virus in my computer

View previous topic View next topic Go down

virus in my computer

Post by hackme_2009 on 25th September 2009, 6:54 am

my computer acts very weird this days. running very slow and i think im infected with a virus.
This is my hjt log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:29:19 AM, on 9/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21073)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Documents and Settings\Administrator\My Documents\New Folder\rapiddownload.exe
C:\Program Files\Breakpoint Computers\WinTimer\WinTimer.exe
F:\Encarta\Microsoft Student with Encarta Premium 2009 DVD\EDICT.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\Programs\Tools\smash.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKCU\..\Run: [WinTimer] "C:\Program Files\Breakpoint Computers\WinTimer\WinTimer.exe"
O4 - HKCU\..\Run: [\\PC1\EPSON Stylus CX3700 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACP.EXE /P32 "\\PC1\EPSON Stylus CX3700 Series" /O6 "USB001" /M "Stylus CX3700"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [L09AXLRD_10001890] "E:\encarta\Microsoft Student with Encarta Premium 2009 DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [L09AXLRD_13216453] "F:\Encarta\Microsoft Student with Encarta Premium 2009 DVD\EDICT.EXE" -m
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Styler.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O13 - Gopher Prefix:
O20 - Winlogon Notify: b0a5b531670 - C:\WINDOWS\System32\dnsrslvr32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6481 bytes
any help would be appreciated!!

hackme_2009
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-09-23
OS OS : xp sp3
Points Points : 26359
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus in my computer

Post by Belahzur on 25th September 2009, 9:21 am

Hello.

  • Open HijackThis.
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
    O20 - Winlogon Notify: b0a5b531670 - C:\WINDOWS\System32\dnsrslvr32.dll


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: virus in my computer

Post by hackme_2009 on 25th September 2009, 3:04 pm

here is mbam log before disinfection
Malwarebytes' Anti-Malware 1.41
Database version: 2858
Windows 5.1.2600 Service Pack 3

9/25/2009 9:17:55 AM
mbam-log-2009-09-25 (09-17-50).txt

Scan type: Quick Scan
Objects scanned: 90520
Time elapsed: 7 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 1
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\dnsrslvr32.dll (Trojan.Tracur) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\b0a5b531670 (Trojan.Tracur) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\poprock (Trojan.Downloader) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
C:\WINDOWS\system32\LocalService (Worm.Archive) -> No action taken.

Files Infected:
C:\WINDOWS\system32\dnsrslvr32.dll (Trojan.Tracur) -> No action taken.
C:\WINDOWS\system32\LocalService\225.tmp (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\LocalService\254.tmp (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\GroupPolicy000.dat (Malware.Trace) -> No action taken.

and here's the log after disinfection

Malwarebytes' Anti-Malware 1.41
Database version: 2858
Windows 5.1.2600 Service Pack 3

9/25/2009 9:31:46 AM
mbam-log-2009-09-25 (09-31-46).txt

Scan type: Quick Scan
Objects scanned: 90398
Time elapsed: 7 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

hackme_2009
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-09-23
OS OS : xp sp3
Points Points : 26359
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus in my computer

Post by Belahzur on 25th September 2009, 6:33 pm


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt just yet.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: virus in my computer

Post by hackme_2009 on 26th September 2009, 1:19 am

here's the copy of dds.txt

DDS (Ver_09-09-24.01) - NTFSx86
Run by Administrator at 19:48:11.28 on Fri 09/25/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.447.80 [GMT 8:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Breakpoint Computers\WinTimer\WinTimer.exe
C:\Program Files\Internet Download Manager\IDMan.exe
F:\Encarta\Microsoft Student with Encarta Premium 2009 DVD\EDICT.EXE
C:\WINDOWS\system32\E_S00RP1.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = [You must be registered and logged in to see this link.]
uStart Page = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
uDefault_Page_URL = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mDefault_Page_URL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
mSearchAssistant = [You must be registered and logged in to see this link.]
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [WinTimer] "c:\program files\breakpoint computers\wintimer\WinTimer.exe"
uRun: [L09AXLRD_13216453] "f:\encarta\microsoft student with encarta premium 2009 dvd\EDICT.EXE" -m
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [VTTimer] VTTimer.exe
mRun: [VTTrayp] VTtrayp.exe
mRun: [VX1000] c:\windows\vVX1000.exe
mRun: [SoundMax] "c:\program files\analog devices\soundmax\smax4.exe" /tray
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
uPolicies-explorer: MaxRecentDocs = 18 (0x12)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
uPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoThumbnailCache = 1 (0x1)
uPolicies-explorer: link = 00000000
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
uPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-explorer: NoWindowsUpdate = 0 (0x0)
mPolicies-explorer: NoViewOnDrive = 0 (0x0)
mPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
mPolicies-explorer: StartMenuFavorites = 0 (0x0)
mPolicies-explorer: Start_ShowMyComputer = 1 (0x1)
mPolicies-explorer: Start_ShowMyDocs = 1 (0x1)
mPolicies-explorer: Start_ShowMyMusic = 0 (0x0)
mPolicies-explorer: Start_ShowRun = 1 (0x1)
mPolicies-explorer: Start_ShowSearch = 0 (0x0)
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2009-9-5 21144]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-9-5 111184]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2009-9-19 115856]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2009-9-19 41424]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-9-5 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-9-5 155160]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2009-9-19 91856]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2009-9-10 100368]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-9-5 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-9-5 352920]
S3 cpuz129;cpuz129;\??\c:\docume~1\admini~1\locals~1\temp\autorunpro0\new folder\new folder (18)\new folder (13)\pcwiz32.sys --> c:\docume~1\admini~1\locals~1\temp\autorunpro0\new folder\new folder (18)\new folder (13)\pcwiz32.sys [?]
S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [2009-9-19 32016]

=============== Created Last 30 ================

2009-09-25 09:58 --dsh--- c:\docume~1\alluse~1\applic~1\{55A29068-F2CE-456C-9148-C869879E2357}
2009-09-25 09:28 --d----- c:\docume~1\alluse~1\applic~1\McAfee Security Scan
2009-09-25 09:04 --d----- c:\docume~1\admini~1\applic~1\Malwarebytes
2009-09-25 09:04 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-25 09:03 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-25 09:03 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-25 09:03 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-09-25 06:23 --d----- c:\program files\RAR Password Unlocker
2009-09-25 04:49 --d----- c:\documents and settings\administrator\DoctorWeb
2009-09-24 22:45 --d----- c:\program files\Microsoft Student
2009-09-24 22:45 --d----- c:\program files\Learning Essentials
2009-09-24 22:44 --d----- c:\windows\system32\DirectX
2009-09-24 22:40 --d----- c:\windows\system32\appmgmt
2009-09-24 19:58 --d----- c:\docume~1\admini~1\applic~1\Styler
2009-09-24 19:55 --d----- c:\program files\Styler
2009-09-24 02:11 168 a------- c:\windows\wininit.ini
2009-09-24 01:21 --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-09-23 12:03 16,244 a------- c:\windows\system32\rrt_is.wav
2009-09-23 12:03 7,302 a------- c:\windows\system32\rrt_vf.wav
2009-09-23 12:03 7,148 a------- c:\windows\system32\rrt_tv.wav
2009-09-23 12:03 6,282 a------- c:\windows\system32\rrt_tn.wav
2009-09-23 05:39 --d----- c:\program files\Smart Virus Remover
2009-09-23 05:21 --d-h--- c:\windows\system32\GroupPolicy
2009-09-22 21:59 --d----- c:\docume~1\admini~1\applic~1\ViStart
2009-09-22 20:25 615 a------- c:\windows\system32\FGfxsNIhFsb6LLX.vbs
2009-09-22 20:25 615 a------- c:\windows\system32\BTAIWA6kUlXvccU.vbs
2009-09-22 20:24 0 a------- c:\windows\system32\10.tmp
2009-09-22 20:24 615 a------- c:\windows\system32\5pzYrmJSD3hax.vbs
2009-09-22 12:34 0 a------- c:\windows\WB.ini
2009-09-22 08:25 --d----- c:\docume~1\admini~1\applic~1\LimeWire
2009-09-22 08:24 --d----- c:\program files\LimeWire
2009-09-22 08:21 --d----- c:\program files\WindSolutions
2009-09-22 08:21 --d----- c:\docume~1\alluse~1\applic~1\WindSolutions
2009-09-22 08:21 --d----- c:\docume~1\admini~1\applic~1\WindSolutions
2009-09-22 07:57 42,672 a------- c:\windows\system32\wbsys.dll
2009-09-22 07:57 --d----- c:\program files\Stardock
2009-09-22 05:18 --d----- c:\program files\PhotoshopPortable
2009-09-21 05:01 776 a------- C:\DriverPack_LAN_wnt5_x86-32.ini
2009-09-21 05:01 --d----- C:\D
2009-09-19 17:30 --d----- c:\documents and settings\administrator\.VirtualBox
2009-09-19 17:29 115,856 a------- c:\windows\system32\drivers\VBoxDrv.sys
2009-09-19 17:29 91,856 a------- c:\windows\system32\drivers\VBoxNetAdp.sys
2009-09-19 17:29 32,016 a------- c:\windows\system32\drivers\VBoxUSB.sys
2009-09-19 17:28 41,424 a------- c:\windows\system32\drivers\VBoxUSBMon.sys
2009-09-19 17:28 --d----- c:\program files\Sun
2009-09-19 01:44 --d----- c:\program files\Macrovision Downloaded Files
2009-09-18 23:57 65,536 a------- c:\windows\system32\E_S00RP1.EXE
2009-09-18 23:55 --d----- c:\program files\EPSON
2009-09-18 21:05 --d----- c:\program files\Total Video Converter
2009-09-16 21:06 221,184 a------- c:\windows\system32\wmpns.dll
2009-09-16 21:05 --d-h--- c:\windows\$hf_mig$
2009-09-16 18:21 193,024 -------- c:\windows\system32\dllcache\msrating.dll
2009-09-16 18:21 102,912 -------- c:\windows\system32\dllcache\occache.dll
2009-09-16 18:21 44,544 -------- c:\windows\system32\dllcache\iernonce.dll
2009-09-16 18:21 27,648 -------- c:\windows\system32\dllcache\jsproxy.dll
2009-09-16 18:21 44,544 -------- c:\windows\system32\dllcache\pngfilt.dll
2009-09-16 18:21 17,408 -------- c:\windows\system32\dllcache\corpol.dll
2009-09-16 18:21 459,264 -------- c:\windows\system32\dllcache\msfeeds.dll
2009-09-16 18:21 268,288 -------- c:\windows\system32\dllcache\iertutil.dll
2009-09-16 18:21 230,400 -------- c:\windows\system32\dllcache\ieaksie.dll
2009-09-16 18:21 153,088 -------- c:\windows\system32\dllcache\ieakeng.dll
2009-09-16 18:21 105,984 -------- c:\windows\system32\dllcache\url.dll
2009-09-16 16:51 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-09-16 16:51 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2009-09-16 16:32 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-09-16 16:31 80,896 -------- c:\windows\system32\dllcache\tlntsess.exe
2009-09-16 16:31 76,288 -------- c:\windows\system32\dllcache\telnet.exe
2009-09-16 16:17 134,144 -------- c:\windows\system32\dllcache\wkssvc.dll
2009-09-16 16:16 84,992 -------- c:\windows\system32\dllcache\avifil32.dll
2009-09-16 16:15 2,067,968 -------- c:\windows\system32\dllcache\mstscax.dll
2009-09-16 16:11 1,291,264 -------- c:\windows\system32\dllcache\quartz.dll
2009-09-16 16:05 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-09-16 15:41 153,088 -------- c:\windows\system32\dllcache\triedit.dll
2009-09-16 15:40 128,512 -------- c:\windows\system32\dllcache\dhtmled.ocx
2009-09-16 15:18 512,000 -------- c:\windows\system32\dllcache\jscript.dll
2009-09-15 20:19 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll
2009-09-15 20:17 346,112 -------- c:\windows\system32\dllcache\localspl.dll
2009-09-15 20:16 56,832 -------- c:\windows\system32\dllcache\secur32.dll
2009-09-15 20:15 354,304 -------- c:\windows\system32\dllcache\winhttp.dll
2009-09-15 20:15 956,928 -------- c:\windows\system32\dllcache\msdtctm.dll
2009-09-15 20:15 161,792 -------- c:\windows\system32\dllcache\msdtcuiu.dll
2009-09-15 20:15 91,648 -------- c:\windows\system32\dllcache\mtxoci.dll
2009-09-15 20:15 66,560 -------- c:\windows\system32\dllcache\mtxclu.dll
2009-09-15 20:15 58,880 -------- c:\windows\system32\dllcache\msdtclog.dll
2009-09-15 20:14 729,088 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-09-15 20:14 473,600 -------- c:\windows\system32\dllcache\fastprox.dll
2009-09-15 20:14 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-09-15 20:14 401,408 -------- c:\windows\system32\dllcache\rpcss.dll
2009-09-15 20:14 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-09-15 20:14 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-09-15 20:14 110,592 -------- c:\windows\system32\dllcache\services.exe
2009-09-15 20:14 35,328 -------- c:\windows\system32\dllcache\sc.exe
2009-09-15 20:14 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-09-15 20:14 715,264 -------- c:\windows\system32\dllcache\ntdll.dll
2009-09-15 20:14 2,066,176 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-09-15 20:14 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-09-15 20:10 8,461,312 -------- c:\windows\system32\dllcache\shell32.dll
2009-09-15 20:06 144,896 -------- c:\windows\system32\dllcache\schannel.dll
2009-09-15 15:23 --d----- c:\program files\CRM-Express
2009-09-13 18:29 262,144 a------- c:\windows\system32\default_user_class.dat
2009-09-13 10:45 --d----- c:\windows\pss
2009-09-13 05:19 --d----- C:\MS Rapid Downloads
2009-09-13 04:02 --d----- C:\FkeyKiosk
2009-09-12 03:03 1,409 a------- c:\windows\system32\tmp92B6C.FOT
2009-09-12 03:03 1,409 a------- c:\windows\system32\tmp4EB6C.FOT
2009-09-12 03:03 1,409 a------- c:\windows\system32\tmp32C6C.FOT
2009-09-12 03:03 1,409 a------- c:\windows\system32\tmp15C6C.FOT
2009-09-12 03:03 1,409 a------- c:\windows\system32\tmpC9A6C.FOT
2009-09-12 03:03 1,409 a------- c:\windows\system32\tmpAEA6C.FOT
2009-09-11 23:53 717,296 a------- c:\windows\system32\drivers\sptd.sys
2009-09-11 18:28 --d----- c:\program files\MagicISO
2009-09-11 02:22 --d----- c:\docume~1\admini~1\applic~1\IDM
2009-09-11 02:21 --d----- c:\program files\Internet Download Manager
2009-09-10 03:15 133,648 a------- c:\windows\system32\VBoxNetFltNotify.dll
2009-09-10 03:15 100,368 a------- c:\windows\system32\drivers\VBoxNetFlt.sys
2009-09-09 18:00 230,424 a------- C:\img2-001.raw
2009-09-09 17:40 60,032 a------- c:\windows\system32\drivers\USBAUDIO.sys
2009-09-09 03:49 --d----- c:\program files\WinUHA
2009-09-08 20:35 1,409 a------- c:\windows\system32\tmpF1299.FOT
2009-09-08 20:35 1,409 a------- c:\windows\system32\tmpBC299.FOT
2009-09-08 20:35 1,409 a------- c:\windows\system32\tmp90399.FOT
2009-09-08 20:35 1,409 a------- c:\windows\system32\tmp85399.FOT
2009-09-08 20:35 1,409 a------- c:\windows\system32\tmp5B399.FOT
2009-09-08 20:35 1,409 a------- c:\windows\system32\tmp2A199.FOT
2009-09-08 19:45 --d----- c:\docume~1\admini~1\applic~1\UltraVNC
2009-09-08 19:39 --d----- c:\program files\UltraVNC
2009-09-08 18:09 --d----- c:\docume~1\admini~1\applic~1\DMCache
2009-09-06 23:55 --d----- c:\docume~1\admini~1\applic~1\BitTorrent
2009-09-06 23:55 --d----- c:\program files\DNA
2009-09-06 23:55 --d----- c:\program files\BitTorrent
2009-09-06 23:55 --d----- c:\docume~1\admini~1\applic~1\DNA
2009-09-06 15:39 --d----- c:\windows\system32\NtmsData
2009-09-06 15:27 --d----- c:\windows\SHELLNEW
2009-09-06 15:17 --d----- c:\program files\Yahoo!
2009-09-06 15:13 --d----- c:\docume~1\admini~1\applic~1\IObit
2009-09-06 15:13 --d----- c:\program files\IObit
2009-09-06 15:12 42 a------- c:\windows\system32\RegistryEasy.lie
2009-09-06 15:11 --d----- c:\program files\Registry Easy
2009-09-06 06:20 --d--r-- c:\documents and settings\all users\Documents
2009-09-06 06:19 1,088,840 a----r-- c:\windows\SETCB.tmp
2009-09-06 06:19 1,296,669 a----r-- c:\windows\SETC8.tmp
2009-09-06 05:33 --d----- c:\program files\Breakpoint Computers
2009-09-06 05:30 8,192 a------- c:\windows\REGLOCS.OLD
2009-09-06 05:11 16,128 a------- c:\windows\system32\drivers\MODEMCSA.sys
2009-09-06 05:11 129,045 a----r-- c:\windows\system32\drivers\HSFProf.cty
2009-09-06 05:11 86,016 a----r-- c:\windows\system32\mdmxsdk.dll
2009-09-06 05:11 39,018 a----r-- c:\windows\system32\hsfci011.dll
2009-09-06 05:11 13,059 a----r-- c:\windows\system32\drivers\mdmxsdk.sys
2009-09-06 05:11 --d----- c:\program files\CONEXANT
2009-09-06 05:11 1,036,928 a----r-- c:\windows\system32\drivers\HSF_DP.sys
2009-09-06 05:11 702,592 a----r-- c:\windows\system32\drivers\HSF_CNXT.sys
2009-09-06 05:11 219,136 a----r-- c:\windows\system32\drivers\HSFHWBS2.sys
2009-09-06 05:08 8 a------- c:\windows\system32\nvModes.dat
2009-09-06 05:06 88,723 a------- c:\windows\system32\nvapps.xml
2009-09-06 05:05 17,056 a------- c:\windows\system32\nvdisp.nvu
2009-09-06 05:05 --d----- c:\windows\nview
2009-09-06 05:05 208,896 a------- c:\windows\system32\nvudisp.exe
2009-09-06 04:59 --d----- c:\windows\vnDrvBas
2009-09-06 04:59 6,272 a------- c:\windows\system32\drivers\splitter.sys
2009-09-06 04:59 83,072 a------- c:\windows\system32\drivers\wdmaud.sys
2009-09-06 04:59 56,576 a------- c:\windows\system32\drivers\swmidi.sys
2009-09-06 04:59 52,864 a------- c:\windows\system32\drivers\DMusic.sys
2009-09-06 04:59 142,592 a------- c:\windows\system32\drivers\aec.sys
2009-09-06 04:59 172,416 a------- c:\windows\system32\drivers\kmixer.sys
2009-09-06 04:59 2,944 a------- c:\windows\system32\drivers\drmkaud.sys
2009-09-06 04:59 60,800 a------- c:\windows\system32\drivers\sysaudio.sys
2009-09-06 04:59 7,552 a------- c:\windows\system32\drivers\MSKSSRV.sys
2009-09-06 04:59 4,992 a------- c:\windows\system32\drivers\MSPQM.sys
2009-09-06 04:59 5,376 a------- c:\windows\system32\drivers\MSPCLOCK.sys
2009-09-06 04:58 --d----- c:\program files\Analog Devices
2009-09-06 04:57 --d----- c:\windows\system32\ReinstallBackups
2009-09-06 04:57 --d----- c:\program files\VIA
2009-09-06 04:54 5,810 a----r-- c:\windows\system32\drivers\ASACPI.sys
2009-09-06 04:54 17,150 a------- c:\windows\Ascd_tmp.ini
2009-09-06 04:54 5,824 a------- c:\windows\system32\drivers\ASUSHWIO.SYS
2009-09-06 04:50 --d----- c:\program files\Real Alternative
2009-09-06 04:50 --d----- c:\program files\MediaLooks
2009-09-06 04:50 --d----- c:\program files\QuickTime Alternative
2009-09-06 04:50 --d----- c:\program files\K-Lite Codec Pack
2009-09-06 04:50 --d----- c:\program files\Foxit Software
2009-09-06 04:50 --d----- c:\docume~1\admini~1\applic~1\Foxit
2009-09-06 04:50 --d----- c:\program files\CCleaner
2009-09-06 04:49 --d----- c:\program files\Unlocker
2009-09-06 04:49 --d----- c:\windows\Downloaded Installations
2009-09-06 04:49 --d----- c:\program files\UPHClean
2009-09-06 04:49 --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-09-06 04:49 411,368 a------- c:\windows\system32\deploytk.dll
2009-09-06 04:49 73,728 a------- c:\windows\system32\javacpl.cpl
2009-09-06 04:47 --d----- c:\documents and settings\Administrator
2009-09-06 04:47 --ds---- c:\windows\system32\Microsoft
2009-09-06 04:35 2,626 a------- c:\windows\system32\CONFIG.NT
2009-09-06 04:35 0 a------- c:\windows\control.ini
2009-09-06 04:34 23,392 a------- c:\windows\system32\nscompat.tlb
2009-09-06 04:34 16,832 a------- c:\windows\system32\amcompat.tlb
2009-09-06 04:34 316,640 a------- c:\windows\WMSysPr9.prx
2009-09-06 04:34 --d----- c:\windows\system32\dllcache
2009-09-06 04:34 --dsh--- c:\documents and settings\all users\DRM
2009-09-06 04:33 488 a---hr-- c:\windows\system32\WindowsLogon.manifest
2009-09-06 04:33 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-09-06 04:33 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-09-06 04:33 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-09-06 04:33 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-09-06 04:33 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2009-09-06 04:33 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-09-06 04:33 749 a---hr-- c:\windows\system32\cdplayer.exe.manifest
2009-09-06 04:33 --d-h--- c:\program files\WindowsUpdate
2009-09-06 04:33 --d----- c:\program files\Windows Media Connect 2
2009-09-06 04:33 11,264 a------- c:\windows\system32\atrace.dll
2009-09-06 04:33 2 a------- c:\windows\system32\desktop.ini
2009-09-06 04:33 2 a------- c:\windows\desktop.ini
2009-09-06 04:32 --d----- c:\program files\common files\MSSoap
2009-09-05 23:19 --d----- c:\program files\common files\ODBC
2009-09-05 23:19 --d----- c:\program files\common files\SpeechEngines

==================== Find3M ====================

2009-09-06 04:34 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-09-06 04:32 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-08-31 00:32 69 a------- C:\NBN 4.BAT
2009-08-31 00:32 58 a------- C:\UNTV.BAT
2009-08-31 00:32 58 a------- C:\CS9.BAT
2009-08-31 00:32 55 a------- C:\Abs-Cbn.bat
2009-08-31 00:32 54 a------- C:\QTV 11.BAT
2009-08-31 00:32 53 a------- C:\NET 25.BAT
2009-08-31 00:32 53 a------- C:\GMA 7.BAT
2009-08-31 00:32 51 a------- C:\TV5.BAT
2009-08-05 17:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-29 12:37 119,808 a------- c:\windows\system32\t2embed.dll
2009-07-29 12:37 81,920 a------- c:\windows\system32\fontsub.dll
2009-07-19 21:31 3,600,384 -------- c:\windows\system32\dllcache\mshtml.dll
2009-07-19 21:31 6,070,784 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-18 03:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-14 05:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-14 05:43 10,841,088 -------- c:\windows\system32\dllcache\wmp.dll
2009-07-14 05:43 286,208 -------- c:\windows\system32\dllcache\wmpdxm.dll
2009-06-29 19:25 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-29 19:25 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-06-29 16:33 2,452,872 -------- c:\windows\system32\dllcache\ieapfltr.dat
2009-06-29 15:25 634,632 -------- c:\windows\system32\dllcache\iexplore.exe
2009-06-29 15:23 161,792 -------- c:\windows\system32\dllcache\ieakui.dll

============= FINISH: 19:48:32.50 ===============

hackme_2009
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-09-23
OS OS : xp sp3
Points Points : 26359
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus in my computer

Post by Belahzur on 26th September 2009, 6:57 pm

Hello.
A few things need to go here.

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: virus in my computer

Post by hackme_2009 on 27th September 2009, 4:03 pm

hello,
this is the txt file

7-Zip 4.64
Adobe Flash Player 10 Plugin
Advanced SystemCare 3
Alt-Tab Task Switcher Powertoy for Windows XP
AutoPlay Menu Builder
avast! Antivirus
Breakpoint WinTimer 5.300S (remove only)
CCleaner (remove only)
CopyTrans Suite Remove Only
CRMExpress
Easy Batch Builder
Foxit Reader
HashCheck Shell Extension (x86-32)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Internet Download Manager
Java(TM) 6 Update 15
K-Lite Codec Pack 4.5.3 (Full)
Learning Essentials for Microsoft Office
LimeWire PRO 4.18.3
Magic ISO Maker v5.5 (build 0276)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft AppLocale
Microsoft Math
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Student 2007 for Learning Essentials
Microsoft Student with Encarta Premium 2009
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Windows Application Compatibility Database
Mozilla Firefox (3.0.14)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser
NVIDIA Drivers
Open Command Prompt Shell Extension (x86-32)
PCI SoftV92 Modem
Quick Menu Builder 1.2
QuickTime Alternative 2.8.0
RapidShare Plus 4 1.00
RAR Password Unlocker 3.0
Real Alternative 1.9.0
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Smart Install Maker 5.02
SoundMAX
Sun VirtualBox
Total Video Converter 3.21 090220
Unlocker 1.8.7
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Outlook 2007 Junk Email Filter (kb973514)
Update for Windows XP (KB967715)
Update for Windows XP (KB973815)
User Profile Hive Cleanup Service
VIA Rhine-Family Fast Ethernet Adapter
Windows Media Player Firefox Plugin
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows Rights Management Client with Service Pack 2
WinRAR archiver
WinUHA 2.0 RC1 (2005.02.27)
Yahoo! Messenger

tnx in advance!!!

hackme_2009
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-09-23
OS OS : xp sp3
Points Points : 26359
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus in my computer

Post by Belahzur on 27th September 2009, 5:16 pm

Hello.

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

If Limewire is not removed, then I won't help you.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Java(TM) 6 Update 15
    LimeWire PRO 4.18.3

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTM.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :files
    c:\docume~1\alluse~1\applic~1\{55A29068-F2CE-456C-9148-C869879E2357}
    c:\windows\system32\FGfxsNIhFsb6LLX.vbs
    c:\windows\system32\BTAIWA6kUlXvccU.vbs
    c:\windows\system32\10.tmp
    c:\windows\system32\5pzYrmJSD3hax.vbs
    c:\docume~1\admini~1\applic~1\LimeWire
    c:\program files\LimeWire
    c:\windows\SETCB.tmp
    c:\windows\SETC8.tmp

    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "SFCDisable"=-


  • Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: virus in my computer

Post by hackme_2009 on 28th September 2009, 12:36 pm

hello,
this is the log file.

========== FILES ==========
c:\docume~1\alluse~1\applic~1\{55A29068-F2CE-456C-9148-C869879E2357} moved successfully.
c:\windows\system32\FGfxsNIhFsb6LLX.vbs moved successfully.
c:\windows\system32\BTAIWA6kUlXvccU.vbs moved successfully.
c:\windows\system32\10.tmp moved successfully.
c:\windows\system32\5pzYrmJSD3hax.vbs moved successfully.
c:\docume~1\admini~1\applic~1\LimeWire\xml\data moved successfully.
c:\docume~1\admini~1\applic~1\LimeWire\xml moved successfully.
c:\docume~1\admini~1\applic~1\LimeWire\themes\limewirePro_theme moved successfully.
c:\docume~1\admini~1\applic~1\LimeWire\themes moved successfully.
c:\docume~1\admini~1\applic~1\LimeWire\promotion moved successfully.
c:\docume~1\admini~1\applic~1\LimeWire\certificate moved successfully.
c:\docume~1\admini~1\applic~1\LimeWire\.AppSpecialShare moved successfully.
c:\docume~1\admini~1\applic~1\LimeWire moved successfully.
File/Folder c:\program files\LimeWire not found.
c:\windows\SETCB.tmp moved successfully.
c:\windows\SETC8.tmp moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\SFCDisable deleted successfully.

OTM by OldTimer - Version 3.0.0.6 log created on 09282009_004654

just a question why do we need to remove java update? is this malware/virus?

hackme_2009
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-09-23
OS OS : xp sp3
Points Points : 26359
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus in my computer

Post by Origin on 28th September 2009, 2:19 pm

The reason Java was removed is due to the fact that its a out dated version that you don't need and just sits there taking up memory ;)

Please run another Malwarebytes scan and post the results back here.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31523
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus in my computer

Post by hackme_2009 on 29th September 2009, 8:52 am

hi origin,
tnx for your answer.anyway this is the mbam logfile

Malwarebytes' Anti-Malware 1.41
Database version: 2858
Windows 5.1.2600 Service Pack 3

9/28/2009 4:07:58 PM
mbam-log-2009-09-28 (16-07-48).txt

Scan type: Quick Scan
Objects scanned: 90151
Time elapsed: 4 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\dsdmo32.dll (Trojan.Tracur) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\b0a5b531670 (Trojan.Tracur) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\system32\LocalService (Worm.Archive) -> No action taken.

Files Infected:
C:\WINDOWS\system32\dsdmo32.dll (Trojan.Tracur) -> No action taken.
C:\WINDOWS\system32\LocalService\3.tmp (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\LocalService\A7.tmp (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\GroupPolicy000.dat (Malware.Trace) -> No action taken.

as of the moment i haven''t delete this malware.im waiting for your next post for my next step.by the way, i've notice some of the malwares came back this time even though i have already deleted them in my first scan of mbam.


Last edited by hackme_2009 on 29th September 2009, 9:02 am; edited 1 time in total (Reason for editing : wrong info)

hackme_2009
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-09-23
OS OS : xp sp3
Points Points : 26359
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus in my computer

Post by Belahzur on 29th September 2009, 10:25 pm

Hello.
Please have MBAM remove the things it found. Smile


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: virus in my computer

Post by hackme_2009 on 1st October 2009, 3:42 am

I HAVE REMOVED THIS MALWARES. is my computer clean now

hackme_2009
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-09-23
OS OS : xp sp3
Points Points : 26359
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus in my computer

Post by Belahzur on 1st October 2009, 10:15 am

Hello.
Logs look fine to me, but how is the machine running for you?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum