Affected by Virus+Blue Screen

View previous topic View next topic Go down

Affected by Virus+Blue Screen

Post by Zaga on 13th December 2009, 2:32 pm

Hi, uhm, I need a help on how can I get rid of my problem. First, I downloaded CClaner and Avast. Whenever I try to use CCleaner, it just shuts down and closes even before I can click a single button on it and when I keep trying for some more time, "blue colored screen" appeared saying something and laptop shuts down by itself while on Avast, goes the same case. Whenever I try to open the setup file of Avast, the screen shows me a "blue screen" again and laptop shuts down by itself.


Another thing is, since I can't use any good anti virus, I tried iObit Security 360 and I ran a scan. There was tracking cookie virus and Agent.HLU viruses. When I tried to remove them and restart laptop and try to do another scan, the virus that was supposed to be remove once again was showed up after the scan.


Lastly, when I check Task Manager, it is usually 23 processes ( no running any program ) but now it's going 29 and 30 ( still without running any program ).


I'm looking forward that someone here could possibly help me fix this problem.

Thanks in advance.

Zaga
Novice
Novice

Posts Posts : 9
Joined Joined : 2009-12-13
OS OS : XP
Points Points : 25601
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Affected by Virus+Blue Screen

Post by Belahzur on 13th December 2009, 8:43 pm


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste BOTH LOGS back here, use more than one post if needed.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Affected by Virus+Blue Screen

Post by Zaga on 14th December 2009, 6:48 am

DDS (Ver_09-12-01.01) - NTFSx86
Run by ArJen108 at 10:47:01.39 on Mon 12/14/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502.161 [GMT 4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\IObit\IObit Security 360\is360.exe
C:\Program Files\IObit\IObit Security 360\IS360tray.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\DOCUME~1\ArJen108\LOCALS~1\Temp\winljrq.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\ArJen108\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uURLSearchHooks: H - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\arjen108\applic~1\mozilla\firefox\profiles\4899amq1.default\
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - hȋdden: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 600000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 600000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.homepage.dontask - true
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2009-11-22 312592]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2009-11-13 1021256]
R3 asc3360pr;asc3360pr;\??\c:\windows\system32\drivers\gopus.sys --> c:\windows\system32\drivers\gopus.sys [?]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
S3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [2008-3-16 1097728]

=============== Created Last 30 ================

2009-12-09 05:45:23 0 d-----w- c:\docume~1\alluse~1\applic~1\WEBREG
2009-12-09 05:43:47 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2009-12-09 05:43:45 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2009-12-09 05:43:24 267864 ----a-r- c:\windows\system32\hpzids01.dll
2009-12-09 05:43:21 117760 ----a-w- c:\windows\system32\hpzll5ha.dll
2009-12-09 05:43:14 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2009-12-09 05:42:47 675840 ----a-r- c:\windows\system32\hpowiax3.dll
2009-12-09 05:42:47 569344 ----a-r- c:\windows\system32\hpotscl3.dll
2009-12-09 05:42:47 364544 ----a-r- c:\windows\system32\hppldcoi.dll
2009-12-09 05:42:47 309760 ----a-r- c:\windows\system32\difxapi.dll
2009-12-09 05:42:47 303104 ----a-r- c:\windows\system32\hpovst10.dll
2009-12-09 05:42:46 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-12-09 05:42:46 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-12-09 05:39:36 0 d-----w- c:\program files\common files\HP
2009-12-09 05:39:03 0 d-----w- c:\program files\common files\Hewlett-Packard
2009-12-09 05:37:56 0 d-----w- c:\program files\HP
2009-12-09 05:37:43 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-12-09 05:37:43 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-12-09 05:36:44 2000 ------w- c:\windows\hpomdl14.dat
2009-12-09 05:36:44 141123 ----a-w- c:\windows\hpoins14.dat
2009-12-06 03:58:07 0 d-----w- c:\program files\Growler Guncam
2009-12-06 03:57:50 0 d-----w- c:\program files\common files\GC Install
2009-11-24 20:14:36 36864 ----a-w- c:\windows\system32\bzgtbx.dll
2009-11-23 11:02:01 38 ----a-w- c:\windows\avisplitter.ini
2009-11-23 11:02:01 178176 ----a-w- c:\windows\system32\unrar.dll
2009-11-23 11:02:00 839680 ----a-w- c:\windows\system32\lameACM.acm
2009-11-23 11:02:00 414 ----a-w- c:\windows\system32\lame_acm.xml
2009-11-23 11:01:59 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-11-23 11:01:59 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-11-23 11:01:59 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-11-23 11:01:59 118784 ----a-w- c:\windows\system32\ac3acm.acm
2009-11-23 11:01:58 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-23 11:01:58 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2009-11-23 11:01:57 685056 ----a-w- c:\windows\system32\divx.dll
2009-11-23 11:01:54 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-11-23 11:01:54 547 ----a-w- c:\windows\system32\ff_vfw.dll.manifest
2009-11-23 11:01:52 0 d-----w- c:\program files\K-Lite Codec Pack
2009-11-22 13:06:39 679936 ----a-w- c:\windows\system32\D3DX81ab.dll
2009-11-22 13:06:39 1970176 ----a-w- c:\windows\system32\d3dx9.dll
2009-11-22 13:06:39 0 d-----w- c:\program files\Cheat Engine
2009-11-22 10:46:03 0 d-----w- c:\program files\ZhyperMU
2009-11-22 09:52:03 0 d-----w- C:\downloads
2009-11-22 09:52:03 0 d-----w- c:\docume~1\arjen108\applic~1\GrabPro
2009-11-22 06:49:56 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-11-22 06:49:56 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-11-22 06:44:32 0 d-----w- c:\docume~1\alluse~1\applic~1\IObit
2009-11-22 06:36:41 0 d-----w- c:\docume~1\arjen108\applic~1\IObit
2009-11-22 06:36:40 0 d-----w- c:\program files\IObit
2009-11-21 20:17:13 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-11-21 20:17:13 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-11-21 19:27:28 0 d-----w- c:\program files\SystemRequirementsLab
2009-11-21 18:58:51 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-11-21 18:51:20 0 d-----w- c:\documents and settings\arjen108\Tracing
2009-11-21 18:48:52 0 d-----w- c:\program files\Microsoft
2009-11-21 18:48:33 0 d-----w- c:\program files\Windows Live SkyDrive
2009-11-21 18:44:17 0 d-----w- c:\docume~1\arjen108\applic~1\LimeWire
2009-11-21 18:40:11 0 d-----w- c:\program files\common files\Windows Live
2009-11-21 18:36:46 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-11-21 18:36:46 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-21 17:32:46 29512 ----a-w- c:\windows\system32\TURegOpt.exe
2009-11-21 17:32:44 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2009-11-21 17:32:21 0 d-----w- c:\program files\TuneUp Utilities 2010
2009-11-21 17:26:31 0 d-----w- c:\program files\LimeWire
2009-11-21 17:25:00 0 d-sh--w- c:\documents and settings\arjen108\IECompatCache
2009-11-21 17:24:22 0 d-sh--w- c:\documents and settings\arjen108\PrivacIE
2009-11-21 17:17:14 0 d-sh--w- c:\documents and settings\arjen108\IETldCache
2009-11-21 17:13:31 0 dc-h--w- c:\windows\ie8
2009-11-21 16:35:51 0 d-----w- c:\windows\system32\appmgmt
2009-11-21 09:36:52 66048 ----a-w- c:\windows\QMDispatch.dll
2009-11-21 09:36:52 36864 ----a-w- c:\windows\system32\opjs.dll
2009-11-20 21:01:42 0 d-----w- c:\docume~1\arjen108\applic~1\TeamViewer
2009-11-20 21:01:14 0 d-----w- c:\documents and settings\arjen108\temp
2009-11-20 20:33:18 0 d-----w- c:\docume~1\arjen108\applic~1\TuneUp Software
2009-11-20 20:32:29 0 d-----w- c:\docume~1\alluse~1\applic~1\TuneUp Software
2009-11-20 20:32:13 0 d-sh--w- c:\docume~1\alluse~1\applic~1\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2009-11-19 11:00:11 0 d-----w- c:\windows\ServicePackFiles
2009-11-19 10:59:25 0 d-----w- c:\program files\MSXML 4.0
2009-11-18 18:40:08 0 d-----w- c:\windows\system32\CatRoot_bak
2009-11-18 18:12:57 0 d-----w- c:\program files\Yahoo!
2009-11-18 17:33:22 453632 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-11-18 17:27:55 2136064 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-11-18 17:27:54 2180352 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-11-18 17:27:53 2015744 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-11-18 17:27:52 2057728 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-11-18 17:15:14 0 d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2009-11-18 17:12:49 376 ----a-w- c:\windows\ODBC.INI
2009-11-18 17:12:43 17920 ----a-w- c:\windows\system32\mdimon.dll
2009-11-18 17:11:37 0 d-----w- c:\program files\Microsoft ActiveSync
2009-11-18 17:10:11 0 d-----w- c:\windows\SHELLNEW
2009-11-18 17:10:00 0 d-----w- c:\windows\system32\PreInstall
2009-11-18 17:03:15 0 d-----w- c:\windows\system32\SoftwareDistribution
2009-11-18 17:01:26 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2009-11-18 17:01:26 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-11-18 17:01:19 9600 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2009-11-18 17:01:19 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-11-16 19:18:20 0 d-sh--w- c:\documents and settings\arjen108\UserData
2009-11-16 18:59:06 0 d-----w- c:\windows\tiinst
2009-11-16 18:51:44 135168 ----a-w- c:\windows\system32\RtlCPAPI.dll
2009-11-16 18:50:46 151552 ----a-w- c:\windows\Alcmtr.exe
2009-11-16 18:43:03 940794 ----a-w- c:\windows\system32\LoopyMusic.wav
2009-11-16 18:43:03 146650 ----a-w- c:\windows\system32\BuzzingBee.wav
2009-11-16 18:42:56 0 d-----w- c:\windows\system32\Lang
2009-11-16 18:41:28 40960 ----a-w- c:\windows\system32\ChCfg.exe
2009-11-16 18:41:22 0 d-----w- c:\windows\system32\RTCOM
2009-11-16 18:40:49 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-11-16 18:40:44 86016 ----a-w- c:\windows\SoundMan.exe
2009-11-16 18:40:44 364544 ----a-w- c:\windows\RtlUpd.exe
2009-11-16 18:40:44 2879488 ----a-w- c:\windows\SkyTel.exe
2009-11-16 18:40:44 266240 ----a-w- c:\windows\system32\RTSndMgr.Cpl
2009-11-16 18:40:41 9709568 ----a-w- c:\windows\RTLCPL.exe
2009-11-16 18:40:41 4304384 ----a-w- c:\windows\system32\drivers\RtkHDAud.Sys
2009-11-16 18:40:40 2158592 ----a-w- c:\windows\MicCal.exe
2009-11-16 18:40:40 16248320 ----a-w- c:\windows\RTHDCPL.exe
2009-11-16 18:40:39 299008 ----a-w- c:\windows\system32\ALSndMgr.Cpl
2009-11-16 18:40:39 2808832 ----a-w- c:\windows\alcwzrd.exe
2009-11-16 18:40:39 0 d-----w- c:\program files\Realtek
2009-11-16 18:40:33 487424 ----a-w- c:\windows\RtlExUpd.dll
2009-11-16 18:39:09 0 d-----w- c:\documents and settings\arjen108\Bluetooth Software
2009-11-16 18:38:53 6400 -c--a-w- c:\windows\system32\dllcache\splitter.sys
2009-11-16 18:38:53 6400 ----a-w- c:\windows\system32\drivers\splitter.sys
2009-11-16 18:38:49 52864 -c--a-w- c:\windows\system32\dllcache\dmusic.sys
2009-11-16 18:38:49 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys
2009-11-16 18:36:24 0 d-----w- c:\program files\WIDCOMM
2009-11-16 18:25:16 0 d-----w- c:\program files\common files\Logitech
2009-11-16 18:25:12 0 d-----w- c:\program files\common files\Acer
2009-11-16 18:25:02 0 d-----w- c:\program files\Acer
2009-11-16 17:38:12 139264 ----a-w- c:\windows\system32\igfxres.dll
2009-11-16 17:25:55 49152 ----a-w- c:\windows\system32\ialmrem.dll
2009-11-16 17:25:55 45694 ----a-w- c:\windows\system32\ialmrnt5.dll
2009-11-16 17:25:54 121467 ----a-w- c:\windows\system32\ialmdnt5.dll
2009-11-16 17:25:54 1166972 ----a-w- c:\windows\system32\drivers\ialmnt5.sys
2009-11-16 17:25:53 956026 ----a-w- c:\windows\system32\ialmdd5.dll
2009-11-16 17:25:53 238650 ----a-w- c:\windows\system32\ialmdev5.dll
2009-11-16 17:25:52 73728 ----a-w- c:\windows\system32\hccutils.dll
2009-11-16 17:25:52 61440 ----a-w- c:\windows\system32\iAlmCoIn_v4543.dll
2009-11-16 17:25:52 155648 ----a-w- c:\windows\system32\hkcmd.exe
2009-11-16 17:13:31 0 d-----w- c:\windows\system32\ReinstallBackups
2009-11-15 23:12:30 8261 -c--a-w- c:\windows\system32\dllcache\zoneoc.dll
2009-11-15 23:12:30 337920 -c--a-w- c:\windows\system32\dllcache\zipfldr.dll
2009-11-15 23:12:30 337920 ----a-w- c:\windows\system32\zipfldr.dll
2009-11-15 23:10:59 670720 -c--a-w- c:\windows\system32\dllcache\wmadmoe.dll
2009-11-15 23:09:51 13312 -c--a-w- c:\windows\system32\dllcache\win87em.dll
2009-11-15 23:08:59 9008 -c--a-w- c:\windows\system32\dllcache\ver.dll
2009-11-15 23:07:59 76288 -c--a-w- c:\windows\system32\dllcache\telnet.exe
2009-11-15 23:06:59 801280 -c--a-w- c:\windows\system32\dllcache\sprb0408.dll
2009-11-15 23:05:59 5632 -c--a-w- c:\windows\system32\dllcache\skdll.dll
2009-11-15 23:04:59 44032 -c--a-w- c:\windows\system32\dllcache\rtutils.dll
2009-11-15 23:03:54 32546 -c--a-w- c:\windows\system32\dllcache\prnmngr.vbs
2009-11-15 23:02:59 6761 -c--a-w- c:\windows\system32\dllcache\oembios.sig
2009-11-15 23:01:56 248832 -c--a-w- c:\windows\system32\dllcache\newdev.dll
2009-11-15 23:00:59 90624 -c--a-w- c:\windows\system32\dllcache\muisetup.exe
2009-11-15 22:59:59 45568 -c--a-w- c:\windows\system32\dllcache\mshta.exe
2009-11-15 22:58:59 8192 -c--a-w- c:\windows\system32\dllcache\mqperf.dll
2009-11-15 22:57:47 118272 -c--a-w- c:\windows\system32\dllcache\mdminst.dll
2009-11-15 22:56:56 6656 -c--a-w- c:\windows\system32\dllcache\laprxy.dll
2009-11-15 22:56:56 6656 ----a-w- c:\windows\system32\laprxy.dll
2009-11-15 22:56:55 89600 -c--a-w- c:\windows\system32\dllcache\langwrbk.dll
2009-11-15 22:56:55 89600 ----a-w- c:\windows\system32\langwrbk.dll
2009-11-15 22:56:55 221600 ----a-w- c:\windows\system32\lanman.drv
2009-11-15 22:54:59 6656 -c--a-w- c:\windows\system32\dllcache\kbdcz2.dll
2009-11-15 22:53:58 391536 -c--a-w- c:\windows\system32\dllcache\iedkcs32.dll
2009-11-15 22:52:59 3440660 -c--a-w- c:\windows\system32\dllcache\gm.dls
2009-11-15 22:51:59 71040 ----a-w- c:\windows\system32\drivers\dxg.sys
2009-11-15 22:50:59 5120 -c--a-w- c:\windows\system32\dllcache\dllhost.exe
2009-11-15 22:47:38 252928 -c--a-w- c:\windows\system32\dllcache\compatui.dll
2009-11-15 22:46:59 63744 -c--a-w- c:\windows\system32\dllcache\cdfs.sys
2009-11-15 22:45:59 71552 -c--a-w- c:\windows\system32\dllcache\bridge.sys
2009-11-15 22:44:59 9029 -c--a-w- c:\windows\system32\dllcache\ansi.sys
2009-11-15 19:57:41 178 --sh--w- c:\documents and settings\arjen108\ntuser.ini
2009-11-15 19:52:05 0 d-s---w- c:\windows\system32\Microsoft
2009-11-15 19:51:40 8192 ----a-w- c:\windows\REGLOCS.OLD
2009-11-15 19:36:58 9728 -c--a-w- c:\windows\system32\dllcache\rwnh.dll
2009-11-15 19:35:59 94208 -c--a-w- c:\windows\system32\dllcache\fpencode.dll
2009-11-15 19:34:05 488 ---ha-r- c:\windows\system32\logonui.exe.manifest
2009-11-15 19:34:00 749 ---ha-r- c:\windows\WindowsShell.Manifest
2009-11-15 19:34:00 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest
2009-11-15 19:34:00 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest
2009-11-15 19:34:00 749 ---ha-r- c:\windows\system32\nwc.cpl.manifest
2009-11-15 19:34:00 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest
2009-11-15 00:47:41 0 d-----w- c:\program files\common files\ODBC
2009-11-15 00:47:39 0 d-----w- c:\program files\common files\SpeechEngines
2009-11-15 00:47:19 0 d-----r- c:\documents and settings\all users\Documents
2009-11-14 20:59:07 0 d-sh--w- c:\documents and settings\all users\DRM
2009-11-14 20:58:44 0 d--h--w- c:\program files\WindowsUpdate
2009-11-14 20:58:04 0 d-----w- c:\program files\common files\MSSoap
2009-11-14 20:56:59 0 d-----w- c:\program files\Online Services
2009-11-14 20:56:54 0 d-----w- c:\program files\Messenger
2009-11-14 20:56:52 0 d-----w- c:\program files\MSN Gaming Zone
2009-11-14 20:56:28 0 d-----w- c:\program files\Windows NT

==================== Find3M ====================

2009-11-16 18:04:00 502272 ----a-w- c:\windows\system32\winlogon.exe
2009-11-15 19:33:15 22720 ----a-w- c:\windows\system32\emptyregdb.dat

============= FINISH: 10:47:22.31 ===============

Zaga
Novice
Novice

Posts Posts : 9
Joined Joined : 2009-12-13
OS OS : XP
Points Points : 25601
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Affected by Virus+Blue Screen

Post by Zaga on 14th December 2009, 6:48 am

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/15/2009 11:37:41 PM
System Uptime: 12/14/2009 10:41:22 AM (0 hours ago)

Motherboard: Acer, Inc. | | Prespa1
Processor: Genuine Intel(R) CPU T1350 @ 1.86GHz | U2E1 | 1063/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 49 GiB total, 37.155 GiB free.
E: is FIXED (NTFS) - 63 GiB total, 61.467 GiB free.
F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Marvell Yukon 88E8038 PCI-E Fast Ethernet Controller
Device ID: PCI\VEN_11AB&DEV_4352&SUBSYS_01101025&REV_14\4&192AC53F&0&00E0
Manufacturer: Marvell
Name: Marvell Yukon 88E8038 PCI-E Fast Ethernet Controller
PNP Device ID: PCI\VEN_11AB&DEV_4352&SUBSYS_01101025&REV_14\4&192AC53F&0&00E0
Service: yukonwxp

==== System Restore Points ===================

RP39: 12/6/2009 7:58:06 AM - Installed Growler Guncam
RP40: 12/8/2009 12:55:33 PM - System Checkpoint
RP41: 12/9/2009 9:41:16 AM - Installed HPSU306Stub

==== Installed Programs ======================

32 Bit HP CIO Components Installer
Acer OrbiCam Driver
Acer OrbiCam Software
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Advanced SystemCare 3
Agere Systems HDA Modem
AIO_Scan
BufferChm
Cheat Engine 5.5
Copy
CustomerResearchQFolder
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DJ_AIO_ProductContext
DJ_AIO_Software
DJ_AIO_Software_min
eSupportQFolder
F2100
F2100_doccd
F2100_Help
Growler Guncam
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
HP Customer Participation Program 9.0
HP Deskjet All-In-One Software 9.0
HP Imaging Device Functions 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Solution Center 9.0
HP Update
HPProductAssistant
HPSSupply
Intel(R) Graphics Media Accelerator Driver
IObit Security 360
Java(TM) 6 Update 17
K-Lite Mega Codec Pack 5.4.4
LimeWire 5.3.6
MarketResearch
Microsoft .NET Compact Framework 2.0 SP2
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.5.5)
MSVCRT
MSXML 4.0 SP2 (KB954430)
PSSWCORE
Realtek High Definition Audio Driver
Scan
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Segoe UI
SolutionCenter
Status
System Requirements Lab
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Toolbox
TrayApp
TuneUp Utilities
TuneUp Utilities Language Pack (en-US)
UnloadSupport
Update for Windows XP (KB898461)
Update for Windows XP (KB973815)
VideoToolkit01
WebFldrs XP
WebReg
WIDCOMM Bluetooth Software
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
WinRAR archiver
Yahoo! Messenger
ZhyperMU Season 4 AC V4

==== Event Viewer Messages From Past Week ========

12/8/2009 12:36:10 PM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 0018DE471760 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
12/8/2009 11:32:28 AM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
12/7/2009 10:23:27 PM, error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.2 with the system having network hardware address 00:1F:3C:7A:BE:82. Network operations on this system may be disrupted as a result.
12/11/2009 3:36:00 AM, error: Dhcp [1002] - The IP address lease 192.168.1.4 for the Network Card with network address 0018DE471760 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
12/10/2009 3:28:44 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0018DE471760. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
12/10/2009 3:05:18 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer ROSENEL-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{E670B221-4B8D-4AF. The master browser is stopping or an election is being forced.

==== End Of File ===========================

Zaga
Novice
Novice

Posts Posts : 9
Joined Joined : 2009-12-13
OS OS : XP
Points Points : 25601
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Affected by Virus+Blue Screen

Post by Belahzur on 14th December 2009, 7:51 pm

Hello.

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    IObit Security 360
    LimeWire 5.3.6

Please install Avira antivirus otherwise you won't be protected.

1) [You must be registered and logged in to see this link.]
-Free anti-virus software for Windows.
-Detects and removes more than 50,000 viruses. Free support.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.

How is the machine now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Affected by Virus+Blue Screen

Post by Zaga on 15th December 2009, 6:06 am

I have uninstalled LimeWire and iObit and downloaded Avira and when I tried to open the set up file, after I clicked the 1st "Next" the set up file closed by itself Sad tearing

Zaga
Novice
Novice

Posts Posts : 9
Joined Joined : 2009-12-13
OS OS : XP
Points Points : 25601
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Affected by Virus+Blue Screen

Post by Belahzur on 15th December 2009, 8:48 pm

Whoops, I just noticed something I didn't notice before.

I'm afraid I have bad news.

Your system is infected with a polymorphic file infector called Sality. Sality is capable of infecting all the machine's executable files (.exe) and screensaver files (.scr). However, the problem is that the virus has a number of bugs in its code, and as a result, it may misinfect a proportion of executable files and therefore, the files are corrupted beyond repair. As of now, security experts suggest that a format and clean install, or destructive recovery if you have an OEM recovery partition, is the best way to clean the infection and it is the best and safest way to return the machine to its normal working state.

Backup all your documents and important items (personal data, work documents, etc) only. DO NOT backup any executable files (softwares) and screensavers (*.scr). It attempts to infect any accessed .exe or .scr files by appending itself to the executable.

Also, avoid backing up compressed files (zip/cab/rar) files that have .exe or .scr files inside them. Sality can penetrate and infect .exe files inside compressed files too.

Recent variants also modify htm, html, asp and php files.

Do not back up to another machine, as it may become compromised. Burn to DVD/CD, or to an external drive which has nothing else on it, and which you can format should it happen to become infected from the backups.


For more information, please see [You must be registered and logged in to see this link.]

Instructions how to format and reinstall Windows can be found [You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum