Virus Malware Problem Sends emails itself

View previous topic View next topic Go down

Virus Malware Problem Sends emails itself

Post by outlawz28 on 28th July 2009, 12:16 am

I have a problem with my brothers computer as the computer will send contacts emails itself and is running very slow. Here is the hijack this log

Thank you

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:14:59 PM, on 7/27/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\winnt_\winntR2.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\winnt_\winnt4.exe
C:\winnt_\winnt6.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iISystem Wiper\SystemWiper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Downloads\winlogon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UIUCU] C:\DOCUME~1\Sunny\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [winntR1] C:\winnt_\winntR1.exe
O4 - HKLM\..\Run: [winntR2] C:\winnt_\winntR2.exe
O4 - HKLM\..\Run: [winnt2] C:\winnt_\winnt2.exe
O4 - HKLM\..\Run: [winnt3] C:\winnt_\winnt3.exe
O4 - HKLM\..\Run: [winnt4] C:\winnt_\winnt4.exe
O4 - HKLM\..\Run: [winnt5] C:\winnt_\winnt5.exe
O4 - HKLM\..\Run: [winnt6] C:\winnt_\winnt6.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [iIWiper] C:\Program Files\iISystem Wiper\SystemWiper.exe m
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [VoipStunt] "C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; B4F-3.9.0.0-; .NET CLR 1.1.4322; .NET CLR 2.0.50727)" -"http://www.miniclip.com/games/extreme-trial/en/"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - [You must be registered and logged in to see this link.] Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - [You must be registered and logged in to see this link.] Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - [You must be registered and logged in to see this link.] Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - [You must be registered and logged in to see this link.]
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} (AstoundLauncher Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} (Windows Live SkyDrive Upload Tool) - [You must be registered and logged in to see this link.]
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Lan-Secure Security Center (SecurityCenterSrv) - Unknown owner - C:\Program Files\Security Center\SecurityCenterSrv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O24 - Desktop Component 0: (no name) - [You must be registered and logged in to see this link.]

--
End of file - 10183 bytes

outlawz28
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2008-11-19
OS OS : Windows Vista Home Premium
Points Points : 29719
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus Malware Problem Sends emails itself

Post by Belahzur on 28th July 2009, 5:24 pm


  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus Malware Problem Sends emails itself

Post by outlawz28 on 29th July 2009, 12:54 am

Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
Adobe Shockwave Player 11
Aimersoft DVD Ripper(Build 2.0.1.12)
AirPlus XtremeG
ANIO Service
ANIWZCS2 Service
Apple Mobile Device Support
Apple Software Update
Athlon 64 Processor Driver
Audio Converter
AVG Free 8.5
AviSynth 2.5
BitComet 0.94
Blaze Media Pro
Blaze Media Pro
Broadcom 440x 10/100 Integrated Controller
Broadcom Management Programs
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon MP160
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
Daniusoft Video to iPod Converter(Build 2.0.2.7)
DivX Codec
DivX Player
Free iPod Video Converter 1.34
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
iISystem Wiper 2.4.1
ImTOO iPod Movie Converter
iPod Copy Expert 3.1.2
iTunes
Java(TM) 6 Update 3
LimeWire 5.2.8
Magic ISO Maker v5.4 (build 0251)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft English TTS Engine
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Streets & Trips 2007
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Norton Security Scan
NTI CD & DVD-Maker 7 Platinum Trial
NVIDIA Drivers
OpenMG Limited Patch 4.4-06-13-19-01
OpenMG Secure Module 4.4.00
Pop-Up Stopper Free Edition
PowerISO
QuickTime
Roxio DLA
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile Composite Device Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio
Samsung PC Studio 2.0 PIM & File Manager
Samsung PC Studio 3 USB Driver Installer
Security Center Lite 1.3.2
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB973346)
SigmaTel Audio
Sonic Update Manager
SonicStage 3.4
Switch Sound File Converter
TTS Wrapper
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Videora iPod Converter 4.05
Videora iPod touch Converter 4.05
Winamp
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver

outlawz28
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2008-11-19
OS OS : Windows Vista Home Premium
Points Points : 29719
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus Malware Problem Sends emails itself

Post by Belahzur on 29th July 2009, 3:59 pm

Hello.

I see that you are running BitComet.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    BitComet 0.94
    Java(TM) 6 Update 3
    LimeWire 5.2.8

Next,

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O4 - HKLM\..\Run: [winntR1] C:\winnt_\winntR1.exe
    O4 - HKLM\..\Run: [winntR2] C:\winnt_\winntR2.exe
    O4 - HKLM\..\Run: [winnt2] C:\winnt_\winnt2.exe
    O4 - HKLM\..\Run: [winnt3] C:\winnt_\winnt3.exe
    O4 - HKLM\..\Run: [winnt4] C:\winnt_\winnt4.exe
    O4 - HKLM\..\Run: [winnt5] C:\winnt_\winnt5.exe
    O4 - HKLM\..\Run: [winnt6] C:\winnt_\winnt6.exe


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus Malware Problem Sends emails itself

Post by outlawz28 on 1st August 2009, 7:04 am

Malwarebytes' Anti-Malware 1.39
Database version: 2539
Windows 5.1.2600 Service Pack 2

8/1/2009 12:03:54 AM
mbam-log-2009-08-01 (00-03-54).txt

Scan type: Quick Scan
Objects scanned: 90319
Time elapsed: 6 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 3
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bd4f7a6d-0107-4bdf-b72b-021b717b06ce} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\c:\WINDOWS\system32\memman.vxd (Rogue.sysCleanerPro) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Broken.SecurityProviders) -> Bad: (msapsspc.dll schannel.dll digest.dll msnsspc.dll) Good: (msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Sunny\Application Data\FunWebProducts (Adware.MyWay) -> Quarantined and deleted successfully.
c:\documents and settings\Sunny\application data\funwebproducts\Data (Adware.MyWay) -> Quarantined and deleted successfully.
c:\documents and settings\Sunny\application data\funwebproducts\Data\Sunny (Adware.MyWay) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\system32\memman.vxd (Rogue.sysCleanerPro) -> Quarantined and deleted successfully.
c:\winnt_\winntR2.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\winnt_\winnt6.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Downloads\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

outlawz28
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2008-11-19
OS OS : Windows Vista Home Premium
Points Points : 29719
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus Malware Problem Sends emails itself

Post by Origin on 1st August 2009, 6:11 pm

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31523
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus Malware Problem Sends emails itself

Post by outlawz28 on 1st August 2009, 7:18 pm

ComboFix 09-07-31.04 - Sunny 08/01/2009 12:04.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.958.481 [GMT -7:00]
Running from: c:\documents and settings\Sunny\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\66235a4.msp
c:\windows\Installer\66235b8.msp
c:\windows\Installer\66235cd.msp
c:\windows\system32\skinboxer43.dll

.
((((((((((((((((((((((((( Files Created from 2009-07-01 to 2009-08-01 )))))))))))))))))))))))))))))))
.

2009-08-01 06:52 . 2009-07-13 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-01 06:52 . 2009-08-01 06:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-01 06:52 . 2009-07-13 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-30 18:27 . 2009-07-30 18:27 -------- d-----w- c:\documents and settings\Sunny\Application Data\AVS4YOU
2009-07-30 18:27 . 2009-07-30 18:27 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2009-07-30 18:26 . 2009-07-30 18:27 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-07-30 18:26 . 2008-08-13 18:22 974848 ----a-w- c:\windows\system32\mfc70.dll
2009-07-30 18:26 . 2009-07-30 18:27 -------- d-----w- c:\program files\AVS4YOU
2009-07-30 18:26 . 2008-08-13 18:22 487424 ----a-w- c:\windows\system32\msvcp70.dll
2009-07-28 00:12 . 2009-08-01 06:49 -------- d--h--w- C:\$AVG8.VAULT$
2009-07-27 23:19 . 2009-07-27 23:19 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-27 23:19 . 2009-07-27 23:19 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-07-27 23:19 . 2009-07-27 23:19 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-27 23:19 . 2009-07-27 23:19 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-27 23:18 . 2009-08-01 15:36 -------- d-----w- c:\windows\system32\drivers\Avg
2009-07-27 23:18 . 2009-07-27 23:18 -------- d-----w- c:\program files\AVG
2009-07-27 23:18 . 2009-07-27 23:18 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-07-27 23:13 . 2009-07-27 23:13 -------- d-----w- c:\documents and settings\Sunny\Application Data\AVG8
2009-07-26 21:27 . 2004-08-04 06:08 31744 -c--a-w- c:\windows\system32\dllcache\wceusbsh.sys
2009-07-26 21:27 . 2004-08-04 06:08 31744 ----a-w- c:\windows\system32\drivers\wceusbsh.sys
2009-07-26 03:41 . 2009-07-31 14:31 -------- d--h--w- C:\winnt_
2009-07-18 01:02 . 2009-07-18 01:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-07-18 01:02 . 2009-07-18 01:02 -------- d-----w- c:\windows\system32\drivers\NSS
2009-07-18 01:02 . 2009-07-18 01:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-07-18 01:02 . 2009-07-18 01:02 -------- d-----w- c:\program files\NortonInstaller
2009-07-18 01:02 . 2009-07-18 01:02 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-01 07:06 . 2008-10-25 20:39 -------- d-----w- c:\program files\Audio Converter
2009-07-28 13:21 . 2007-10-28 04:04 -------- d-----w- c:\program files\LimeWire
2009-07-27 23:13 . 2008-11-20 04:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-07-27 01:00 . 2007-11-02 22:04 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-26 22:09 . 2007-10-28 04:07 -------- d-----w- c:\documents and settings\Sunny\Application Data\LimeWire
2009-07-26 21:44 . 2008-07-24 03:53 -------- d-----w- c:\program files\Incomplete
2009-07-18 01:02 . 2007-10-28 05:50 -------- d-----w- c:\program files\Norton Security Scan
2009-06-29 16:12 . 2006-03-04 03:33 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-04 10:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-08-04 10:00 17408 ------w- c:\windows\system32\corpol.dll
2009-06-16 14:55 . 2004-08-04 10:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2004-08-04 10:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:27 . 2004-08-04 10:00 1290752 ----a-w- c:\windows\system32\quartz.dll
2009-06-03 04:10 . 2007-10-28 03:42 -------- d-----w- c:\program files\DivX
2009-06-02 23:45 . 2009-06-02 20:56 -------- d-----w- c:\program files\Skype
2009-06-02 23:45 . 2009-06-02 20:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-06-02 21:02 . 2007-10-28 05:23 -------- d-----w- c:\program files\Google
2009-06-02 20:58 . 2009-06-02 20:58 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-06-02 20:58 . 2009-06-02 20:58 -------- d-----w- c:\documents and settings\Sunny\Application Data\skypePM
2009-06-02 20:35 . 2009-06-02 20:35 -------- d-----w- c:\documents and settings\Sunny\Application Data\VoipStunt
2009-05-13 01:56 . 2007-10-28 03:11 22288 ----a-w- c:\documents and settings\Sunny\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-07 15:44 . 2004-08-04 10:00 344064 ----a-w- c:\windows\system32\localspl.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"iIWiper"="c:\program files\iISystem Wiper\SystemWiper.exe" [2005-09-11 258048]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"BitComet"="c:\program files\BitComet\BitComet.exe" [2007-10-08 6338872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-23 7630848]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-23 86016]
"D-Link AirPlus XtremeG"="c:\program files\D-Link\AirPlus XtremeG\AirPlusCFG.exe" [2005-03-28 1011712]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-17 49152]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-28 81920]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-27 1948440]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-07-27 282624]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-08-23 1617920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2004-08-04 53760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-27 23:19 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22644:TCP"= 22644:TCP:BitComet 22644 TCP
"22644:UDP"= 22644:UDP:BitComet 22644 UDP

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/27/2009 4:19 PM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/27/2009 4:19 PM 108552]
R1 Ndisprot;RawPacket NDIS Protocol Driver;c:\windows\system32\drivers\Ndisprot.sys [11/2/2007 3:17 PM 22016]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/27/2009 4:18 PM 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/27/2009 4:18 PM 298776]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [3/12/2004 8:38 PM 450400]
S2 SecurityCenterSrv;Lan-Secure Security Center;c:\program files\Security Center\SecurityCenterSrv.exe [11/2/2007 3:17 PM 425984]
.
Contents of the 'Scheduled Tasks' folder

2009-07-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-08-01 c:\windows\Tasks\Norton Security Scan for Sunny.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-07-18 01:02]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
HKCU-Run-AdobeUpdater - c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
HKCU-Run-VoipStunt - c:\program files\VoipStunt.com\VoipStunt\VoipStunt.exe
HKCU-RunOnce-Shockwave Updater - c:\windows\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; B4F-3.9.0.0-;
HKLM-RunOnce- - (no file)


.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: kwantlen.ca\www
DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} - [You must be registered and logged in to see this link.]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-08-01 12:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-08-01 12:09
ComboFix-quarantined-files.txt 2009-08-01 19:08

Pre-Run: 104,600,244,224 bytes free
Post-Run: 104,659,730,432 bytes free

169 --- E O F --- 2009-07-29 10:01

outlawz28
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2008-11-19
OS OS : Windows Vista Home Premium
Points Points : 29719
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus Malware Problem Sends emails itself

Post by Origin on 2nd August 2009, 5:50 pm

Now open a new notepad file.
Input this into the notepad file:

Folder::
C:\winnt_
c:\program files\LimeWire
c:\documents and settings\Sunny\Application Data\LimeWire

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitComet"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\LimeWire\\LimeWire.exe"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22644:TCP"=-
"22644:UDP"=-


Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31523
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus Malware Problem Sends emails itself

Post by outlawz28 on 4th August 2009, 3:55 am

ComboFix 09-07-31.04 - Sunny 08/03/2009 20:44.3.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.958.573 [GMT -7:00]
Running from: c:\documents and settings\Sunny\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Sunny\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Sunny\Application Data\LimeWire
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\nssutil3.dll
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\platform.ini
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\plc4.dll
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\plds4.dll
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\README.txt
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\res\arrow.gif
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\res\arrowd.gif
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\res\broken-image.gif
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\res\charsetalias.properties
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\res\charsetData.properties
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\res\contenteditable.css
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\res\designmode.css
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\res\EditorOverride.css
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\res\forms.css
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\res\grabber.gif
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\res\html.css
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\res\html\folder.png
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\res\langGroups.properties
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\res\language.properties
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\res\loading-image.gif
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\res\mathml.css
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\res\quirk.css
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\res\svg.css
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after.gif
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before.gif
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after.gif
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before.gif
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\res\table-remove-column.gif
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\res\table-remove-row.gif
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\res\ua.css
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\res\viewsource.css
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\res\wincharset.properties
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\smime3.dll
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\softokn3.chk
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\softokn3.dll
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\sqlite3.dll
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\ssl3.dll
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\updater.exe
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\version.properties
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\xpcom.dll
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\xpidl.exe
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\xul.dll
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
c:\documents and settings\Sunny\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
c:\documents and settings\Sunny\Application Data\LimeWire\certificate\limewire.keystore
c:\documents and settings\Sunny\Application Data\LimeWire\createtimes.cache
c:\documents and settings\Sunny\Application Data\LimeWire\downloads.dat
c:\documents and settings\Sunny\Application Data\LimeWire\fileurns.cache
c:\documents and settings\Sunny\Application Data\LimeWire\filters.props
c:\documents and settings\Sunny\Application Data\LimeWire\gnutella.net
c:\documents and settings\Sunny\Application Data\LimeWire\installation.props
c:\documents and settings\Sunny\Application Data\LimeWire\library.dat
c:\documents and settings\Sunny\Application Data\LimeWire\library5.dat
c:\documents and settings\Sunny\Application Data\LimeWire\limewire.props
c:\documents and settings\Sunny\Application Data\LimeWire\lock
c:\documents and settings\Sunny\Application Data\LimeWire\mojito.props
c:\documents and settings\Sunny\Application Data\LimeWire\mozilla-profile\.autoreg
c:\documents and settings\Sunny\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_001_
c:\documents and settings\Sunny\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_002_
c:\documents and settings\Sunny\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_003_
c:\documents and settings\Sunny\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
c:\documents and settings\Sunny\Application Data\LimeWire\mozilla-profile\Cache\51CFDFBBd01
c:\documents and settings\Sunny\Application Data\LimeWire\mozilla-profile\Cache\621685CBd01
c:\documents and settings\Sunny\Application Data\LimeWire\mozilla-profile\Cache\7BD6A121d01
c:\documents and settings\Sunny\Application Data\LimeWire\mozilla-profile\Cache\98E79480d01
c:\documents and settings\Sunny\Application Data\LimeWire\mozilla-profile\Cache\AE98BDFAd01
c:\documents and settings\Sunny\Application Data\LimeWire\mozilla-profile\Cache\BAFF9A8Fd01
c:\documents and settings\Sunny\Application Data\LimeWire\mozilla-profile\cert8.db
c:\documents and settings\Sunny\Application Data\LimeWire\mozilla-profile\compreg.dat
c:\documents and settings\Sunny\Application Data\LimeWire\mozilla-profile\cookies.sqlite
c:\documents and settings\Sunny\Application Data\LimeWire\mozilla-profile\downloads.sqlite
c:\documents and settings\Sunny\Application Data\LimeWire\mozilla-profile\extensions.cache
c:\documents and settings\Sunny\Application Data\LimeWire\mozilla-profile\extensions.ini
c:\documents and settings\Sunny\Application Data\LimeWire\mozilla-profile\history.dat
c:\documents and settings\Sunny\Application Data\LimeWire\mozilla-profile\key3.db
c:\documents and settings\Sunny\Application Data\LimeWire\mozilla-profile\permissions.sqlite
c:\documents and settings\Sunny\Application Data\LimeWire\mozilla-profile\places.sqlite-journal
c:\documents and settings\Sunny\Application Data\LimeWire\mozilla-profile\places.sqlite
c:\documents and settings\Sunny\Application Data\LimeWire\mozilla-profile\pluginreg.dat
c:\documents and settings\Sunny\Application Data\LimeWire\mozilla-profile\prefs.js
c:\documents and settings\Sunny\Application Data\LimeWire\mozilla-profile\secmod.db
c:\documents and settings\Sunny\Application Data\LimeWire\mozilla-profile\XPC.mfl
c:\documents and settings\Sunny\Application Data\LimeWire\mozilla-profile\xpti.dat
c:\documents and settings\Sunny\Application Data\LimeWire\player.props
c:\documents and settings\Sunny\Application Data\LimeWire\promotion\promodb.backup
c:\documents and settings\Sunny\Application Data\LimeWire\promotion\promodb.data
c:\documents and settings\Sunny\Application Data\LimeWire\promotion\promodb.properties
c:\documents and settings\Sunny\Application Data\LimeWire\promotion\promodb.script
c:\documents and settings\Sunny\Application Data\LimeWire\questions.props
c:\documents and settings\Sunny\Application Data\LimeWire\responses.cache
c:\documents and settings\Sunny\Application Data\LimeWire\simpp.xml
c:\documents and settings\Sunny\Application Data\LimeWire\spam.dat

outlawz28
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2008-11-19
OS OS : Windows Vista Home Premium
Points Points : 29719
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus Malware Problem Sends emails itself

Post by outlawz28 on 4th August 2009, 3:55 am

c:\documents and settings\Sunny\Application Data\LimeWire\tables.props
c:\documents and settings\Sunny\Application Data\LimeWire\themes\limewirePro_theme.lwtp
c:\documents and settings\Sunny\Application Data\LimeWire\themes\limewirePro_theme\01_star.gif
c:\documents and settings\Sunny\Application Data\LimeWire\themes\limewirePro_theme\02_star.gif
c:\documents and settings\Sunny\Application Data\LimeWire\themes\limewirePro_theme\03_star.gif
c:\documents and settings\Sunny\Application Data\LimeWire\themes\limewirePro_theme\04_star.gif
c:\documents and settings\Sunny\Application Data\LimeWire\themes\limewirePro_theme\05_star.gif
c:\documents and settings\Sunny\Application Data\LimeWire\themes\limewirePro_theme\chat.gif
c:\documents and settings\Sunny\Application Data\LimeWire\themes\limewirePro_theme\dir_closed.gif
c:\documents and settings\Sunny\Application Data\LimeWire\themes\limewirePro_theme\dir_open.gif
c:\documents and settings\Sunny\Application Data\LimeWire\themes\limewirePro_theme\forward_dn.gif
c:\documents and settings\Sunny\Application Data\LimeWire\themes\limewirePro_theme\forward_up.gif
c:\documents and settings\Sunny\Application Data\LimeWire\themes\limewirePro_theme\kill.gif
c:\documents and settings\Sunny\Application Data\LimeWire\themes\limewirePro_theme\kill_on.gif
c:\documents and settings\Sunny\Application Data\LimeWire\themes\limewirePro_theme\lime.gif
c:\documents and settings\Sunny\Application Data\LimeWire\themes\limewirePro_theme\logo.gif
c:\documents and settings\Sunny\Application Data\LimeWire\themes\limewirePro_theme\notsearching.gif
c:\documents and settings\Sunny\Application Data\LimeWire\themes\limewirePro_theme\pause_dn.gif
c:\documents and settings\Sunny\Application Data\LimeWire\themes\limewirePro_theme\pause_up.gif
c:\documents and settings\Sunny\Application Data\LimeWire\themes\limewirePro_theme\play_dn.gif
c:\documents and settings\Sunny\Application Data\LimeWire\themes\limewirePro_theme\play_up.gif
c:\documents and settings\Sunny\Application Data\LimeWire\themes\limewirePro_theme\question.gif
c:\documents and settings\Sunny\Application Data\LimeWire\themes\limewirePro_theme\rewind_dn.gif
c:\documents and settings\Sunny\Application Data\LimeWire\themes\limewirePro_theme\rewind_up.gif
c:\documents and settings\Sunny\Application Data\LimeWire\themes\limewirePro_theme\searching.gif
c:\documents and settings\Sunny\Application Data\LimeWire\themes\limewirePro_theme\splash.png
c:\documents and settings\Sunny\Application Data\LimeWire\themes\limewirePro_theme\splashpro.png
c:\documents and settings\Sunny\Application Data\LimeWire\themes\limewirePro_theme\stop_dn.gif
c:\documents and settings\Sunny\Application Data\LimeWire\themes\limewirePro_theme\stop_up.gif
c:\documents and settings\Sunny\Application Data\LimeWire\themes\limewirePro_theme\theme.txt
c:\documents and settings\Sunny\Application Data\LimeWire\themes\limewirePro_theme\version.txt
c:\documents and settings\Sunny\Application Data\LimeWire\themes\limewirePro_theme\warning.gif
c:\documents and settings\Sunny\Application Data\LimeWire\ttdata.cache
c:\documents and settings\Sunny\Application Data\LimeWire\ttree.cache
c:\documents and settings\Sunny\Application Data\LimeWire\ttroot.cache
c:\documents and settings\Sunny\Application Data\LimeWire\version.xml
c:\documents and settings\Sunny\Application Data\LimeWire\versions.props
c:\documents and settings\Sunny\Application Data\LimeWire\xml\data\audio.sxml3
c:\documents and settings\Sunny\Application Data\LimeWire\xml\data\delete_me
c:\documents and settings\Sunny\Application Data\LimeWire\xml\data\video.sxml3
c:\documents and settings\Sunny\Application Data\LimeWire\xml\misc\application.gif
c:\documents and settings\Sunny\Application Data\LimeWire\xml\misc\audio.gif
c:\documents and settings\Sunny\Application Data\LimeWire\xml\misc\document.gif
c:\documents and settings\Sunny\Application Data\LimeWire\xml\misc\image.gif
c:\documents and settings\Sunny\Application Data\LimeWire\xml\misc\video.gif
c:\documents and settings\Sunny\Application Data\LimeWire\xml\schemas\application.xsd
c:\documents and settings\Sunny\Application Data\LimeWire\xml\schemas\audio.xsd
c:\documents and settings\Sunny\Application Data\LimeWire\xml\schemas\document.xsd
c:\documents and settings\Sunny\Application Data\LimeWire\xml\schemas\image.xsd
c:\documents and settings\Sunny\Application Data\LimeWire\xml\schemas\video.xsd
c:\program files\LimeWire
c:\program files\LimeWire\.NetworkShare\LimeWireWin5.2.8.exe
c:\program files\LimeWire\01-Lil Wayne-Pick And Roll Ft. Juelz Santana-MF.mp3
c:\program files\LimeWire\01-Lil Wayne-The American Dream Ft. Mike Tyson (Worldwide Exclusive)-MF.mp3
c:\program files\LimeWire\02 - Fired Up 2 - Rapture (Dance Mix) Iio.mp3
c:\program files\LimeWire\02 Ya Boy - We Run LA.mp3
c:\program files\LimeWire\03 Gucci Mane-Im The Shit.mp3
c:\program files\LimeWire\03 Lil Wayne-Im A Go Getta.mp3
c:\program files\LimeWire\04 Katy Perry - Thinking Of You.mp3
c:\program files\LimeWire\07 - Britney Spears - Circus - Unusual You.mp3
c:\program files\LimeWire\07 Miss You.m4a
c:\program files\LimeWire\10 Ludacris - Birthday Sex (Remix) (Feat. Fabolous, Jerimah, BXC).mp3
c:\program files\LimeWire\12 Enrique Iglesias - Don't You Forget About Me.mp3
c:\program files\LimeWire\15 Britney Spears - Phonography [Bonus Track].mp3
c:\program files\LimeWire\16-Lil Wayne-That Was Easy.mp3
c:\program files\LimeWire\17 Enrique Iglesias - Not In Love Ft Kelis [Armand Van Helden Club Mix].mp3
c:\program files\LimeWire\3OH!3 - Don't Trust Me.mp3
c:\program files\LimeWire\50 Cent - In Da Club.mp3
c:\program files\LimeWire\A.R. Rahman (feat Nicole Scherzinger) - Jai Ho (You Are My Destiny).mp3
c:\program files\LimeWire\Akon- Troublemaker.mp3
c:\program files\LimeWire\Akon - Beautiful.mp3
c:\program files\LimeWire\Akon ft Sweet Rush - Troublemaker.mp3
c:\program files\LimeWire\Aqua - Barbie Girl.mp3
c:\program files\LimeWire\Backstreet Boys - Dont Want You Back.mp3
c:\program files\LimeWire\Backstreet Boys - Everybody (Backstreets Back).mp3
c:\program files\LimeWire\Backstreet Boys - Get Down.mp3
c:\program files\LimeWire\Backstreet Boys - Hey Mr DJ.mp3
c:\program files\LimeWire\Backstreet Boys - The Call.mp3
c:\program files\LimeWire\Backstreet Boys The Answer to Our Life.mp3
c:\program files\LimeWire\Bass Hunter vs 50 Cent - In The Club [BassHunter Remix].mp3
c:\program files\LimeWire\BassHunter - Festfolk.mp3
c:\program files\LimeWire\Basshunter & Alina-When You Leave (Numa Numa Radio Mix).mp3
c:\program files\LimeWire\Belly ft. Kurupt - I'm The Man(1).mp3
c:\program files\LimeWire\Benassi Bros - Hit My Heart 2008 (Hollywood Remix).mp3
c:\program files\LimeWire\Benny Benassi - Turn me up.mp3
c:\program files\LimeWire\Benny Benassi - What A Feeling (remix)(1).mp3
c:\program files\LimeWire\Benny Benassi - Who's your Daddy.mp3
c:\program files\LimeWire\Benny Benassi - Whose your daddy.mp3
c:\program files\LimeWire\Benny Bennasi - Hit My Heart (DJ Solovey Electro Remix 2009) ([You must be registered and logged in to see this link.]
c:\program files\LimeWire\Beyonce - I Am Sasha Fierce - 13 -Sweet Dreams.mp3
c:\program files\LimeWire\Beyonce - Single Ladies (Put a Ring on it).mp3
c:\program files\LimeWire\Bhangra-RDB- Gora Gora Rang.mp3
c:\program files\LimeWire\Bhinda Aujla - Yaar Glassy(1).mp3
c:\program files\LimeWire\Bhinda Aujla - Yaar Glassy.mp3
c:\program files\LimeWire\Black Eyed Peas - Boom Boom Pow (2009).mp3
c:\program files\LimeWire\bobby blue bland - ain't no love in the heart of city.mp3
c:\program files\LimeWire\Boys Like Girls - On Top of the World.mp3
c:\program files\LimeWire\Brandy - Right Here (Departed).mp3
c:\program files\LimeWire\Britney Spears - Breathe On Me.mp3
c:\program files\LimeWire\Britney Spears - Circus - 12 - My Baby.mp3
c:\program files\LimeWire\Britney Spears - Mmm Papi.mp3
c:\program files\LimeWire\Britney Spears - Over Protected.mp3
c:\program files\LimeWire\Britney Spears - Unusual You.MP3
c:\program files\LimeWire\Britney Spears, Christina Aguilera, Jessica Simpson, Mandy Moore, Westlife, Five, Backstreet Boys, TLC, and More - All The New Songs In The Megamix.mp3
c:\program files\LimeWire\Brittney Spears - Stronger.mp3
c:\program files\LimeWire\Buy LimeWire PRO.url
c:\program files\LimeWire\CELINE DEON - My Heart Will Go On (Titanic Theme).mp3
c:\program files\LimeWire\Celine Dion - Titanic - My Heart Will Go On (piano instrumental) karaoke - basi musicali.mp3
c:\program files\LimeWire\Chamillionaire - riden' Dirty.mp3
c:\program files\LimeWire\christina millan & punjabi - shabby - dip it low hit squad remix.mp3
c:\program files\LimeWire\Circus Britney Spears - Mannequin (Full Version).mp3
c:\program files\LimeWire\COPYING

outlawz28
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2008-11-19
OS OS : Windows Vista Home Premium
Points Points : 29719
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus Malware Problem Sends emails itself

Post by outlawz28 on 4th August 2009, 3:55 am

c:\program files\LimeWire\Daddy Yankee - Pose.MP3
c:\program files\LimeWire\Danny Fernandes - Fantasy.mp3
c:\program files\LimeWire\data.ser
c:\program files\LimeWire\Diana Ross & The Supremes - Love Don't Come Easy.mp3
c:\program files\LimeWire\DJ Class Ft[1]. Kanye West - Im The Shit (Remix).mp3
c:\program files\LimeWire\DJ DHT - My Heart Will Go On (Techno Remix).mp3
c:\program files\LimeWire\DJ khaled- Go Hard ft. Kanye West and T-Pain.mp3
c:\program files\LimeWire\Dr. Dre - Chronic 2001 - 20 - Ackrite - Copy.mp3
c:\program files\LimeWire\Easy E - Eazy does it.mp3
c:\program files\LimeWire\Eazy-E - Real Muthaphuckin' G's (Dr. Dre Diss).mp3
c:\program files\LimeWire\Eminem Feat Dr. Dre & 50 Cent - Crack A Bottle.mp3
c:\program files\LimeWire\Enrique Iglesias feat. Kelis - I'm Not In Love.mp3
c:\program files\LimeWire\Flo Rida - Right Round.mp3
c:\program files\LimeWire\Flo Rida ft. Wynter- Sugar.mp3
c:\program files\LimeWire\frankie - f*** you right back ( girl version to eamon's f*** it )(explicit).mp3
c:\program files\LimeWire\funny vid for en karma fans.mov
c:\program files\LimeWire\I Knew I Loved You Before I Met You Savage Garden.mp3
c:\program files\LimeWire\Ice Cube - Lethal Injection - 04 - You Know How We Do It.mp3
c:\program files\LimeWire\Ice Cube - Why We Thugs .mp3
c:\program files\LimeWire\Ice Cube ft. West Side Connections - Gangster Nation.mp3
c:\program files\LimeWire\Iio - At The End.mp3
c:\program files\LimeWire\iio - Give it Up.mp3
c:\program files\LimeWire\Iio - Kiss You (DJ Fernando mix).mp3
c:\program files\LimeWire\Iio - Kiss You.mp3
c:\program files\LimeWire\Iio - Nadia ali Iio - Hangin On.mp3
c:\program files\LimeWire\inspection.props
c:\program files\LimeWire\install.log
c:\program files\LimeWire\instramentals Birdman And Lil Wayne - Leather So Soft .mp3
c:\program files\LimeWire\IPod Movies - American Pie - Beta House.mp4
c:\program files\LimeWire\Jamie Foxx - Blame It (On The Alcohol) ft. T-Pain.mp3
c:\program files\LimeWire\Jason Mraz - I'm Yours.mp3
c:\program files\LimeWire\Jay Z - Aint No Love(American Gangster).mp3
c:\program files\LimeWire\Jazzy B- Romeo.mp3
c:\program files\LimeWire\Jazzy B - Romeo - 10 - Soorma.mp3
c:\program files\LimeWire\Jazzy B. - Romeo - 02 - Yaari.mp3
c:\program files\LimeWire\Jeremih-Birthday Sex.mp3
c:\program files\LimeWire\JEREMIH_BIRTHDAY SEX_ OFFICIAL REMIX - LIL WAYNE, POTENCY THE KING OF RAP.mp3
c:\program files\LimeWire\Juelz Santana Ft Lil Wayne Feat Starr - RockStar ([You must be registered and logged in to see this link.]
c:\program files\LimeWire\Kanye West - Golddigger Ft. Jamie Foxxx.mp3
c:\program files\LimeWire\Kanye West - Love Lockdown.mp3
c:\program files\LimeWire\Kanye West ft Young Jeezy - Amazing.mp3
c:\program files\LimeWire\Kanye West ft. Lil Wayne - Barry Bonds.mp3
c:\program files\LimeWire\Kanye West ft. Lil Wayne - Lolipop (Remix).mp3
c:\program files\LimeWire\Kanye West ft. T-Pain - Heartless.mp3
c:\program files\LimeWire\Kardinal Offishall Ft. Keri Hilson - Numba 1 (Tide Is High)(1).mp3
c:\program files\LimeWire\Kevin Rudolf ft. Rick Ross - Welcome to the World.mp3
c:\program files\LimeWire\KID CUDI - DAY 'N NIGHT (CROOKERS REMIX).mp3
c:\program files\LimeWire\Kid Cudi ft. Jim Jones- Day and Night Remix.mp3
c:\program files\LimeWire\Lady Gaga - Just Dance(Ft Akon).mp3
c:\program files\LimeWire\Lady Gaga - Poker Face.mp3
c:\program files\LimeWire\language.prop
c:\program files\LimeWire\lib\activation-1.1.jar
c:\program files\LimeWire\lib\additional_resources.jar
c:\program files\LimeWire\lib\aopalliance.jar
c:\program files\LimeWire\lib\AppFramework.jar
c:\program files\LimeWire\lib\base64-2.2.2.jar
c:\program files\LimeWire\lib\boost_date_time-vc90-mt-1_39.dll
c:\program files\LimeWire\lib\boost_filesystem-vc90-mt-1_39.dll
c:\program files\LimeWire\lib\boost_system-vc90-mt-1_39.dll
c:\program files\LimeWire\lib\boost_thread-vc90-mt-1_39.dll
c:\program files\LimeWire\lib\clink.jar
c:\program files\LimeWire\lib\commons-codec-1.3.jar
c:\program files\LimeWire\lib\commons-httpclient.jar
c:\program files\LimeWire\lib\commons-lang-2.2.jar
c:\program files\LimeWire\lib\commons-logging.jar
c:\program files\LimeWire\lib\commons-math-1.2.jar
c:\program files\LimeWire\lib\commons-net.jar
c:\program files\LimeWire\lib\commons-pool.jar
c:\program files\LimeWire\lib\daap.jar
c:\program files\LimeWire\lib\dnsjava-2.0.6.jar
c:\program files\LimeWire\lib\EventBus-1.2b.jar
c:\program files\LimeWire\lib\fb-java-api-2.1.1.jar
c:\program files\LimeWire\lib\fb-java-api-schema-2.1.1.jar
c:\program files\LimeWire\lib\foxtrot.jar
c:\program files\LimeWire\lib\gettext-commons.jar
c:\program files\LimeWire\lib\glazedlists-snapshot20090628_java15.jar
c:\program files\LimeWire\lib\google-collect-1.0-rc2.jar
c:\program files\LimeWire\lib\guice-2.0-snapshot-20090610.jar
c:\program files\LimeWire\lib\guice-assistedinject-snapshot20090512.jar
c:\program files\LimeWire\lib\hashes
c:\program files\LimeWire\lib\hsqldb-1.8.0.10.jar
c:\program files\LimeWire\lib\httpclient-4.0-beta2.jar
c:\program files\LimeWire\lib\httpcore-4.0.jar
c:\program files\LimeWire\lib\httpcore-nio-4.0.jar
c:\program files\LimeWire\lib\httpcore-nio.jar
c:\program files\LimeWire\lib\httpcore.jar
c:\program files\LimeWire\lib\icu4j.jar
c:\program files\LimeWire\lib\id3v2.jar
c:\program files\LimeWire\lib\iTunes-0.0.1.jar
c:\program files\LimeWire\lib\jacob-1.14.3-x64.dll
c:\program files\LimeWire\lib\jacob-1.14.3-x86.dll
c:\program files\LimeWire\lib\jacob-1.14.3.jar
c:\program files\LimeWire\lib\jaudiotagger.jar
c:\program files\LimeWire\lib\jaxb-api-2.1.jar
c:\program files\LimeWire\lib\jaxb-impl-2.1.9.jar
c:\program files\LimeWire\lib\jcip-annotations.jar
c:\program files\LimeWire\lib\jcraft.jar
c:\program files\LimeWire\lib\jdic.dll
c:\program files\LimeWire\lib\jdic.jar
c:\program files\LimeWire\lib\jdic_stub.jar
c:\program files\LimeWire\lib\jflac.jar
c:\program files\LimeWire\lib\jl.jar
c:\program files\LimeWire\lib\jl011.jar
c:\program files\LimeWire\lib\jmdns.jar
c:\program files\LimeWire\lib\jna-3.1.0.jar
c:\program files\LimeWire\lib\jogg.jar
c:\program files\LimeWire\lib\jorbis.jar
c:\program files\LimeWire\lib\json-20070829.jar
c:\program files\LimeWire\lib\jxlayer-4.0.jar
c:\program files\LimeWire\lib\libeay32.dll
c:\program files\LimeWire\lib\LimeWire.ico
c:\program files\LimeWire\lib\LimeWire.jar
c:\program files\LimeWire\lib\log4j.jar
c:\program files\LimeWire\lib\log4j.properties
c:\program files\LimeWire\lib\looks.jar
c:\program files\LimeWire\lib\messages.jar
c:\program files\LimeWire\lib\MessagesBundles.jar
c:\program files\LimeWire\lib\Microsoft.VC90.CRT.manifest
c:\program files\LimeWire\lib\miglayout-3.7-swing.jar
c:\program files\LimeWire\lib\mime-util.jar
c:\program files\LimeWire\lib\mozdom4java.jar
c:\program files\LimeWire\lib\MozillaGlue-1.9.jar
c:\program files\LimeWire\lib\MozillaInterfaces-1.9.jar
c:\program files\LimeWire\lib\mozswing.jar
c:\program files\LimeWire\lib\mp3sp14.jar
c:\program files\LimeWire\lib\mp3spi.jar
c:\program files\LimeWire\lib\msvcm90.dll
c:\program files\LimeWire\lib\msvcp90.dll
c:\program files\LimeWire\lib\msvcr90.dll
c:\program files\LimeWire\lib\onion-common.jar
c:\program files\LimeWire\lib\onion-fec.jar
c:\program files\LimeWire\lib\ProgressTabs.jar
c:\program files\LimeWire\lib\runtime-0.4.1.3.jar
c:\program files\LimeWire\lib\smack.jar
c:\program files\LimeWire\lib\smackx-debug.jar
c:\program files\LimeWire\lib\smackx.jar
c:\program files\LimeWire\lib\ssleay32.dll
c:\program files\LimeWire\lib\stax-api-1.0-2.jar
c:\program files\LimeWire\lib\swing-worker-1.2.jar
c:\program files\LimeWire\lib\swingx-1.0.jar
c:\program files\LimeWire\lib\SystemUtilities.dll
c:\program files\LimeWire\lib\SystemUtilitiesA.dll
c:\program files\LimeWire\lib\themes.jar
c:\program files\LimeWire\lib\torrent-wrapper.dll
c:\program files\LimeWire\lib\torrent.dll
c:\program files\LimeWire\lib\tray.dll
c:\program files\LimeWire\lib\tritonus.jar
c:\program files\LimeWire\lib\vorbis.jar
c:\program files\LimeWire\lib\vorbisspi.jar
c:\program files\LimeWire\Life House - Love Of A Life Time.mp3
c:\program files\LimeWire\Lifehouse - First Time.mp3
c:\program files\LimeWire\Lifehouse - Hanging by the moment .MP3
c:\program files\LimeWire\Lifehouse - Whatever It Takes.mp3
c:\program files\LimeWire\Lights - Drive My Soul.mp3
c:\program files\LimeWire\Lil' Wayne Ft. Ace Da Kidd - Lolipop Remix .mp3
c:\program files\LimeWire\Lil Wayne- Never Get It.mp3
c:\program files\LimeWire\Lil Wayne - Always Strapped .mp3

outlawz28
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2008-11-19
OS OS : Windows Vista Home Premium
Points Points : 29719
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus Malware Problem Sends emails itself

Post by outlawz28 on 4th August 2009, 3:56 am

c:\program files\LimeWire\Lil Wayne - Da Drought 3 - Sky's The Limit.mp3
c:\program files\LimeWire\Lil Wayne - Fix My Hat _Full_5STARHIPHOP.COM(1).mp3
c:\program files\LimeWire\Lil Wayne - Forever.mp3
c:\program files\LimeWire\Lil Wayne - I Feel Like Dying.mp3
c:\program files\LimeWire\Lil Wayne - Prom Queen(1).mp3
c:\program files\LimeWire\Lil Wayne - Prom Queen.mp3
c:\program files\LimeWire\Lil Wayne - Pussy, Money, Weed.mp3
c:\program files\LimeWire\Lil Wayne - The Carter 3 - im reloaded gun off safety (new).mp3
c:\program files\LimeWire\Lil Wayne Feat. T-Pain - Lolipop (Remix).mp3
c:\program files\LimeWire\Lil Wayne Ft Keri Hilson - Turnin Me On.mp4
c:\program files\LimeWire\Lil Wayne Ft. Gorilla Zoe - Lollipop Remix.mp3
c:\program files\LimeWire\Lil_Wayne_f_Mack_Maine_Baseball_Sex_Hip_Hop_Songs_20090712_Lil_Wayne_Baseball_Sex_Feat_Mack_Maine_HHDX.mp3.mp3
c:\program files\LimeWire\LilWayne- Fireman.mp3
c:\program files\LimeWire\LimeWire On Startup.lnk
c:\program files\LimeWire\LimeWire.exe
c:\program files\LimeWire\LimeWire.ico
c:\program files\LimeWire\Lindsey Lohan - Confessions Of A Broken Heart.mp3
c:\program files\LimeWire\Lindsey Lohan - Over.mp3
c:\program files\LimeWire\Lindsey lohan & Ludachris -rumors (remix).mp3
c:\program files\LimeWire\Lolipop Remix Nikki Minaj.mp3
c:\program files\LimeWire\love story - nadia ali - best track ever.mp3
c:\program files\LimeWire\love story - nadia ali [new album].au
c:\program files\LimeWire\Ludacris - Birthday Sex (Remix) (Feat. Fabolous, Jerimah, BXC).mp3
c:\program files\LimeWire\Ludacris Ft. Chris Brown, Sean Garrett- I Know What Them Girls Like.mp3
c:\program files\LimeWire\ludacris_ft._t-pain_-_one_more_drink-rgf.mp3
c:\program files\LimeWire\Mariah Carey - Sweet Fantasy.mp3
c:\program files\LimeWire\Mark Morrison - Return Of The Mack.mp3
c:\program files\LimeWire\Mark Morrison - Return of The Mack (full version).mp3
c:\program files\LimeWire\Maroon 5- Nothing lasts Forever.mp3
c:\program files\LimeWire\Maroon 5 - 02 - This Love.mp3
c:\program files\LimeWire\Maroon 5 - Makes Me Wonder.mp3
c:\program files\LimeWire\Maroon 5 - Secret.mp3
c:\program files\LimeWire\Maroon 5 - She Will Be Loved.mp3
c:\program files\LimeWire\Maroon 5 - won't go home without you.mp3
c:\program files\LimeWire\Maroon 5 ft. Rihanna - If I Ever See Your Face Again.mp3
c:\program files\LimeWire\Metro Station - Shake it.mp3
c:\program files\LimeWire\MIA - Come Around (Featuring Timbaland).mp3
c:\program files\LimeWire\MIA - Paper Planes.mp3
c:\program files\LimeWire\Miley Cyrus - 7 Things.mp3
c:\program files\LimeWire\Miley Cyrus - I Miss You (Long).mp3
c:\program files\LimeWire\My Heart Will Go On (Club Remix).mp3
c:\program files\LimeWire\Nadia Ali - Love Story (Remix).mp3
c:\program files\LimeWire\Nadia Ali - Nameless.mp3
c:\program files\LimeWire\Ne-Yo - Sexy Love.mp3
c:\program files\LimeWire\Nelly ft. Akon - Body On Me.mp3
c:\program files\LimeWire\NeYo - Closer.mp3
c:\program files\LimeWire\Nivea ft. Jagged Edge - Dont Mess With My Man.mp3
c:\program files\LimeWire\Outcast-HeyYa.mp3
c:\program files\LimeWire\Paula Deanda- When It Was Me.mp3
c:\program files\LimeWire\Pink - So What.mp3
c:\program files\LimeWire\Pink - Sober.mp3
c:\program files\LimeWire\Pitbull Ft. Lil Jon - Krazy.mp3
c:\program files\LimeWire\Pitbull Sean Paul Lil Jon - Culo Remix.mp3
c:\program files\LimeWire\Pittbull - Culo.mp3
c:\program files\LimeWire\pmf.ico
c:\program files\LimeWire\Prison.Break.S04E14.HDTV.XviD-LOL.avi
c:\program files\LimeWire\Pussy Cat Dolls - I Dont Need A Man.mp3
c:\program files\LimeWire\Pussycat Dolls - Jai Ho.mp3
c:\program files\LimeWire\Qwote ft Lil Wayne - Call Me.mp3
c:\program files\LimeWire\Ray L feat[1]. Akon - Pop That Heat [prod. by Konvictmuzik].mp3
c:\program files\LimeWire\Ray Lavender - Doing Doing.mp3
c:\program files\LimeWire\RDB - Soniye Ni Soniye.mp3
c:\program files\LimeWire\Reggae - Remixes - (Beyonce, Punjabi) Me, myself and I.mp3
c:\program files\LimeWire\Requiem for a Dream (Orchestral Version) Lord of the Rings - The Two Towers Trailer Soundtrack 128kbps Clint Mansell.mp3
c:\program files\LimeWire\Requiem For A Dream Soundtrack - Lux Aeterna.mp3
c:\program files\LimeWire\Rihanna Ft Lady Gaga- Silly Boy.mp3
c:\program files\LimeWire\Rihanna Ft. Justin Timberlake - Rehab.mp3
c:\program files\LimeWire\Rocky Soundtrack - Gonna Fly Now (Theme Song).mp3
c:\program files\LimeWire\Rocky Soundtrack - The Final Countdown.mp3
c:\program files\LimeWire\rocky theme - best track ever.mp3
c:\program files\LimeWire\root\magnet10\badge.img
c:\program files\LimeWire\root\magnet10\canHandle.img
c:\program files\LimeWire\root\magnet10\limewire.gif
c:\program files\LimeWire\root\magnet10\options.js
c:\program files\LimeWire\root\magnet10\silentdetect.js
c:\program files\LimeWire\Savage Garden - Truly Madly Deeply.mp3
c:\program files\LimeWire\Sean Kingston - Fire Burning.mp3
c:\program files\LimeWire\Sean Paul - Get Busy.mp3
c:\program files\LimeWire\Sean Paul - Gimme The Light.mp3
c:\program files\LimeWire\Sean Paul - Like Glue.mp3
c:\program files\LimeWire\Sean Paul - We Will Be Burning (Bubble Up Riddim).mp3
c:\program files\LimeWire\Shakira Vs The Bee Gees & Britney Spears - Whenever Wherever (I'm A Slave For Stayin' Alive Remix).mp3
c:\program files\LimeWire\Soulja Boy---Kiss Me Thru The Phone .mp3
c:\program files\LimeWire\SOURCE
c:\program files\LimeWire\South Side Baby Ft Lil Wayne (GOOD).mp3
c:\program files\LimeWire\spacer.gif
c:\program files\LimeWire\Survivor - Eye Of The Tiger.mp3
c:\program files\LimeWire\Swing Kids - Shout and Feel It.mp3
c:\program files\LimeWire\T-Pain--My Girl Gotta Girlfriend (Produced by Akon).mp3
c:\program files\LimeWire\T-Pain Ft. Lil Wayne - Cant Belive It.mp3
c:\program files\LimeWire\T Pain - I'm Sprung.mp3
c:\program files\LimeWire\T.I - Get That Money (Do it to it) - HotNewHipHop.com.mp3
c:\program files\LimeWire\T.I ft. Wyclef Jean - You Know What It Is.mp3
c:\program files\LimeWire\T.I. - Propane ft. T-Pain.mp3
c:\program files\LimeWire\T.I. - I Am (T.I. vs. Tip) - Right Now.mp3
c:\program files\LimeWire\T.I. ft. Ludacris - On Top Of The World.mp3
c:\program files\LimeWire\Taylor Swift - Love Story.mp3
c:\program files\LimeWire\Techno- (Dance - Club Mix) The Final Countdown (2000 Remix) - Europe(1).mp3
c:\program files\LimeWire\Techno - Cascada - Everytime we Touch (Club Mix).mp3
c:\program files\LimeWire\Techno - DJ Paul Oakenfold van dyk fergie max moby 2001 best coolest amazing trippy chill house jazz classical new age electronica jarre world top one groove radio digitally im.mp3
c:\program files\LimeWire\The Game - Hard Knock Life (Prod. Dr. Dre).mp3
c:\program files\LimeWire\The Game - LAX - 13 - Touchdown (Featuring Raheem Devaughn).mp3
c:\program files\LimeWire\The Game Ft 50 Cent - This Is How We Do.mp3
c:\program files\LimeWire\The_Way_I_Are_Punjabi_Remix_-_Dj_Intense.mp3
c:\program files\LimeWire\Theory of a dead man - Santa Monica.mp3
c:\program files\LimeWire\Theory of a Deadman - All or Nothing.mp3
c:\program files\LimeWire\Three 6 Mafia - Lollipop ft. T-Pain.mp3
c:\program files\LimeWire\TI - WHATEVER YOU LIKE (DIRTY).mp3
c:\program files\LimeWire\TI_-_No_Matter_What_(Dirty).mp3
c:\program files\LimeWire\Tila Tequila - Knock U Out.mp3
c:\program files\LimeWire\uninstall.exe
c:\program files\LimeWire\unpack.log
c:\program files\LimeWire\wolf pack theme song original studio version.mp3
c:\program files\LimeWire\xml.war
c:\program files\LimeWire\Young Jeezy - The Reccession - Amazing.mp3
c:\program files\LimeWire\Young Jeezy Ft. Nas - My President Is Black.mp3
c:\program files\LimeWire\youtube - t.i.- whatever you like spoof! (obama- whatever i like).mp3
C:\winnt_
c:\winnt_\id

.
((((((((((((((((((((((((( Files Created from 2009-07-04 to 2009-08-04 )))))))))))))))))))))))))))))))
.

outlawz28
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2008-11-19
OS OS : Windows Vista Home Premium
Points Points : 29719
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus Malware Problem Sends emails itself

Post by outlawz28 on 4th August 2009, 3:56 am

2009-08-01 06:52 . 2009-07-13 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-01 06:52 . 2009-08-01 06:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-01 06:52 . 2009-07-13 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-30 18:27 . 2009-07-30 18:27 -------- d-----w- c:\documents and settings\Sunny\Application Data\AVS4YOU
2009-07-30 18:27 . 2009-07-30 18:27 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2009-07-30 18:26 . 2009-07-30 18:27 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-07-30 18:26 . 2008-08-13 18:22 974848 ----a-w- c:\windows\system32\mfc70.dll
2009-07-30 18:26 . 2009-07-30 18:27 -------- d-----w- c:\program files\AVS4YOU
2009-07-30 18:26 . 2008-08-13 18:22 487424 ----a-w- c:\windows\system32\msvcp70.dll
2009-07-28 00:12 . 2009-08-03 12:14 -------- d--h--w- C:\$AVG8.VAULT$
2009-07-27 23:19 . 2009-07-27 23:19 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-27 23:19 . 2009-07-27 23:19 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-07-27 23:19 . 2009-07-27 23:19 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-27 23:19 . 2009-07-27 23:19 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-27 23:18 . 2009-08-03 16:55 -------- d-----w- c:\windows\system32\drivers\Avg
2009-07-27 23:18 . 2009-07-27 23:18 -------- d-----w- c:\program files\AVG
2009-07-27 23:18 . 2009-07-27 23:18 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-07-27 23:13 . 2009-07-27 23:13 -------- d-----w- c:\documents and settings\Sunny\Application Data\AVG8
2009-07-26 21:27 . 2004-08-04 06:08 31744 -c--a-w- c:\windows\system32\dllcache\wceusbsh.sys
2009-07-26 21:27 . 2004-08-04 06:08 31744 ----a-w- c:\windows\system32\drivers\wceusbsh.sys
2009-07-18 01:02 . 2009-07-18 01:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-07-18 01:02 . 2009-07-18 01:02 -------- d-----w- c:\windows\system32\drivers\NSS
2009-07-18 01:02 . 2009-07-18 01:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-07-18 01:02 . 2009-07-18 01:02 -------- d-----w- c:\program files\NortonInstaller
2009-07-18 01:02 . 2009-07-18 01:02 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-03 01:00 . 2007-11-02 22:04 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-01 07:06 . 2008-10-25 20:39 -------- d-----w- c:\program files\Audio Converter
2009-07-27 23:13 . 2008-11-20 04:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-07-26 21:44 . 2008-07-24 03:53 -------- d-----w- c:\program files\Incomplete
2009-07-18 01:02 . 2007-10-28 05:50 -------- d-----w- c:\program files\Norton Security Scan
2009-06-29 16:12 . 2006-03-04 03:33 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-04 10:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-08-04 10:00 17408 ------w- c:\windows\system32\corpol.dll
2009-06-16 14:55 . 2004-08-04 10:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2004-08-04 10:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:27 . 2004-08-04 10:00 1290752 ----a-w- c:\windows\system32\quartz.dll
2009-06-02 20:58 . 2009-06-02 20:58 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-05-13 01:56 . 2007-10-28 03:11 22288 ----a-w- c:\documents and settings\Sunny\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-07 15:44 . 2004-08-04 10:00 344064 ----a-w- c:\windows\system32\localspl.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"iIWiper"="c:\program files\iISystem Wiper\SystemWiper.exe" [2005-09-11 258048]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-23 7630848]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-23 86016]
"D-Link AirPlus XtremeG"="c:\program files\D-Link\AirPlus XtremeG\AirPlusCFG.exe" [2005-03-28 1011712]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-17 49152]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-28 81920]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-27 1948440]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-07-27 282624]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-08-23 1617920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2004-08-04 53760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-27 23:19 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/27/2009 4:19 PM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/27/2009 4:19 PM 108552]
R1 Ndisprot;RawPacket NDIS Protocol Driver;c:\windows\system32\drivers\Ndisprot.sys [11/2/2007 3:17 PM 22016]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/27/2009 4:18 PM 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/27/2009 4:18 PM 298776]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [3/12/2004 8:38 PM 450400]
S2 SecurityCenterSrv;Lan-Secure Security Center;c:\program files\Security Center\SecurityCenterSrv.exe [11/2/2007 3:17 PM 425984]
.
Contents of the 'Scheduled Tasks' folder

2009-08-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-08-03 c:\windows\Tasks\Norton Security Scan for Sunny.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-07-18 01:02]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: kwantlen.ca\www
DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} - [You must be registered and logged in to see this link.]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-08-03 20:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-08-04 20:51
ComboFix-quarantined-files.txt 2009-08-04 03:50
ComboFix2.txt 2009-08-01 19:09

Pre-Run: 104,513,544,192 bytes free
Post-Run: 104,469,032,960 bytes free

656 --- E O F --- 2009-07-29 10:01

outlawz28
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2008-11-19
OS OS : Windows Vista Home Premium
Points Points : 29719
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus Malware Problem Sends emails itself

Post by Belahzur on 4th August 2009, 6:33 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum