2009-03-15 to 2009-04-15 )))))))))))))))))))))))))))))))
    .

    2009-04-15 07:10 . 2009-04-15 07:10 -------- d-----w c:\windows\system32\LogFiles
    2009-04-15 06:57 . 2008-04-07 12:38 22872 ----a-r c:\windows\system32\AdobePDFUI.dll
    2009-04-15 06:57 . 2008-04-07 12:38 45392 ----a-r c:\windows\system32\AdobePDF.dll
    2009-04-15 05:57 . 2009-04-15 05:57 -------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
    2009-04-15 02:54 . 2009-04-15 06:27 -------- d-----w c:\documents and settings\Mike\Local Settings\Application Data\Adobe
    2009-04-15 02:49 . 2009-04-15 02:49 -------- d-----w c:\documents and settings\LocalService\Application Data\SACore
    2009-04-15 02:48 . 2009-04-15 02:48 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Google
    2009-04-14 21:31 . 2009-04-15 07:50 7179 ----a-w c:\windows\system32\Config.MPF
    2009-04-14 21:29 . 2009-04-14 21:29 -------- d-----w c:\documents and settings\All Users\Application Data\SiteAdvisor
    2009-04-14 21:22 . 2009-03-25 18:06 40552 ----a-w c:\windows\system32\drivers\mfesmfk.sys
    2009-04-14 21:22 . 2009-03-25 18:06 79880 ----a-w c:\windows\system32\drivers\mfeavfk.sys
    2009-04-14 21:22 . 2009-03-25 18:06 35272 ----a-w c:\windows\system32\drivers\mfebopk.sys
    2009-04-14 21:22 . 2008-10-23 20:08 120136 ----a-w c:\windows\system32\drivers\Mpfp.sys
    2009-04-14 21:20 . 2009-03-25 18:05 34216 ----a-w c:\windows\system32\drivers\mferkdk.sys
    2009-04-14 21:05 . 2009-04-14 21:31 -------- d-----w c:\documents and settings\All Users\Application Data\McAfee
    2009-04-14 17:46 . 2008-09-16 19:23 168448 ----a-w c:\windows\system32\unrar.dll
    2009-04-14 17:43 . 2007-03-17 01:10 33664 ----a-w c:\windows\system32\drivers\BCMWLNPF.SYS
    2009-04-14 17:43 . 2007-03-17 01:10 86016 ----a-w c:\windows\system32\preflib.dll
    2009-04-14 17:43 . 2007-03-17 01:10 44032 ----a-w c:\windows\system32\wltrynt.dll
    2009-04-14 17:43 . 2007-03-17 01:10 253952 ----a-w c:\windows\system32\bcmwlu00.exe
    2009-04-14 17:43 . 2007-03-17 01:10 69632 ----a-w c:\windows\system32\bcmwlpkt.dll
    2009-04-14 17:43 . 2007-03-17 01:10 2129920 ----a-w c:\windows\system32\WLBCGCBPRO731.DLL
    2009-04-14 17:43 . 2007-03-17 01:10 20480 ----a-w c:\windows\system32\WLTRYSVC.EXE
    2009-04-14 17:43 . 2007-03-17 01:10 1392640 ----a-w c:\windows\system32\WLTRAY.EXE
    2009-04-14 17:43 . 2007-03-17 01:10 1253376 ----a-w c:\windows\system32\BCMWLTRY.EXE
    2009-04-14 17:43 . 2007-03-17 01:10 3395584 ----a-w c:\windows\system32\BCMWLCPL.CPL
    2009-04-14 17:43 . 2007-03-17 01:10 757760 ----a-w c:\windows\system32\bcm1xsup.dll
    2009-04-14 17:42 . 2009-04-14 17:42 4792 ----a-w c:\windows\bcm53.tmp
    2009-04-14 17:32 . 2009-04-14 17:32 4222 ----a-w c:\windows\bcm5.tmp
    2009-04-14 17:25 . 2009-04-14 17:25 -------- d-----w c:\windows\system32\config\systemprofile\Local Settings\Application Data\ATI
    2009-04-14 17:25 . 2009-04-14 17:25 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\ATI
    2009-04-14 17:06 . 2006-10-12 04:26 3107788 ----a-w c:\windows\system32\ativvaxx.dat
    2009-04-14 17:06 . 2006-08-24 00:26 2096 ----a-w c:\windows\system32\drivers\ativdkxx.vp
    2009-04-14 17:05 . 2009-04-14 17:05 4240 ----a-w c:\windows\bcm91.tmp
    2009-04-14 17:04 . 2009-04-14 17:04 4304 ----a-w c:\windows\bcm5B.tmp
    2009-04-14 17:01 . 2006-03-08 19:51 81920 ----a-w c:\windows\system32\SynTPCo2.dll
    2009-04-14 17:01 . 2006-03-08 19:49 69723 ----a-w c:\windows\system32\SynTPFcs.dll
    2009-04-14 17:01 . 2006-03-08 19:38 94299 ----a-w c:\windows\system32\SynTPAPI.dll
    2009-04-14 17:01 . 2006-03-08 19:35 191872 ----a-w c:\windows\system32\drivers\SynTP.sys
    2009-04-14 17:01 . 2006-03-08 19:38 114688 ----a-w c:\windows\system32\SynCtrl.dll
    2009-04-14 17:01 . 2006-03-08 19:37 82014 ----a-w c:\windows\system32\SynCOM.dll
    2009-04-14 16:59 . 2006-07-02 05:39 36864 ----a-w c:\windows\system32\drivers\AmdK8.sys
    2009-04-14 16:49 . 2007-08-21 16:58 146944 ----a-w c:\windows\system32\st325602.dll
    2009-04-14 07:53 . 2008-12-20 23:15 52224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
    2009-04-14 07:53 . 2008-12-20 23:15 459264 -c----w c:\windows\system32\dllcache\msfeeds.dll
    2009-04-14 07:53 . 2008-12-20 23:15 267776 -c----w c:\windows\system32\dllcache\iertutil.dll
    2009-04-14 07:53 . 2008-12-20 23:15 383488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
    2009-04-14 07:53 . 2008-12-20 23:15 63488 -c----w c:\windows\system32\dllcache\icardie.dll
    2009-04-14 07:53 . 2008-12-19 09:10 13824 -c----w c:\windows\system32\dllcache\ieudinit.exe
    2009-04-14 07:53 . 2007-04-17 09:32 2455488 -c----w c:\windows\system32\dllcache\ieapfltr.dat
    2009-04-14 07:53 . 2007-03-08 05:10 991232 -c----w c:\windows\system32\dllcache\ieframe.dll.mui
    2009-04-14 07:53 . 2008-12-20 23:15 6066688 -c----w c:\windows\system32\dllcache\ieframe.dll
    2009-04-14 07:40 . 2008-04-14 00:12 221184 ----a-w c:\windows\system32\wmpns.dll
    2009-04-14 07:27 . 2009-04-14 07:27 -------- d-----w c:\windows\system32\scripting
    2009-04-14 07:27 . 2009-04-14 07:27 -------- d-----w c:\windows\l2schemas
    2009-04-14 07:27 . 2009-04-14 07:27 -------- d-----w c:\windows\system32\en
    2009-04-14 07:27 . 2009-04-14 07:27 -------- d-----w c:\windows\system32\bits
    2009-04-14 07:24 . 2009-04-14 07:28 -------- d-----w c:\windows\ServicePackFiles
    2009-04-14 07:08 . 2009-04-14 07:08 -------- d-----w c:\windows\EHome
    2009-04-14 06:35 . 2004-08-04 10:00 9585 -c----w c:\windows\system32\dllcache\controls.css
    2009-04-14 06:35 . 2004-08-04 10:00 8298 -c----w c:\windows\system32\dllcache\contents.htm
    2009-04-14 06:35 . 2004-08-04 10:00 6878 -c----w c:\windows\system32\dllcache\controls.js
    2009-04-14 06:35 . 2004-08-04 10:00 381425 -c----w c:\windows\system32\dllcache\copycd.wmv
    2009-04-14 06:35 . 2004-07-18 05:55 129045 ------w c:\windows\system32\drivers\cxthsfs2.cty
    2009-04-14 06:35 . 2004-08-04 10:00 773 -c----w c:\windows\system32\dllcache\cnth.gif
    2009-04-14 06:35 . 2004-08-04 10:00 773 -c----w c:\windows\system32\dllcache\cnt.gif
    2009-04-14 06:35 . 2004-08-04 10:00 772 -c----w c:\windows\system32\dllcache\cntd.gif
    2009-04-14 06:35 . 2004-08-04 10:00 760 -c----w c:\windows\system32\dllcache\cloapph.gif
    2009-04-14 06:35 . 2004-08-04 10:00 717 -c----w c:\windows\system32\dllcache\cloapp.gif
    2009-04-14 06:35 . 2004-08-04 10:00 999 -c----w c:\windows\system32\dllcache\bktrh.gif
    2009-04-14 06:26 . 2009-04-14 06:26 73728 ----a-w c:\windows\system32\javacpl.cpl
    2009-04-14 06:26 . 2009-04-14 06:26 410984 ----a-w c:\windows\system32\deploytk.dll
    2009-04-14 06:18 . 2008-06-13 11:05 272128 -c----w c:\windows\system32\dllcache\bthport.sys
    2009-04-14 06:18 . 2008-06-13 11:05 272128 ------w c:\windows\system32\drivers\bthport.sys
    2009-04-14 06:16 . 2008-08-14 10:09 2145280 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
    2009-04-14 06:16 . 2008-08-14 10:11 2189184 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
    2009-04-14 06:16 . 2008-08-14 09:33 2023936 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
    2009-04-14 06:16 . 2008-08-14 09:33 2066048 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe
    2009-04-14 06:16 . 2008-05-08 14:02 203136 -c----w c:\windows\system32\dllcache\rmcast.sys
    2009-04-14 06:16 . 2008-10-24 11:21 455296 -c----w c:\windows\system32\dllcache\mrxsmb.sys
    2009-04-14 06:16 . 2008-12-11 10:57 333952 -c----w c:\windows\system32\dllcache\srv.sys
    2009-04-14 06:16 . 2008-04-11 19:04 691712 -c----w c:\windows\system32\dllcache\inetcomm.dll
    2009-04-14 06:15 . 2008-10-15 16:34 337408 -c----w c:\windows\system32\dllcache\netapi32.dll
    2009-04-14 06:14 . 2009-04-14 08:08 -------- d-----w c:\documents and settings\Mike\Local Settings\Application Data\Google
    2009-04-14 06:14 . 2007-08-11 03:46 26488 ----a-w c:\windows\system32\spupdsvc.exe
    2009-04-14 06:13 . 2009-04-14 06:13 0 ----a-w c:\windows\nsreg.dat
    2009-04-14 06:13 . 2009-04-14 06:13 -------- d-----w c:\documents and settings\Mike\Local Settings\Application Data\Mozilla
    2009-04-14 05:53 . 2008-04-14 00:11 21504 ----a-w c:\windows\system32\hidserv.dll
    2009-04-14 03:42 . 2009-04-15 07:33 -------- d-----w C:\downloads
    2009-04-14 03:27 . 2009-04-14 03:33 376 ----a-w c:\windows\ODBC.INI
    2009-04-14 03:27 . 2003-06-19 00:31 17920 ----a-w c:\windows\system32\mdimon.dll
    2009-04-14 03:27 . 2009-04-14 03:33 -------- d-----w c:\windows\SHELLNEW
    2009-04-14 03:24 . 2009-04-14 03:24 -------- d--h--r C:\MSOCache
    2009-04-14 03:21 . 2009-04-15 03:05 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
    2009-04-14 03:20 . 2009-04-15 03:06 -------- d-----w c:\documents and settings\All Users\Application Data\PC Tools
    2009-04-14 03:17 . 2009-04-14 03:17 -------- d-----w c:\documents and settings\Mike\Application Data\Malwarebytes
    2009-04-14 03:17 . 2009-04-06 22:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
    2009-04-14 03:17 . 2009-04-06 22:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-04-14 03:17 . 2009-04-14 03:17 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-04-14 02:43 . 2009-04-15 07:07 22280 ----a-w c:\documents and settings\Mike\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-04-14 02:43 . 2009-04-14 02:43 127 ----a-w c:\documents and settings\Mike\Local Settings\Application Data\fusioncache.dat
    2009-04-14 02:43 . 2009-04-14 02:43 -------- d-----w c:\documents and settings\Mike\Local Settings\Application Data\ATI
    2009-04-14 02:43 . 2009-04-14 02:43 -------- d-----w c:\documents and settings\Mike\Application Data\ATI
    2009-04-14 02:43 . 2009-04-15 07:50 -------- d-----w c:\documents and settings\Mike\Local Settings\Application Data\ApplicationHistory
    2009-04-14 02:40 . 2005-12-01 08:40 192512 ----a-w c:\windows\system32\drivers\HSXHWAZL.sys
    2009-04-14 02:40 . 2005-11-16 06:41 114688 ----a-w c:\windows\system32\Uci32103.dll
    2009-04-14 02:40 . 2005-10-05 06:57 12544 ----a-w c:\windows\system32\drivers\mdmxsdk.sys
    2009-04-14 02:40 . 2005-10-05 06:56 86016 ----a-w c:\windows\system32\mdmxsdk.dll
    2009-04-14 02:40 . 2005-12-01 08:40 936960 ----a-w c:\windows\system32\drivers\HSX_DPV.sys
    2009-04-14 02:40 . 2005-12-01 08:40 669696 ----a-w c:\windows\system32\drivers\HSX_CNXT.sys
    2009-04-14 02:40 . 2005-12-01 06:39 141497 ----a-w c:\windows\system32\drivers\del1028.cty
    2009-04-14 02:40 . 2008-04-13 18:45 6272 ----a-w c:\windows\system32\drivers\splitter.sys
    2009-04-14 02:40 . 2008-04-13 19:17 83072 ----a-w c:\windows\system32\drivers\wdmaud.sys
    2009-04-14 02:40 . 2008-04-13 18:45 52864 ----a-w c:\windows\system32\drivers\dmusic.sys
    2009-04-14 02:36 . 2009-04-14 02:36 -------- d-----w c:\windows\system32\URTTemp
    2009-04-14 02:31 . 2007-03-17 01:10 604928 ----a-w c:\windows\system32\drivers\BCMWL5.SYS
    2009-04-14 02:31 . 2007-03-17 01:10 770048 ----a-w c:\windows\system32\BCMLogon.dll
    2009-04-14 02:31 . 2007-03-17 01:10 89088 ----a-w c:\windows\system32\ATL71.DLL
    2009-04-14 02:31 . 2007-03-17 01:10 499712 ----a-w c:\windows\system32\MSVCP71.DLL
    2009-04-14 02:31 . 2007-03-17 01:10 348160 ----a-w c:\windows\system32\MSVCR71.DLL
    2009-04-14 02:31 . 2007-03-17 01:10 1060864 ----a-w c:\windows\system32\MFC71.DLL
    2009-04-14 02:30 . 2006-11-21 11:25 45568 ----a-r c:\windows\system32\drivers\bcm4sbxp.sys
    2009-04-14 02:29 . 2009-04-14 17:03 -------- dc----w c:\windows\system32\DRVSTORE
    2009-04-14 02:29 . 2006-11-15 07:16 32256 ----a-w c:\windows\system32\drivers\rimmptsk.sys
    2009-04-14 02:21 . 2009-04-14 02:21 -------- d-----w c:\windows\system32\vmm32

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-04-15 07:35 . 2009-04-15 07:35 -------- d-----w c:\program files\Unlocker
    2009-04-15 06:58 . 2009-04-15 06:58 -------- d-----w c:\program files\Common Files\Macrovision Shared
    2009-04-15 06:53 . 2009-04-14 20:09 -------- d-----w c:\program files\Common Files\Adobe
    2009-04-15 03:07 . 2009-04-14 21:21 -------- d-----w c:\program files\McAfee
    2009-04-14 21:29 . 2009-04-14 21:29 -------- d-----w c:\program files\SiteAdvisor
    2009-04-14 21:22 . 2009-04-14 21:21 -------- d-----w c:\program files\Common Files\McAfee
    2009-04-14 21:21 . 2009-04-14 21:21 -------- d-----w c:\program files\McAfee.com
    2009-04-14 19:35 . 2009-04-14 19:35 -------- d-----w c:\program files\Trend Micro
    2009-04-14 17:46 . 2009-04-14 17:46 -------- d-----w c:\program files\K-Lite Codec Pack
    2009-04-14 17:44 . 2009-04-14 17:44 -------- d-----w c:\program files\CCleaner
    2009-04-14 17:18 . 2009-04-14 02:36 -------- d-----w c:\program files\ATI Technologies
    2009-04-14 17:03 . 2009-04-14 17:03 -------- d-----w c:\program files\Broadcom
    2009-04-14 17:01 . 2009-04-14 17:01 -------- d-----w c:\program files\Synaptics
    2009-04-14 16:59 . 2009-04-14 16:59 -------- d-----w c:\program files\AMD
    2009-04-14 16:55 . 2009-04-14 02:29 -------- d-----w c:\program files\DIFX
    2009-04-14 08:08 . 2009-04-14 08:07 -------- d-----w c:\program files\Google
    2009-04-14 07:39 . 2009-04-14 07:39 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009041420090415\index.dat
    2009-04-14 07:31 . 2009-04-14 01:38 77423 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
    2009-04-14 07:17 . 2004-08-04 10:00 250048 --sha-r C:\ntldr
    2009-04-14 06:25 . 2009-04-14 06:25 -------- d-----w c:\program files\Java
    2009-04-14 05:52 . 2009-04-14 05:52 -------- d-----w c:\program files\Hewlett-Packard
    2009-04-14 03:31 . 2009-04-14 03:31 -------- d-----w c:\program files\Common Files\L&H
    2009-04-14 03:27 . 2009-04-14 03:27 -------- d-----w c:\program files\Microsoft ActiveSync
    2009-04-14 03:26 . 2009-04-14 03:26 -------- d-----w c:\program files\Microsoft.NET
    2009-04-14 03:22 . 2009-04-14 03:22 -------- d-----w c:\program files\7-Zip
    2009-04-14 03:17 . 2009-04-14 03:17 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
    2009-04-14 02:41 . 2009-04-14 02:25 -------- d--h--w c:\program files\InstallShield Installation Information
    2009-04-14 02:40 . 2009-04-14 02:40 -------- d-----w c:\program files\CONEXANT
    2009-04-14 02:39 . 2009-04-14 02:39 -------- d-----w c:\program files\SigmaTel
    2009-04-14 02:31 . 2009-04-14 02:21 -------- d-----w c:\program files\Dell
    2009-04-14 02:31 . 2009-04-14 02:21 -------- d-----w c:\program files\Common Files\InstallShield
    2009-04-14 01:39 . 2009-04-14 01:39 -------- d-----w c:\program files\microsoft frontpage
    2009-04-14 01:35 . 2009-04-14 01:35 21640 ----a-w c:\windows\system32\emptyregdb.dat
    2009-03-25 18:06 . 2009-03-25 18:06 214024 ----a-w c:\windows\system32\drivers\mfehidk.sys
    2009-02-09 11:13 . 2004-08-04 10:00 1846784 ----a-w c:\windows\system32\win32k.sys
    .


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-14 39408]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-17 1392640]
    "HP KEYBOARDg"="c:\program files\Hewlett-Packard\HP Wireless Elite Desktop\HPKEYBOARDg.EXE" [2008-08-07 486672]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-14 148888]
    "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
    "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
    "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-03-26 645328]
    "McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-01-09 1176808]
    "McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2009-01-09 5134864]
    "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

    R0 TfFsMon;TfFsMon; [x]
    R0 TfSysMon;TfSysMon; [x]
    R3 pctplsg;pctplsg; [x]
    R3 TfNetMon;TfNetMon; [x]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-10-08 203280]

    .
    Contents of the 'Scheduled Tasks' folder

    2009-04-15 c:\windows\Tasks\McDefragTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-14 17]

    2009-04-14 c:\windows\Tasks\McQcTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-14 17]
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-<NO NAME> - (no file)


    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    FF - ProfilePath - c:\documents and settings\Mike\Application Data\Mozilla\Firefox\Profiles\wriqhq49.default\
    FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
    .

    **************************************************************************

    catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-04-15 01:08
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(804)
    c:\windows\system32\Ati2evxx.dll
    c:\windows\System32\BCMLogon.dll

    - - - - - - - > 'explorer.exe'(2876)
    c:\program files\McAfee\SiteAdvisor\saHook.dll
    .
    Completion time: 2009-04-15 1:11
    ComboFix-quarantined-files.txt 2009-04-15 08:11

    Pre-Run: 13,150,629,888 bytes free
    Post-Run: 13,187,944,448 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

    261 --- E O F --- 2009-04-14 07:44
     
  9. mike69

    mike69 Guest

    From looking at my mcafee, i can't explain what the users

    192.168.0.100 and 192.168.0.103

    are coming from.

    [​IMG][/url][/img]
     
  10. Sephiroth

    Sephiroth Guest

    Who ever gave you the insane advice of virus affecting your PC RAM is either an idiot or just messing with you. PC RAM functions as a temp. storage only (Processes load & unload in it as they are used & then unloaded), it is cleared before your comp shuts down.

    What are these programs, look suspicious:
    1. C:\WINDOWS\System32\bcmwltry.exe
    2. C:\WINDOWS\system32\WLTRAY.exe
    3. HPKEYBOARDg.EXE
    4. dds.scr
    Sometimes Virus take legit names like HPKEYBOARD.

    Why is this service running if you have an HP PC?
    Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    Also check this service mentioned in Pseudo HJT Report & stop it.
    mRun: [<NO NAME>]

    Following files look suspicious:
    2009-04-14 10:43 33,664 a------- c:\windows\system32\drivers\BCMWLNPF.SYS
    2009-04-14 10:43 2,129,920 a------- c:\windows\system32\WLBCGCBPRO731.DLL
    2009-04-14 10:43 1,253,376 a------- c:\windows\system32\BCMWLTRY.EXE
    2009-04-13 19:40 192,512 a------- c:\windows\system32\drivers\HSXHWAZL.sys

    You haven't done all the things suggested in earlier post : - nos. 1 & 2

    Since you are infected with one hell of a virus (W32/Virut.n.gen) which many others have said is incurable, we will go for one more try before it's time to format.

    Before we begin Backup all your documents and important items (personal data, work documents, etc) only. DO NOT backup any executable files (software's) and screen savers (*.scr). It attempts to infect any accessed .exe or .scr files by appending itself to the executable. Also, avoid backing up compressed files (zip/cab/rar) files that have .exe or .scr files inside them. Virut can penetrate and infect .exe files inside compressed files too. Do not back up to another machine, as it may become compromised. Burn to DVD/CD, or to an external drive which has nothing else on it, and which you can format should it happen to become infected from the backups.

    D/L Trojan Remover
    1. Boot into safe mode.
    2. Run -> msconfig -> deselect all other programs except anti virus.
    3. Disable system restore (right click on my comp. -> select properties -> system restore tab -> turn off on all drives)
    4. Run a full scan (all files selected).
    You can try this also:
    Code:
    http://www.avg.com/virus-removal.ndi-67762
    Still if virus is creeping up then only:
    5. If mcafee allows you to make a bootable AV cd then make one -> boot from it & then scan your pc.

    Last method:
    6. If possible get another machine on network with fully updated mcafee AV & share your entire drive with full permissions to it.
    7. Scan your PC thru that comp.

    If it still doesn't goes away then format your drive & rest you know, only this time install mcafee before surfing or installing anything.

    As for who are crystal-6XM6VSR, 192.168.0.101 & 192.168.0.103, please first check the mcafee report & log section. They will tell you who it is assigned to. If you are using wireless lan then is it encrypted? (are you sure somebody else is not stealing your signal).

    Good Luck!
     
  11. Sephiroth

    Sephiroth Guest

    Another thing, please report to the moderators about the user who posted that post & get it deleted.
     
  12. mike69

    mike69 Guest

    I got the file from this thread (sorry, don't understand what you mean by coded)

    Code:
    http://www.forumdivx.com/showthread.php?t=159446&highlight=spyware+doctor
    Also, well, I know what the machine TUYEN is , but not the 101 and 103. I tried using mcafee for more detail, but it doesn't really provide anything that tells you were it's linked to.

    I'm going to start backup my files on an external and format the hdd again.

    So, can you suggest how I can format and install it so that THIS TIME, this thing can't miraculously pop up on the newly installed machine again?

    Are you sure that virus's can't lie anywhere else in memory and only on your hdd? Before these results, I did a complete format and install again, and this happened after only installing windows xp, service packs, dell drivers (it's a dell laptop, not HP, HP is just for wireless keyboard and mouse) and office xp.
     
  13. shu9265w

    shu9265w Guest

    Before you delete everything, try running Malwarebytes,again, but this time set it to thorough.

    I have one a few weeks back was playing hell getting it out, did as I mentioned above, and got it all out.
     
  14. mike69

    mike69 Guest

    Code:
    http://www.geekpolice.net/virus-spyware-malware-removal-f11/virut-infection-will-not-leave-me-alone-after-reformating-and-reinstalling-t8382.htm
    
    http://www.geekpolice.net/virus-spyware-malware-removal-f11/reinstalling-spyware-doctor-bad-idea-trojan-madness-lurkin-t8317.htm

    Yeah, I tried running malware malbytes already, everytime I scan and do a reboot, it keeps on finding more every time.
     
  15. Sephiroth

    Sephiroth Guest

    Okay mike now if we are certain that this virus is not getting removed properly, as there is a bug in the virus itself (strange isn't it), back up you docs. mp3s, movies etc. to cds/dvds & not an external hdd as it can get infected. Do not backup any software, zip/rar files or screen savers. If you have any movies/mp3 zipped then extract them before backing up. When you are done backing up, boot your dell using with win xp disk & format c drive with nfts file system. if you have any partitions format them too. Then proceed with the installation of your os, drivers from a clean source (if you will use exe files from your infected PC, chance of virus coming back are strong) & mcafee anti virus. Then do other customizations of your PC. Use CCleaner & Tuneup Utilities as well to clean up your daily crap & left over registry entries. Use firefox for browsing with ad block plus add on. One last thing, before installing any new software (doesn't matter where you D/L from) check it with your AV first.

    By the way did you checked those files mentioned in the bold. Do they show any info about their version, company, etc. which program is running them? What was the result of safe mode scan by mcafee & the utility provided in the avg link?
     
  16. mike69

    mike69 Guest

    Which ones in bold are you referring to?

    Also, can virus's like these linger in the system memory or rootkit where even after deleting the old partition and installing the new os, it can still trace or track its way back to spawning on your machine?
     
  17. Sephiroth

    Sephiroth Guest

    Files mentioned in 1st page in reply@4.35 p.m. - WLTRAY.exe, BCMWLTRY.EXE, BCMWLNPF.SYS, WLBCGCBPRO731.DLL, HSXHWAZL.sys. No virus can survive if you format or delete your partition,
    unless you use any software that was there on the infected PC i.e. format all partitions, Don't use any previous backups of your softwares. Get a new copy (goes for everything like anti virus, drivers, acrobat, java runtime, codec packs, etc.)
     
  18. mike69

    mike69 Guest

    I just did a full scan (again) on the new pc and the external hard drive with norton antivirus.

    1) It didn't pick up anything the second time around. If it doesn't pick it up, can I assume there's no spawned virut lurking around anywhere and hence, I should be in good condition? I've kept it disconnected from the network this whole time. Would i have to wait for it to be reconnected to really know?

    2) Secondly, I found a problem. Before I formated my infected pc, I had deleted several files and folders that appeared that may had virut in it from my external, and deleted it under safe mode, however I forgot to empty the recycle bin.

    On this new pc that I plugged it in, although when viewing the antivirus scanner, it reads

    drive_letter:\Recycler\contents

    But even after enabling viewing hidden files and folders, I don't see the "recycler" folder on the external hard drive, and, I don't see it in the global recycling bin on the desktop. How do I access this path to delete those recycler contents to be safe?
     
  19. Sephiroth

    Sephiroth Guest

    1. See when you get online & if the virus doesn't comes back you are good to go.
    2. In order to see it you need to uncheck the Hide protected operating system files option.
    After that simply delete it.

    Did you backed up some softwares also on the external drive? if yes then why since viruses like to exe always. D/L a new copy rather than keeping an old one with a fear of that virus coming back.
     
  20. mike69

    mike69 Guest

    1) but if I go online, I'd have to open up an internet connection on that pc, and then by then, the hacker or some spawn of the program undetected by norton could establish a connection and then all hell breaks loose. I noticed this back when I had my infected laptop. My network connection icon would occasionally blink even though I wasn't surfing any web pages or downloading, it was sending and receiving something, some instructions or something. I don't want that to happen on this PC.

    Do you know how to read dds files and other logs to see if while in offline mode, you notice anything out of the ordinary?

    2) Oh i see, so it's the system files option. Once I do that, if I see the autorun.inf and the recycled folder. do I simply delete the entire thing? Will deleting those automatically recreate fresh copies the next time it plugs in? If I delete the recycled folder, where do things that end up getting deleted after that go to?
     

Share This Page