1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Virus...Infected files

Discussion in 'Virus & Other Malware Removal' started by MJT27, May 1, 2010.

Thread Status:
Not open for further replies.
  1. MJT27

    MJT27 Thread Starter

    Joined:
    Feb 1, 2004
    Messages:
    159
    My pc was running sluggish so I ran some scans and the results
    are posted below.....I was wondering do I need to do more then
    just quarantine these files.....I ran a Panda scan it found nothing
    Malwarebytes' / SUPERAntiSpyware / Hijack logs are below


    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 05/01/2010 at 12:18 PM

    Application Version : 4.36.1006

    Core Rules Database Version : 4858
    Trace Rules Database Version: 2611

    Scan type : Complete Scan
    Total Scan Time : 02:48:28

    Memory items scanned : 403
    Memory threats detected : 0
    Registry items scanned : 6754
    Registry threats detected : 0
    File items scanned : 43669
    File threats detected : 6

    Trojan.Agent/Gen-Krpytik
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{40683665-3CC0-4D55-BCAA-B969DEA12777}\RP11\A0002551.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{40683665-3CC0-4D55-BCAA-B969DEA12777}\RP11\A0002552.DLL

    Rogue.Agent/Gen-Nullo[DLL]
    C:\WINDOWS\RASCNTRL.DLL
    C:\WINDOWS\SYSTEM32\MSDRVE.DLL
    C:\WINDOWS\SYSTEM32\SVCPRMPT.DLL
    C:\WINDOWS\VMOPTVER.DLL






    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4052

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 6.0.2900.5512

    4/30/2010 8:47:06 PM
    mbam-log-2010-04-30 (20-47-06).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 220740
    Time elapsed: 4 hour(s), 1 minute(s), 7 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\System Volume Information\_restore{40683665-3CC0-4D55-BCAA-B969DEA12777}\RP11\A0000863.exe (Malware.pacler) -> Quarantined and deleted successfully.




    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:22:39 PM, on 5/1/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\AVG\AVG9\avgemc.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Windows Live\Messenger\wlcsdk.exe
    C:\Documents and Settings\PAS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Program Files\FlashGet Network\FlashGet 3\FlashGetBHO3.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
    O8 - Extra context menu item: Download All By FlashGet3 - C:\Documents and Settings\PAS\Application Data\FlashGetBHO\GetAllUrl.htm
    O8 - Extra context menu item: Download By FlashGet3 - C:\Documents and Settings\PAS\Application Data\FlashGetBHO\GetUrl.htm
    O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Royal Vegas Online Casino - AA7576EA-5103-4E14-AD16-4DBBDF29F809 - C:\Microgaming\Casino\RoyalVegas\Casinogame.exe (HKCU)
    O15 - Trusted Zone: http://software.kuaiche.com
    O15 - Trusted Zone: "*.microsoft.com"
    O15 - Trusted Zone: http://windowsupdate.microsoft*.com
    O15 - Trusted Zone: http://v5.windowsupdate.micros*oft.com
    O15 - Trusted Zone: http://*.windowsupdate.com
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

    --
    End of file - 5451 bytes
     
  2. MJT27

    MJT27 Thread Starter

    Joined:
    Feb 1, 2004
    Messages:
    159
    Im not sure if this has anything to do with these infections...got 2 blue screen errors today
    gathered this info from event viewer and help and support error logs


    5/1/2010 7:34:29 PM System Error Error (102) 1003 N/A PAS Error code 000000f4, parameter1 00000003, parameter2 ffb2d218, parameter3 ffb2d38c, parameter4 805fb146.

    Error code 000000f4, parameter1 00000003, parameter2 ffb2d218, parameter3 ffb2d38c, parameter4 805fb146.

    Details
    Product: Windows Operating System
    ID: 1003
    Source: System Error
    Version: 5.2
    Symbolic Name: ER_KRNLCRASH_LOG
    Message: Error code %1, parameter1 %2, parameter2 %3, parameter3 %4, parameter4 %5.

    Explanation
    A blue screen (Stop error) was reported. The message contains details about the error. A matching event with Event ID 1001 might also appear in the event log. This matching event displays information about the specific error that occurred.

    5/1/2010 7:29:01 PM Save Dump Information None 1001 N/A PAS The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x00000003, 0xffb2d218, 0xffb2d38c, 0x805fb146). A dump was saved in: C:\WINDOWS\MEMORY.DMP.


    #######################################################################

    5/1/2010 2:42:54 PM System Error Error (102) 1003 N/A PAS Error code 00000050, parameter1 fb281018, parameter2 00000000, parameter3 f33d8cf8, parameter4 00000000.
    Error code 00000050, parameter1 fb281018, parameter2 00000000, parameter3 f33d8cf8, parameter4 00000000.

    Details
    Product: Windows Operating System
    ID: 1003
    Source: System Error
    Version: 5.2
    Symbolic Name: ER_KRNLCRASH_LOG
    Message: Error code %1, parameter1 %2, parameter2 %3, parameter3 %4, parameter4 %5.

    Explanation
    A blue screen (Stop error) was reported. The message contains details about the error. A matching event with Event ID 1001 might also appear in the event log. This matching event displays information about the specific error that occurred.


    The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfb281018, 0x00000000, 0xf33d8cf8, 0x00000000). A dump was saved in: C:\WINDOWS\MEMORY.DMP.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/920460

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice