Intervalheheheh - Virus, Please Help

lucygotit

I have AVG free will that get rid of it??

lucygotit

Someone posted which has been deleted for me to try runnung spyware which I have but its still there and won't let me do anything in internet explorer.

Anyone help?? The pop up doesn't come up anymore though.

Browntoa

that "warning" message is the infection

download and run this

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

it looks complicated but there are "step by steps" and pictures all the way through the guide , takes about 5 minutes to do the set up and then about 20 minutes to run

lucygotit

Do i do this in safe mode or just normal

Browntoa

normal mode

if need be it will reboot the PC , do not touch the PC while it is running

lucygotit

Browntoa wrote: »

normal mode

if need be it will reboot the PC , do not touch the PC while it is running

Argh, no I still cant access Internet Explorer.

I have the log from it if that will help

Browntoa

yes, post the log for me

Browntoa

then try this

Please download Malwarebytes Anti-Malware and save it to your desktop.

• Make sure you are connected to the Internet.
• Double-click on mbam-setup.exe to install the application.
• When the installation begins, follow the prompts and do not make any changes to default settings.
• When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.
• MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
• On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
• If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
• The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
• Click OK to close the message box and continue with the removal process.
• Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
• Make sure that everything is checked, and click Remove Selected.
• When removal is completed, a log report will open in Notepad.
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

lucygotit

This is my log from combo fix


ComboFix 08-12-09.02 - ruth eyre 2008-12-10 10:54:28.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.185 [GMT 0:00]
Running from: c:\documents and settings\ruth eyre\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\ruth eyre\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\IE4 Error Log.txt

.
((((((((((((((((((((((((( Files Created from 2008-11-10 to 2008-12-10 )))))))))))))))))))))))))))))))
.

2008-12-10 00:55 . 2008-12-10 00:55 <DIR> d

---

c:\documents and settings\ruth eyre\Application Data\Malwarebytes
2008-12-10 00:55 . 2008-12-03 19:53 38,496 --a

---

c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-10 00:55 . 2008-12-03 19:53 15,504 --a

---

c:\windows\system32\drivers\mbam.sys
2008-12-10 00:54 . 2008-12-10 00:55 <DIR> d

---

c:\program files\Malwarebytes' Anti-Malware
2008-12-10 00:54 . 2008-12-10 00:55 <DIR> d

---

c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-09 22:52 . 2008-12-09 22:52 <DIR> d

---

c:\program files\EsetOnlineScanner
2008-12-09 22:46 . 2008-12-09 22:46 <DIR> d

---

C:\HostsXpert
2008-12-09 20:55 . 2008-12-09 20:55 <DIR> d

---

c:\documents and settings\Administrator\Application Data\AVG7
2008-12-09 19:54 . 2008-12-09 19:54 <DIR> d---s---- c:\documents and settings\Administrator\UserData
2008-12-09 19:52 . 2008-12-09 19:52 <DIR> d

---

c:\documents and settings\Administrator\Application Data\Viewpoint
2008-12-09 19:52 . 2008-12-09 19:52 <DIR> d

---

c:\documents and settings\Administrator\Application Data\AOL
2008-12-09 19:51 . 2008-12-09 19:51 <DIR> d

---

c:\documents and settings\Administrator
2008-12-09 01:16 . 2008-12-09 01:16 <DIR> d

---

c:\documents and settings\ruth eyre\.housecall6.6
2008-12-08 22:15 . 2008-12-08 22:15 <DIR> d--hs---- C:\FOUND.001
2008-11-18 18:35 . 2008-12-10 09:50 54,156 --ah

---

c:\windows\QTFont.qfn
2008-11-18 18:35 . 2008-11-18 18:35 1,409 --a

---

c:\windows\QTFont.for
2008-11-14 20:46 . 2008-11-14 20:46 <DIR> d

---

c:\documents and settings\rebecca eyre\Application Data\Apple Computer
2008-11-14 19:54 . 2008-11-14 19:54 185 --a

---

c:\windows\wininit.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-30 17:31

---

d

---

w c:\documents and settings\rebecca eyre\Application Data\Viewpoint
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:10 453,632

---

w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-16 14:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 14:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 14:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 14:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 14:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 14:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-15 17:57 332,800 ----a-w c:\windows\system32\dllcache\netapi32.dll
2008-09-30 16:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 12:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-15 12:57 1,846,016 ----a-w c:\windows\system32\dllcache\win32k.sys
2006-10-10 23:14 164 ---ha-w c:\documents and settings\All Users\hpothb07.dat
2006-10-10 23:14 162 ---ha-w c:\documents and settings\ruth eyre\hpothb07.dat
2006-07-03 23:51 90 ----a-w c:\documents and settings\ruth eyre\test.dat
2005-12-27 22:32 185 ---ha-w c:\documents and settings\All Users\Application Data\hpothb07.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-03 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"epm-dm"="c:\acer\epm\epm-dm.exe" [2004-07-14 151552]
"BigD!!!03"="c:\windows\VM303_STI.EXE" [2005-10-25 61440]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-10-17 590848]
"HostManager"="c:\program files\Common Files\AOL\1204639167\ee\AOLSoftware.exe" [2006-11-17 50736]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2007-11-20 219136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak software updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 16423]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 28672]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 147456]
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-11-01 1044480]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-09-03 176128]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.JPEG"= JPEGCODE.DLL
"VIDC.MJPG"= JPEGCODE.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"c:\\Program Files\\AOL 9.0 VR\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\1204639167\\EE\\aolsoftware.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 SMBHC;Microsoft SM Bus Host Controller Driver;c:\windows\system32\DRIVERS\SMBHC.sys [2004-08-30 6784]
R2 EpmPsd;Acer EPM Power Scheme Driver;\??\c:\windows\system32\drivers\epm-psd.sys [2005-03-30 4096]
R2 EpmShd;Acer EPM System Hardware Driver;\??\c:\windows\system32\drivers\epm-shd.sys [2005-03-30 78208]
R2 osaio;osaio;c:\windows\system32\drivers\osaio.sys [2004-06-01 10594]
R2 osanbm;osanbm;c:\windows\system32\drivers\osanbm.sys [2004-06-01 4054]
R3 IPN2220;acer IPN2220 Wireless LAN Card Driver;c:\windows\system32\DRIVERS\i2220ntx.sys [1980-01-01 140288]
R3 SMBBATT;Microsoft Smart Battery Driver;c:\windows\system32\DRIVERS\SMBBATT.sys [2004-08-30 16128]
S3 DMSKSSRh;DMSKSSRh;\??\c:\docume~1\RUTHEY~1\LOCALS~1\Temp\DMSKSSRh.sys []

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-12-10 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\MESSAGES\SDNotify.exe [2007-09-26 09:53]
.
- - - - ORPHANS REMOVED - - - -

Notify-SDNotify - (no file)


.

---

Supplementary Scan

---

.
uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.msn.com
uInternet Connection Wizard,ShellNext = hxxp://amch.questionmarket.com/adscgen/invite.php?survey_num=201335&site=10&code=202554&pic=gif&creativename=AOL-200x200-1l-eng-nul&secs_up=60
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: &Search
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.18\AMVConverter\grab.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

O16 -: Yahoo! Chat - hxxp://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
c:\windows\Downloaded Program Files\Yahoo! Chat.osd

c:\windows\Downloaded Program Files\MJPEGRender.ocx - O16 -: !!96816368-C1E3-414D-A193-63C3CC921990}
hxxp://gretnaweddings-anvilhall.remotemanager.co.uk/common/activex/MJPEGRender.ocx
FireFox -: Profile - c:\documents and settings\ruth eyre\Application Data\Mozilla\Firefox\Profiles\9pe3cmnz.default\
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Java\jre1.5.0_05\bin\NPJava11.dll
FF -: plugin - c:\program files\Java\jre1.5.0_05\bin\NPJava12.dll
FF -: plugin - c:\program files\Java\jre1.5.0_05\bin\NPJava13.dll
FF -: plugin - c:\program files\Java\jre1.5.0_05\bin\NPJava14.dll
FF -: plugin - c:\program files\Java\jre1.5.0_05\bin\NPJava32.dll
FF -: plugin - c:\program files\Java\jre1.5.0_05\bin\NPJPI150_05.dll
FF -: plugin - c:\program files\Java\jre1.5.0_05\bin\NPOJI610.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-10 10:58:11
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigD!!!03 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@??????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-12-10 11:00:27
ComboFix-quarantined-files.txt 2008-12-10 11:00:26

Pre-Run: 9,591,521,280 bytes free
Post-Run: 10,993,057,792 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect

190 --- E O F --- 2008-11-12 11:31:24

Browntoa

this is for resetting Internet Explorer 6

http://www.malwarehelp.org/how-to-reset-internet-explorer-6-to.html