I need help with a virus

View previous topic View next topic Go down

I need help with a virus

Post by jcaliste on Thu Feb 04, 2010 2:53 pm

Hello,
I have contracted a virus that seems to be spreading through my system. It started off redirecting me on the internet, then causing phantom audio streams to randomly occur. Now it prevents the usage of most security software and blocks System Restore. It does this in safe mode as well. Please Help. My Vipre security software does run and it detects - Trojan.Win32.Generic!BT - Here is the HiJackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 8:22:06 AM, on 2/4/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Running processes:
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sunbelt Software\VIPRE\sbamui.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jamal\My Documents\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - [You must be registered and logged in to see this link.]
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - [You must be registered and logged in to see this link.]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: GoToAssist - Unknown owner - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe" Start=service (file missing)
O23 - Service: VIPRE Antivirus + Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe


Thanx for your assistance.

jcaliste
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-02-04
OS OS : Win XP SP2
Points Points : 25083
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I need help with a virus

Post by Belahzur on Thu Feb 04, 2010 8:51 pm

Hello.

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: I need help with a virus

Post by jcaliste on Thu Feb 04, 2010 9:12 pm

This is the list you asked for:

2Wire Wireless Client
32 Bit HP CIO Components Installer
Acoustica Effects Pack
Acoustica Mixcraft 4.1
Acrobat.com
Ad-Aware
Ad-Aware
Adobe Acrobat 5.0
Adobe AIR
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Photoshop Lightroom 2.2
Adobe Reader 9.2
Adobe Stock Photos 1.0
Adobe Stock Photos 1.0
AIM 6
AIMTunes
ALPS Touch Pad Driver
Amazon MP3 Downloader 1.0.3
AmpliTube LE
AmpliTube Metal
AmpliTube2
Antares Autotune VST RTAS TDM v5.08
AOL Connectivity Services
AOL Instant Messenger
AOL Uninstaller (Choose which Products to Remove)
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression
ArcSoft TotalMedia Backup & Record
AT&T Yahoo! Applications
AT&T Yahoo! Browser Configuration
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Avanquest update
AviSynth 2.5
BatchScanPlus 1.24
BlueSoleil
Bonjour
Broadcom Management Programs 2
Call of Duty(R) 2 Demo
CamGuard Remote ActiveX 1.1.4.100
CamGuard Security System (Home Edition) 4.0.14.223
CCleaner (remove only)
Conexant D110 MDC V.9x Modem
Consumer Complete Care Services Agreement
ConvertHelper 2.2
Coupon Printer for Windows
Crawler Toolbar with Web Security Guard
Create-Ringtone 4.97
Critical Update for Windows Media Player 11 (KB959772)
Dell Picture Studio v3.0
DellConnect
DellSupport
Digital Line Detect
DirectXInstallService
Diskeeper 2010
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
DVD43 v4.4.1
DVD-CLONER V6.00 Build 975
DVDneXtCOPY 3 Ultimate
EarthLink setup files
eLicenser Control
E-muPatchMix DSP
ffdshow [rev 1723] [2007-12-24]
Flash saver
Flash Saving Plugin
FLV Player 1.3.3
GameSpy Arcade
GemMaster Mystic
Get High Speed Internet!
Google Chrome
Google Desktop
Google Update Helper
GoToAssist 8.0.0.514
HijackThis 1.99.1
HomePlug PowerPacket Utility
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB909095)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
HP Customer Participation Program 12.0
HP Deskjet 3900 series
HP Document Manager 2.0
HP Document Viewer 6.1
HP Imaging Device Functions 12.0
HP Photosmart Essential
HP Photosmart Premier Software 6.1
HP PSC & OfficeJet 6.1.A
HP Smart Web Printing
HP Solution Center 12.0
HP Update
Intel(R) PROSet/Wireless Software
Internal Network Card Power Management
Internet Explorer Default Page
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 17
J2SE Runtime Environment 5.0 Update 9
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
Java Access Bridge
Java(TM) 6 Update 16
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Junk Mail filter update
K-Lite Codec Pack 2.66 Full
K-Lite v2.7
Learn2 Player (Uninstall Only)
Live 4.1.2
Macromedia Flash Player
Magic ISO Maker v5.4 (build 0251)
Malwarebytes' Anti-Malware
Maxtor OneTouch
mCore
MCU
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Encarta Encyclopedia Standard 2005
Microsoft Halo
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft LifeCam
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007 Trial
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Picture It! Premium 10
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (TIMELIVE)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Streets and Trips 2005
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Word 2002
Microsoft Works
Microsoft Works 2005 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
mIWA
mIWCA
mLogView
mMHouse
MobileMe Control Panel
Modem Helper
Motorola Driver Installation
Motorola Phone Tools
Motorola USB Drivers v2.9
Mozilla Firefox (3.6)
mPfMgr
mPfWiz
MPM
mProSafe
MSN Toolbar
mSSO
MSVCRT
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB954459)
mToolkit
Musicmatch® Jukebox
mWlsSafe
mXML
My Faster PC
MyDSC2
MyWay Search Assistant
mZConfig
Native Instruments Battery 2
Nero 9
neroxml
Netflix Movie Viewer
NetZeroInstallers
OCR Software by I.R.I.S. 12.0
Officejet Pro 8500 A909 Series
Opera 10.10
PhotoDVD 2.9.6.1d
PowerDVD 5.5
PowerISO
Proteus X LE
QQ Games
QQ Pool
QQ Treasure Hunter
Qualxserve Service Agreement
QuickSet
QuickTime
Readiris Pro 11
RealPlayer
Retrospect Express HD 1.0
Revo Uninstaller 1.83
Roxio Activation Module
Roxio BackOnTrack
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio CinePlayer
Roxio CinePlayer Decoder Pack
Roxio Disc Gallery
Roxio File Backup
Roxio MediaShare
Roxio Update Manager
Sandboxie 3.42
SBC Yahoo! DSL Activation
SBC Yahoo! DSL Home Networking Installer
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB960003)
Security Update for Microsoft Office Excel 2007 (KB959997)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Segoe UI
Shockwave
Shop for HP Supplies
Site-Thief
Skype™ 4.1
Slide
SmartSound Quicktracks Plugin
Sonic Encoders
Sonic MyDVD
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
SoundTaxi 3.1.1
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Spyware Terminator
Steinberg Cubase SX 3
SUPERAntiSpyware Professional
SupportSoft Assisted Service
The Diminutive Experience
T-RackS EQ
Trojan Remover 6.8.1
TuneUp Utilities 2006
TVersity Codec Pack 1.2
TweakAll 3.0
TweakNow RegCleaner
UltiDev Cassini Web Server for ASP.NET 2.0
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Office 2007 (KB934391)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
USB Storage Adapter FX (MXO)
USB Video/Audio Device Driver
VC80CRTRedist - 8.0.50727.4053
Video DVD Maker v3.17.0.38
VideoLAN VLC media player 0.8.4a
Videora iPod Converter 3.07
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Vuze
Vuze Toolbar
WaveLab Lite
WebCyberCoach 3.2 Dell
WeFi 3.7.6.6
WinAVI Video Converter
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 10
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows PowerShell(TM) 1.0
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
WinRAR archiver
Xvid 1.2.1 final uninstall
Yahoo! Photos Easy Upload Tool 1v6

jcaliste
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-02-04
OS OS : Win XP SP2
Points Points : 25083
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I need help with a virus

Post by Belahzur on Thu Feb 04, 2010 9:49 pm

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Crawler Toolbar with Web Security Guard
    J2SE Runtime Environment 5.0 Update 17
    J2SE Runtime Environment 5.0 Update 9
    Java 2 Runtime Environment, SE v1.4.2_03
    Java(TM) 6 Update 16
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    MyWay Search Assistant
    Vuze
    Vuze Toolbar

Next, please post a new Hijack This log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: I need help with a virus

Post by jcaliste on Fri Feb 05, 2010 1:47 am

I was able to remove the 2 toolbars, it would not let me uninstall "My Way search assistant". Here's a concern. I installed Java at the request of my university blackboard in order to participate in online class discussions. I'm afraid I will no longer be able to enter my virtual classroom without it. Also, Vuze is a very important program for me. Are you saying to uninstall it and then reinstall, because I use it alot. Thanx again, here is the log:

2Wire Wireless Client
32 Bit HP CIO Components Installer
Acoustica Effects Pack
Acoustica Mixcraft 4.1
Acrobat.com
Ad-Aware
Ad-Aware
Adobe Acrobat 5.0
Adobe AIR
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Photoshop Lightroom 2.2
Adobe Reader 9.2
Adobe Stock Photos 1.0
Adobe Stock Photos 1.0
AIM 6
AIMTunes
ALPS Touch Pad Driver
Amazon MP3 Downloader 1.0.3
AmpliTube LE
AmpliTube Metal
AmpliTube2
Antares Autotune VST RTAS TDM v5.08
AOL Connectivity Services
AOL Instant Messenger
AOL Uninstaller (Choose which Products to Remove)
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression
ArcSoft TotalMedia Backup & Record
AT&T Yahoo! Applications
AT&T Yahoo! Browser Configuration
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Avanquest update
AviSynth 2.5
BatchScanPlus 1.24
BlueSoleil
Bonjour
Broadcom Management Programs 2
Call of Duty(R) 2 Demo
CamGuard Remote ActiveX 1.1.4.100
CamGuard Security System (Home Edition) 4.0.14.223
CCleaner (remove only)
Conexant D110 MDC V.9x Modem
Consumer Complete Care Services Agreement
ConvertHelper 2.2
Coupon Printer for Windows
Create-Ringtone 4.97
Critical Update for Windows Media Player 11 (KB959772)
Dell Picture Studio v3.0
DellConnect
DellSupport
Digital Line Detect
DirectXInstallService
Diskeeper 2010
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
DVD43 v4.4.1
DVD-CLONER V6.00 Build 975
DVDneXtCOPY 3 Ultimate
EarthLink setup files
eLicenser Control
E-muPatchMix DSP
ffdshow [rev 1723] [2007-12-24]
Flash saver
Flash Saving Plugin
FLV Player 1.3.3
GameSpy Arcade
GemMaster Mystic
Get High Speed Internet!
Google Chrome
Google Desktop
Google Update Helper
GoToAssist 8.0.0.514
HijackThis 1.99.1
HomePlug PowerPacket Utility
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB909095)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
HP Customer Participation Program 12.0
HP Deskjet 3900 series
HP Document Manager 2.0
HP Document Viewer 6.1
HP Imaging Device Functions 12.0
HP Photosmart Essential
HP Photosmart Premier Software 6.1
HP PSC & OfficeJet 6.1.A
HP Smart Web Printing
HP Solution Center 12.0
HP Update
Intel(R) PROSet/Wireless Software
Internal Network Card Power Management
Internet Explorer Default Page
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 17
J2SE Runtime Environment 5.0 Update 9
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
Java Access Bridge
Java(TM) 6 Update 16
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Junk Mail filter update
K-Lite Codec Pack 2.66 Full
K-Lite v2.7
Learn2 Player (Uninstall Only)
Live 4.1.2
Macromedia Flash Player
Magic ISO Maker v5.4 (build 0251)
Malwarebytes' Anti-Malware
Maxtor OneTouch
mCore
MCU
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Encarta Encyclopedia Standard 2005
Microsoft Halo
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft LifeCam
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007 Trial
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Picture It! Premium 10
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (TIMELIVE)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Streets and Trips 2005
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Word 2002
Microsoft Works
Microsoft Works 2005 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
mIWA
mIWCA
mLogView
mMHouse
MobileMe Control Panel
Modem Helper
Motorola Driver Installation
Motorola Phone Tools
Motorola USB Drivers v2.9
Mozilla Firefox (3.6)
mPfMgr
mPfWiz
MPM
mProSafe
MSN Toolbar
mSSO
MSVCRT
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB954459)
mToolkit
Musicmatch® Jukebox
mWlsSafe
mXML
My Faster PC
MyDSC2
MyWay Search Assistant
mZConfig
Native Instruments Battery 2
Nero 9
neroxml
Netflix Movie Viewer
NetZeroInstallers
OCR Software by I.R.I.S. 12.0
Officejet Pro 8500 A909 Series
Opera 10.10
PhotoDVD 2.9.6.1d
PowerDVD 5.5
PowerISO
Proteus X LE
QQ Games
QQ Pool
QQ Treasure Hunter
Qualxserve Service Agreement
QuickSet
QuickTime
Readiris Pro 11
RealPlayer
Retrospect Express HD 1.0
Revo Uninstaller 1.83
Roxio Activation Module
Roxio BackOnTrack
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio CinePlayer
Roxio CinePlayer Decoder Pack
Roxio Disc Gallery
Roxio File Backup
Roxio MediaShare
Roxio Update Manager
Sandboxie 3.42
SBC Yahoo! DSL Activation
SBC Yahoo! DSL Home Networking Installer
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB960003)
Security Update for Microsoft Office Excel 2007 (KB959997)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Segoe UI
Shockwave
Shop for HP Supplies
Site-Thief
Skype™ 4.1
Slide
SmartSound Quicktracks Plugin
Sonic Encoders
Sonic MyDVD
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
SoundTaxi 3.1.1
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Spyware Terminator
Steinberg Cubase SX 3
SUPERAntiSpyware Professional
SupportSoft Assisted Service
The Diminutive Experience
T-RackS EQ
Trojan Remover 6.8.1
TuneUp Utilities 2006
TVersity Codec Pack 1.2
TweakAll 3.0
TweakNow RegCleaner
UltiDev Cassini Web Server for ASP.NET 2.0
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Office 2007 (KB934391)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
USB Storage Adapter FX (MXO)
USB Video/Audio Device Driver
VC80CRTRedist - 8.0.50727.4053
Video DVD Maker v3.17.0.38
VideoLAN VLC media player 0.8.4a
Videora iPod Converter 3.07
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Vuze
WaveLab Lite
WebCyberCoach 3.2 Dell
WeFi 3.7.6.6
WinAVI Video Converter
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 10
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows PowerShell(TM) 1.0
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
WinRAR archiver
Xvid 1.2.1 final uninstall
Yahoo! Photos Easy Upload Tool 1v6

jcaliste
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-02-04
OS OS : Win XP SP2
Points Points : 25083
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I need help with a virus

Post by Belahzur on Fri Feb 05, 2010 2:13 am

Hello.
The Java software is really old, so please install the latest version, then remove the old versions.

Updating Java:

  • Download the latest version of [You must be registered and logged in to see this link.].
  • Click the "Download JRE" button to the right.
  • In the Window that opens, select your platform, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-6u18-windows-i586.exe that you downloaded to install the newest version.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: I need help with a virus

Post by jcaliste on Fri Feb 05, 2010 10:46 am

I followed the above directions, but received an error message about there being something wrong with windows installer. Any ideas? Its the first non-security software that has been curbed by this virus.

jcaliste
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-02-04
OS OS : Win XP SP2
Points Points : 25083
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I need help with a virus

Post by Belahzur on Fri Feb 05, 2010 4:45 pm

Can you tell me the exact message?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: I need help with a virus

Post by jcaliste on Fri Feb 05, 2010 11:52 pm

It says " The Windows Installer could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance". Needless to say, I am not in Safe Mode.

jcaliste
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-02-04
OS OS : Win XP SP2
Points Points : 25083
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I need help with a virus

Post by Belahzur on Sat Feb 06, 2010 12:18 am

Hello.
Go to Start > Run. In the Run box, copy/paste in the following:

msiexec /unregister

Hit enter.
Now do the same for this command:

msiexec /regserver

Hit enter.
Can you uninstall Java now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: I need help with a virus

Post by jcaliste on Sat Feb 06, 2010 12:55 am

No. It begins installation but within 10 sec i get "Error 1606.Could not access network location"

jcaliste
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-02-04
OS OS : Win XP SP2
Points Points : 25083
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I need help with a virus

Post by Belahzur on Sat Feb 06, 2010 12:57 am

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: I need help with a virus

Post by jcaliste on Sat Feb 06, 2010 4:27 am

I ran ComboFix. The log follows... :smile2:


ComboFix 10-02-05.02 - Caliste 02/05/2010 21:39:59.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1618 [GMT -6:00]
Running from: c:\documents and settings\Caliste\Desktop\combo.exe
AV: Spy Sweeper with AntiVirus *On-access scanning disabled* (Updated) {B3891867-7230-459B-9987-E7CCFA7A7D1D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
c:\documents and settings\All Users\Application Data\h8srtkrl32mainweq.dll
c:\documents and settings\All Users\Application Data\h8srtmainqt.dll
c:\documents and settings\Caliste\Application Data\inst.exe
c:\program files\WinPCap
c:\program files\WinPCap\INSTALL.LOG
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\kb913800.exe
c:\windows\patch.exe
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_004272_.tmp.dll
c:\windows\system32\_004273_.tmp.dll
c:\windows\system32\_004274_.tmp.dll
c:\windows\system32\_004275_.tmp.dll
c:\windows\system32\_004282_.tmp.dll
c:\windows\system32\_004283_.tmp.dll
c:\windows\system32\_004284_.tmp.dll
c:\windows\system32\_004285_.tmp.dll
c:\windows\system32\_004287_.tmp.dll
c:\windows\system32\_004288_.tmp.dll
c:\windows\system32\_004291_.tmp.dll
c:\windows\system32\_004292_.tmp.dll
c:\windows\system32\_004294_.tmp.dll
c:\windows\system32\_004295_.tmp.dll
c:\windows\system32\_004296_.tmp.dll
c:\windows\system32\_004298_.tmp.dll
c:\windows\system32\_004301_.tmp.dll
c:\windows\system32\_004302_.tmp.dll
c:\windows\system32\_004306_.tmp.dll
c:\windows\system32\_004307_.tmp.dll
c:\windows\system32\_004309_.tmp.dll
c:\windows\system32\_004311_.tmp.dll
c:\windows\system32\_004312_.tmp.dll
c:\windows\system32\_004315_.tmp.dll
c:\windows\system32\_004316_.tmp.dll
c:\windows\system32\_004317_.tmp.dll
c:\windows\system32\_004318_.tmp.dll
c:\windows\system32\_004319_.tmp.dll
c:\windows\system32\_004322_.tmp.dll
c:\windows\system32\_004323_.tmp.dll
c:\windows\system32\_004324_.tmp.dll
c:\windows\system32\_004325_.tmp.dll
c:\windows\system32\_004326_.tmp.dll
c:\windows\system32\_004331_.tmp.dll
c:\windows\system32\_004333_.tmp.dll
c:\windows\system32\_004334_.tmp.dll
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\caithyao.ini
c:\windows\system32\caithyao.ini2
c:\windows\system32\caithyao.tmp
c:\windows\system32\drivers\H8SRTewpybotmxo.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\eottrbyx.ini
c:\windows\system32\gqdjsiwh.ini
c:\windows\system32\H8SRTduiuwkaoyq.dll
c:\windows\system32\H8SRTejbaicidpx.dll
c:\windows\system32\H8SRTjnqtoqxwno.dat
c:\windows\system32\H8SRTrteqmmvarm.dll
c:\windows\system32\h8srtshsyst.dll
c:\windows\system32\H8SRTwippqptltp.dll
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\ijkmp.bak1
c:\windows\system32\ijkmp.bak2
c:\windows\system32\ijkmp.ini
c:\windows\system32\imrsquhx.ini
c:\windows\system32\lcfhepfl.ini
c:\windows\system32\msvcsv60.dll
c:\windows\system32\niucihuw.ini
c:\windows\system32\npdjigwt.ini
c:\windows\system32\o4Patch.exe
c:\windows\system32\oevfxdwt.ini
c:\windows\system32\plugin1.dat
c:\windows\system32\Process.exe
c:\windows\system32\rkjisvqu.ini
c:\windows\system32\rydddrmx.ini
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\UAClrnvltkdmi.dat
c:\windows\system32\ubheftde.ini
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\vtvlopff.ini
c:\windows\system32\vuvcfvix.ini
c:\windows\system32\vwkoxslm.ini
c:\windows\system32\WORK.DAT
c:\windows\system32\WS2Fix.exe
c:\windows\system32\wupd.dat
c:\windows\system32\xsqmuotf.ini
c:\windows\system32\ycfnrmyi.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_H8SRTd.sys
-------\Legacy_H8SRTd.sys
-------\Legacy_DOMAINSERVICE


((((((((((((((((((((((((( Files Created from 2010-01-06 to 2010-02-06 )))))))))))))))))))))))))))))))
.

2010-02-06 03:39 . 2010-02-06 03:39 -------- d-----w- c:\documents and settings\Caliste\Local Settings\Application Data\Temp
2010-02-05 00:02 . 2004-08-04 06:56 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-02-05 00:02 . 2001-08-18 04:36 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-02-05 00:01 . 2001-08-18 04:36 17408 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-02-05 00:01 . 2001-08-18 04:37 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-02-05 00:01 . 2001-08-18 04:37 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-02-05 00:01 . 2001-08-18 04:37 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2010-02-05 00:01 . 2001-08-17 18:11 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-02-05 00:01 . 2004-08-04 04:29 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
2010-02-05 00:01 . 2004-08-04 04:29 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
2010-02-05 00:01 . 2004-08-10 11:00 221184 ----a-w- c:\windows\system32\dllcache\wmpns.dll
2010-02-05 00:01 . 2004-08-04 05:07 8832 ----a-w- c:\windows\system32\dllcache\wmiacpi.sys
2010-02-05 00:01 . 2004-08-04 04:31 154624 ----a-w- c:\windows\system32\dllcache\wlluc48.sys
2010-02-05 00:01 . 2001-08-17 18:12 34890 ----a-w- c:\windows\system32\dllcache\wlandrv2.sys
2010-02-04 23:59 . 2001-08-17 19:28 397502 ----a-w- c:\windows\system32\dllcache\vpctcom.sys
2010-02-04 23:58 . 2001-08-18 04:36 94720 ----a-w- c:\windows\system32\dllcache\umaxud32.dll
2010-02-04 23:57 . 2001-08-17 18:51 159232 ----a-w- c:\windows\system32\dllcache\tridkbm.sys
2010-02-04 23:56 . 2004-08-10 11:00 21896 ----a-w- c:\windows\system32\dllcache\tdipx.sys
2010-02-04 23:55 . 2004-08-10 11:00 16896 ----a-w- c:\windows\system32\dllcache\status.dll
2010-02-04 23:54 . 2001-08-17 18:12 25034 ----a-w- c:\windows\system32\dllcache\smcpwr2n.sys
2010-02-04 23:53 . 2001-08-17 18:50 104064 ----a-w- c:\windows\system32\dllcache\sisgrp.sys
2010-02-04 23:52 . 2001-08-17 19:51 16640 ----a-w- c:\windows\system32\dllcache\scmstcs.sys
2010-02-04 23:51 . 2001-08-18 04:36 82432 ----a-w- c:\windows\system32\dllcache\rwia450.dll
2010-02-04 23:50 . 2001-08-18 04:36 41472 ----a-w- c:\windows\system32\dllcache\qvusd.dll
2010-02-04 23:49 . 2001-08-18 04:36 16384 ----a-w- c:\windows\system32\dllcache\philcam1.dll
2010-02-04 23:48 . 2001-08-17 20:05 31872 ----a-w- c:\windows\system32\dllcache\ovce.sys
2010-02-04 23:47 . 2001-08-17 18:12 32840 ----a-w- c:\windows\system32\dllcache\ngrpci.sys
2010-02-04 23:46 . 2004-08-04 05:04 12672 ----a-w- c:\windows\system32\dllcache\mutohpen.sys
2010-02-04 23:45 . 2004-08-10 11:00 92416 ----a-w- c:\windows\system32\dllcache\mga.sys
2010-02-04 23:44 . 2001-08-17 19:51 15744 ----a-w- c:\windows\system32\dllcache\lit220p.sys
2010-02-04 23:43 . 2004-08-10 11:00 60928 ----a-w- c:\windows\system32\dllcache\iisclex4.dll
2010-02-04 23:42 . 2004-08-04 06:56 32285 ----a-w- c:\windows\system32\dllcache\hsfcisp2.dll
2010-02-04 23:41 . 2001-08-18 04:36 126976 ----a-w- c:\windows\system32\dllcache\hpgt34tk.dll
2010-02-04 23:40 . 2001-08-17 18:15 442240 ----a-w- c:\windows\system32\dllcache\fpnpbase.sys
2010-02-04 23:39 . 2001-08-17 18:19 40704 ----a-w- c:\windows\system32\dllcache\es1371mp.sys
2010-02-04 23:38 . 2001-08-17 18:11 29696 ----a-w- c:\windows\system32\dllcache\dm9pci5.sys
2010-02-04 23:37 . 2004-08-04 04:32 48640 ----a-w- c:\windows\system32\dllcache\cwrwdm.sys
2010-02-04 23:36 . 2001-08-17 19:51 13824 ----a-w- c:\windows\system32\dllcache\bulltlp3.sys
2010-02-04 23:35 . 2004-08-04 04:29 11615 ----a-w- c:\windows\system32\dllcache\ati1mdxx.sys
2010-02-04 23:34 . 2004-08-10 11:00 46592 ----a-w- c:\windows\system32\dllcache\coadmin.dll
2010-02-04 23:34 . 2003-03-24 22:52 188480 ----a-w- c:\windows\system32\dllcache\cfgwiz.exe
2010-02-04 23:34 . 2003-03-24 22:52 20540 ----a-w- c:\windows\system32\dllcache\author.dll
2010-02-04 23:34 . 2003-03-24 22:52 16439 ----a-w- c:\windows\system32\dllcache\author.exe
2010-02-04 23:34 . 2004-08-10 11:00 43520 ----a-w- c:\windows\system32\dllcache\admwprox.dll
2010-02-04 23:34 . 2004-08-10 11:00 290816 ----a-w- c:\windows\system32\dllcache\adsiis51.dll
2010-02-04 23:34 . 2003-03-24 22:52 16439 ----a-w- c:\windows\system32\dllcache\admin.exe
2010-02-04 23:34 . 2003-03-24 22:52 20540 ----a-w- c:\windows\system32\dllcache\admin.dll
2010-02-04 16:09 . 2010-02-04 16:09 -------- d-----w- c:\documents and settings\Cubase SX3\Local Settings\Application Data\eLicenser
2010-02-04 16:02 . 2010-02-04 16:02 2892 ----a-w- c:\windows\system32\audcon.sys
2010-02-04 15:14 . 2010-02-04 16:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Syncrosoft
2010-02-04 15:14 . 2010-02-04 15:14 -------- d-----w- c:\documents and settings\Caliste\Local Settings\Application Data\eLicenser
2010-02-04 15:12 . 2010-02-04 15:14 -------- d-----w- c:\documents and settings\All Users\Application Data\eLicenser
2010-02-04 15:12 . 2010-02-04 15:14 -------- d-----w- c:\program files\eLicenser
2010-02-04 13:35 . 2010-02-04 13:37 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-03 21:50 . 2010-02-05 01:12 -------- d-----w- c:\program files\Crawler
2010-02-03 21:50 . 2010-02-03 21:50 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-02-03 21:50 . 2010-02-04 14:10 -------- d-----w- c:\program files\Spyware Terminator
2010-02-03 21:50 . 2010-02-04 13:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2010-02-03 21:04 . 2010-02-03 20:39 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-02-03 20:39 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-02-03 20:38 . 2010-02-03 20:38 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-02-03 20:37 . 2010-02-03 20:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-02-03 20:37 . 2010-02-03 20:37 -------- d-----w- c:\program files\Lavasoft
2010-02-03 20:01 . 2010-02-03 20:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-03 19:42 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-03 19:42 . 2010-02-05 00:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-03 19:42 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-03 19:42 . 2010-02-03 19:42 -------- d-----w- c:\documents and settings\Caliste\Application Data\Simply Super Software
2010-02-03 07:38 . 2006-06-19 19:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-02-03 07:38 . 2006-05-25 21:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-02-03 07:38 . 2005-08-26 07:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-02-03 07:38 . 2003-02-03 02:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-02-03 07:38 . 2002-03-06 07:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-02-03 07:30 . 2010-02-06 03:56 -------- d-----w- c:\windows\system32\CatRoot2
2010-02-02 23:52 . 2010-02-02 23:52 -------- d-----w- c:\documents and settings\Cynthia\Application Data\HorizonWimba
2010-02-01 10:30 . 2010-02-01 10:30 -------- d-----w- c:\program files\Microsoft ATS
2010-01-30 04:16 . 2010-01-30 04:17 -------- d-----w- c:\documents and settings\Guest\Application Data\Nero
2010-01-29 01:47 . 2010-01-29 01:47 -------- d-----w- c:\documents and settings\Speedy\Application Data\DivX
2010-01-29 01:46 . 2010-01-29 01:46 -------- d-----w- c:\documents and settings\Speedy\Application Data\Acoustica
2010-01-28 09:30 . 2009-08-11 01:06 69936 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2010-01-28 09:30 . 2009-05-13 22:30 13360 ----a-w- c:\windows\system32\drivers\sbaphd.sys
2010-01-28 09:24 . 2009-07-15 14:17 203056 ----a-w- c:\windows\system32\drivers\sbtis.sys
2010-01-27 20:40 . 2010-01-27 20:40 -------- d-----w- c:\documents and settings\Speedy\Application Data\HorizonWimba
2010-01-27 19:39 . 2010-01-27 19:39 -------- d-----w- c:\documents and settings\Speedy\Application Data\Apple Computer
2010-01-27 09:49 . 2010-01-27 09:49 -------- d-----w- C:\spoolerlogs
2010-01-27 09:46 . 2009-12-20 10:41 84184 ----a-w- c:\windows\system32\drivers\sbhips.sys
2010-01-27 09:46 . 2009-12-20 10:41 67800 ----a-w- c:\windows\system32\drivers\SBFWIM.sys
2010-01-27 09:46 . 2009-12-20 10:41 322904 ----a-w- c:\windows\system32\drivers\SbFw.sys
2010-01-24 07:27 . 2010-01-24 07:27 -------- d-----w- c:\documents and settings\Caliste\Application Data\IObit
2010-01-24 07:23 . 2010-02-02 15:00 1100 ----a-w- c:\windows\system32\d3d8caps.dat
2010-01-24 07:21 . 2010-02-02 15:00 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-20 20:13 . 2010-01-20 21:14 -------- d-----w- c:\documents and settings\Cubase SX3\Application Data\U3
2010-01-20 09:05 . 2010-01-20 09:05 -------- d-----w- c:\program files\Antares Audio Technologies
2010-01-20 09:02 . 2010-01-20 09:02 -------- d-----w- c:\documents and settings\Cynthia\Local Settings\Application Data\Google
2010-01-20 06:13 . 2010-01-20 06:13 -------- d-----w- c:\documents and settings\Cynthia\Application Data\DivX
2010-01-20 06:13 . 2010-01-20 06:13 -------- d-----w- c:\documents and settings\Cynthia\Application Data\Acoustica
2010-01-20 06:11 . 2010-01-20 06:21 -------- d-----w- c:\documents and settings\Cynthia\Application Data\U3
2010-01-20 05:59 . 2010-01-20 05:59 -------- d-----w- c:\documents and settings\Cynthia\Application Data\Apple Computer
2010-01-16 18:55 . 2010-02-02 21:13 -------- d-----w- c:\documents and settings\Cynthia\Application Data\HPAppData
2010-01-09 08:07 . 2010-01-09 08:07 -------- d-----w- c:\program files\GameSpy Arcade

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-06 04:00 . 2007-10-24 05:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-06 02:52 . 2005-12-12 21:58 -------- d-----w- c:\program files\Yahoo!
2010-02-06 02:52 . 2006-05-05 15:09 -------- d-----w- c:\program files\Common Files\Scanner
2010-02-06 00:50 . 2005-12-12 20:58 -------- d-----w- c:\program files\Common Files\Java
2010-02-04 16:11 . 2009-10-20 02:14 4914 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-02-04 16:10 . 2010-01-03 00:43 -------- d-----w- c:\documents and settings\Cubase SX3\Application Data\HPAppData
2010-02-04 15:14 . 2005-12-25 04:21 99456 -c--a-w- c:\documents and settings\Caliste\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-04 15:12 . 2006-02-24 23:34 -------- d-----w- c:\program files\Syncrosoft
2010-02-04 13:27 . 2006-01-01 00:54 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-04 01:15 . 2009-03-11 09:46 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-03 19:55 . 2009-03-11 09:43 -------- d-----w- c:\program files\Trojan Remover
2010-02-03 06:59 . 2006-01-30 22:09 192 -c--a-w- c:\documents and settings\Cynthia\Application Data\wklnhst.dat
2010-01-31 06:34 . 2009-12-14 00:55 -------- d-----w- c:\documents and settings\Guest\Application Data\HPAppData
2010-01-31 06:33 . 2009-07-08 03:04 -------- d-----w- c:\documents and settings\Guest\Application Data\Azureus
2010-01-30 04:17 . 2006-05-26 11:52 99456 -c--a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-28 09:32 . 2009-11-26 17:30 -------- d-----w- c:\documents and settings\Speedy\Application Data\HPAppData
2010-01-28 09:08 . 2009-12-12 12:07 -------- d-----w- c:\documents and settings\Speedy\Application Data\Azureus
2010-01-27 23:14 . 2009-03-02 07:10 508 ----a-w- c:\documents and settings\Speedy\Application Data\wklnhst.dat
2010-01-25 06:42 . 2006-01-19 04:26 -------- d-----w- c:\program files\Opera
2010-01-23 05:43 . 2008-07-10 17:41 64 -c--a-w- c:\windows\msocreg32.dat
2010-01-22 12:02 . 2009-07-20 03:07 -------- d-----w- c:\program files\Acoustica Shared Effects
2010-01-20 06:38 . 2008-11-27 23:07 -------- d-----w- c:\documents and settings\Cynthia\Application Data\Azureus
2010-01-20 06:22 . 2006-02-25 04:01 99456 -c--a-w- c:\documents and settings\Cynthia\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-04 23:02 . 2010-01-04 23:02 27984 ----a-w- c:\windows\system32\sbbd.exe
2009-12-20 01:42 . 2007-11-11 06:39 -------- d-----w- c:\program files\Azureus
2009-12-18 22:05 . 2006-02-24 01:00 99456 -c--a-w- c:\documents and settings\Cubase SX3\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-14 09:49 . 2005-12-12 21:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-14 09:46 . 2009-05-03 23:20 -------- d-----w- c:\program files\MySpace
2009-12-14 00:55 . 2005-12-31 12:04 -------- d-----w- c:\documents and settings\Guest\Application Data\Yahoo!
2009-12-12 12:08 . 2006-11-16 11:02 99456 -c--a-w- c:\documents and settings\Speedy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-11 23:41 . 2009-12-11 23:39 -------- d-----w- c:\documents and settings\Speedy\Application Data\U3
2009-12-11 00:44 . 2006-12-09 07:29 -------- d-----w- c:\documents and settings\LocalService\Application Data\Yahoo!
2009-12-05 20:09 . 2006-12-09 08:36 99456 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-11-11 22:02 . 2009-11-11 22:02 634048 ----a-w- c:\windows\system32\XceedZip.dll
2007-10-03 22:14 . 2007-10-03 22:14 69632 ----a-w- c:\program files\mozilla firefox\components\ffwt.dll
2009-10-30 02:32 . 2009-10-20 04:22 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[7] 2004-08-10 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys

c:\windows\System32\drivers\beep.sys ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 18:41 294912 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-10-31 13:23 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Jamal^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 18:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 10:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
2005-08-05 20:08 67160 ----a-w- c:\program files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2005-10-07 19:13 176128 ----a-r- c:\program files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-05-14 01:58 177472 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2004-08-04 06:56 110592 ----a-w- c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-10 11:00 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2008-03-20 20:35 23040 ----a-w- c:\windows\system32\CtHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2008-03-20 20:35 23552 ----a-w- c:\windows\system32\Ctxfihlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 16:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
2009-06-29 20:28 827904 ----a-w- c:\program files\dvd43\DVD43_Tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-10-30 02:32 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 22:24 54840 -c--a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-07-13 19:03 292128 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2007-05-17 21:45 279912 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 21:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Faster PC]
2009-08-14 23:42 810456 ----a-w- c:\program files\ConsumerSoft\My Faster PC\MFPCHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-07-27 02:37 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 05:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2009-12-01 13:55 389120 ----a-w- c:\program files\Sandboxie\SbieCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBAMTray]
2010-01-04 23:04 959824 ----a-w- c:\program files\Sunbelt Software\VIPRE\SBAMTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 18:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
2010-02-03 21:50 3037696 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-31 20:23 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
2009-08-04 22:49 1068424 ----a-w- c:\program files\Trojan Remover\Trjscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wefi]
2009-10-25 17:07 500056 ----a-w- c:\program files\WeFi\WeFi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YPCService"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"WLANKEEPER"=2 (0x2)
"WebrootSpySweeperService"=2 (0x2)
"VETMSGNT"=2 (0x2)
"TUWinStylerThemeSvc"=3 (0x3)
"SoundMovieServer"=3 (0x3)
"SiteAdvisor Service"=2 (0x2)
"SessionLauncher"=2 (0x2)
"SeaPort"=2 (0x2)
"S24EventMonitor"=2 (0x2)
"RoxLiveShare10"=2 (0x2)
"RetroExpLauncher"=2 (0x2)
"RetroExp Helper"=2 (0x2)
"RegSrvc"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NICCONFIGSVC"=2 (0x2)
"Nero BackItUp Scheduler 4.0"=2 (0x2)
"McAfee SiteAdvisor Service"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"EvtEng"=2 (0x2)
"DSBrokerService"=3 (0x3)
"CAISafe"=2 (0x2)
"Bonjour Service"=2 (0x2)
"BlueSoleil Hid Service"=2 (0x2)
"ASKUpgrade"=2 (0x2)
"ASKService"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"AOL ACS"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"WmiApSrv"=3 (0x3)
"MSCamSvc"=2 (0x2)
"mnmsrvc"=3 (0x3)
"ehSched"=2 (0x2)
"ehRecvr"=2 (0x2)
"WefiEngSvc"=3 (0x3)
"QBFCService"=3 (0x3)
"BITS"=2 (0x2)
"SQLWriter"=2 (0x2)
"MSSQL$TIMELIVE"=2 (0x2)
"gupdate1ca40176e579720"=2 (0x2)
"GoogleDesktopManager-093009-130223"=3 (0x3)
"sp_rssrv"=2 (0x2)
"Lavasoft Ad-Aware Service"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"UltiDev Cassini Web Server for ASP.NET 2.0"=2 (0x2)
"SbieSvc"=2 (0x2)
"IDriverT"=3 (0x3)
"Diskeeper"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Common Files\\AOL\\1135296263\\ee\\aim6.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\yserver.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\CamGuard Security System (Home Edition)\\CamGuard.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Sunbelt Software\\VIPRE\\sbamui.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1135296263\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Tencent\\QQ Games\\QQGames.exe"=
"c:\\Program Files\\Tencent\\QQ Games\\QQGamesD.exe"=
"c:\\Program Files\\Tencent\\QQ Games\\Update\\Update.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Sunbelt Software\\VIPRE\\SBAMSvc.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/3/2010 2:39 PM 64288]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [1/28/2010 3:30 AM 13360]
R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [1/28/2010 3:24 AM 203056]
R2 SBAMSvc;VIPRE Antivirus + Antispyware;c:\program files\Sunbelt Software\VIPRE\SBAMSvc.exe [1/4/2010 5:02 PM 1012080]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [1/28/2010 3:30 AM 69936]
R3 MovRVDrv32;MovRVDrv32;c:\windows\system32\drivers\MovRVDrv32.sys [10/24/2007 1:13 AM 2688]
S2 gzwrrc;gzwrrc;c:\windows\system32\drivers\fjvfuaj.sys --> c:\windows\system32\drivers\fjvfuaj.sys [?]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [3/20/2008 4:23 PM 98328]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [3/20/2008 4:23 PM 98328]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [3/20/2008 4:36 PM 171032]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [3/20/2008 4:36 PM 171032]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [3/20/2008 4:23 PM 528920]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [3/20/2008 4:23 PM 528920]
S3 CTEAPSFX.SYS;CTEAPSFX.SYS;c:\windows\system32\drivers\CTEAPSFX.sys [3/20/2008 4:26 PM 163352]
S3 CTEAPSFX;CTEAPSFX;c:\windows\system32\drivers\CTEAPSFX.sys [3/20/2008 4:26 PM 163352]
S3 CTEDSPFX.SYS;CTEDSPFX.SYS;c:\windows\system32\drivers\CTEDSPFX.sys [3/20/2008 4:32 PM 259096]
S3 CTEDSPFX;CTEDSPFX;c:\windows\system32\drivers\CTEDSPFX.sys [3/20/2008 4:32 PM 259096]
S3 CTEDSPIO.SYS;CTEDSPIO.SYS;c:\windows\system32\drivers\CTEDSPIO.sys [3/20/2008 4:38 PM 134168]
S3 CTEDSPIO;CTEDSPIO;c:\windows\system32\drivers\CTEDSPIO.sys [3/20/2008 4:38 PM 134168]
S3 CTEDSPSY.SYS;CTEDSPSY.SYS;c:\windows\system32\drivers\CTEDSPSY.sys [3/20/2008 4:37 PM 309784]
S3 CTEDSPSY;CTEDSPSY;c:\windows\system32\drivers\CTEDSPSY.sys [3/20/2008 4:37 PM 309784]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [3/20/2008 4:36 PM 99352]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [3/20/2008 4:36 PM 99352]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [3/20/2008 4:40 PM 1324056]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [3/20/2008 4:40 PM 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [3/20/2008 4:37 PM 72728]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [3/20/2008 4:37 PM 72728]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [3/20/2008 4:25 PM 534040]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [3/20/2008 4:25 PM 534040]
S3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [11/19/2009 9:47 AM 45232]
S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;\??\c:\windows\system32\PLCMPR5.SYS --> c:\windows\system32\PLCMPR5.SYS [?]
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;c:\windows\system32\PLCNDIS5.SYS [4/3/2007 9:20 PM 17280]
S3 SbieDrv;SbieDrv;c:\program files\Sandboxie\SbieDrv.sys [12/1/2009 7:55 AM 119296]
S3 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [10/13/2009 8:22 AM 95024]
S3 SynasUSB;eLicenser;c:\windows\system32\drivers\synasusb.sys [2/23/2006 11:20 PM 23696]
S4 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [10/19/2009 10:22 PM 30192]
S4 gupdate1ca40176e579720;Google Update Service (gupdate1ca40176e579720);c:\program files\Google\Update\GoogleUpdate.exe [9/28/2009 2:41 AM 133104]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 7:19 AM 1181328]
S4 MSSQL$TIMELIVE;SQL Server (TIMELIVE);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2/10/2007 4:29 AM 29178224]
S4 RoxLiveShare10;LiveShare P2P Server 10;"c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" --> c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [?]
S4 SessionLauncher;SessionLauncher;c:\docume~1\Jamal\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\Jamal\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]
S4 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [10/24/2007 1:13 AM 184320]
S4 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;c:\program files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [2/7/2007 11:06 PM 49152]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]
S4 WefiEngSvc;WeFi Engine Service;c:\program files\WeFi\WefiEngSvc.exe [10/25/2009 11:07 AM 140632]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - WUAUSERV

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-02-05 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe [2005-09-22 04:35]

2010-02-05 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 02:39]

2010-02-06 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 02:39]

2010-02-05 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 02:39]

2010-02-05 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 02:39]

2010-02-03 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 02:39]

2010-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-28 08:40]

2010-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-28 08:40]

2010-01-31 c:\windows\Tasks\WebReg Officejet Pro 8500 A909g Series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2008-10-17 00:22]
.
.
------- Supplementary Scan -------
.
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Caliste\Application Data\Mozilla\Firefox\Profiles\9p491xlv.default\
FF - plugin: c:\documents and settings\Caliste\Application Data\Mozilla\Firefox\Profiles\9p491xlv.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
HKCU-Run-Advanced SystemCare 3 - g:\documents\Downloads\Advanced SystemCare 3\AWC.exe
HKLM-Run-YOP - c:\progra~1\Yahoo!\YOP\yop.exe
Notify-dimsntfy - (no file)
Notify-WgaLogon - (no file)
SafeBoot-WebrootSpySweeperService
MSConfigStartUp-SmartRAM - g:\documents\Downloads\Advanced SystemCare 3\Sup_SmartRAM.exe
MSConfigStartUp-ycbibpnu - c:\documents and settings\Jamal\Local Settings\Application Data\mifgww\bhllsftav.exe
AddRemove-Halo - g:\halo combat evolved\Game\UNINSTAL.EXE
AddRemove-HijackThis - c:\documents and settings\Jamal\My Documents\Downloads\HijackThis.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-02-05 21:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1028)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll

- - - - - - - > 'explorer.exe'(3516)
c:\program files\Sunbelt Software\VIPRE\oehook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\AIM6\aolsoftware.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2010-02-05 22:12:43 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-06 04:12

Pre-Run: 10,408,300,544 bytes free
Post-Run: 11,426,492,416 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

Current=3 Default=3 Failed=6 LastKnownGood=4 Sets=1,2,3,4,5,6
- - End Of File - - EBA998DA072E5934B2AB59DB88A0B833

jcaliste
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-02-04
OS OS : Win XP SP2
Points Points : 25083
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I need help with a virus

Post by Belahzur on Sat Feb 06, 2010 8:14 pm

Okay, try uninstalling the programs I asked now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: I need help with a virus

Post by jcaliste on Sun Feb 07, 2010 3:10 am

These programs uninstalled:

Crawler Toolbar with Web Security Guard
J2SE Runtime Environment 5.0 Update 17
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_0

When i try the Java software, and "My Search Assistant", it gives me the same Error 1606. Including when attempting to install the new Java update.

jcaliste
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-02-04
OS OS : Win XP SP2
Points Points : 25083
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I need help with a virus

Post by Belahzur on Sun Feb 07, 2010 11:56 pm

Hello.

Please download Revo Uninstall from here: [You must be registered and logged in to see this link.]

  1. Download and run the setup file for Revo Uninstaller.
  2. Once setup, run Revo Uninstaller.
  3. Select the programs I highlighted.
  4. Then hit the "Uninstall" button at the top.
  5. Close Revo Uninstaller.

After you have done that, post a new Hijack This log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: I need help with a virus

Post by jcaliste on Wed Feb 10, 2010 7:53 am

Hi I used the uninstaller, but "My Way Search Assistant" still did not uninstall. Here is the HighJackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:50:45, on 2/10/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\DOCUME~1\Caliste\LOCALS~1\Temp\Temporary Directory 1 for HiJackThis.zip\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [sealmon.exe] C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US [You must be registered and logged in to see this link.]
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_16.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_16.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - [You must be registered and logged in to see this link.]
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - [You must be registered and logged in to see this link.]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: VIPRE Antivirus + Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 6398 bytes

jcaliste
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-02-04
OS OS : Win XP SP2
Points Points : 25083
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I need help with a virus

Post by Belahzur on Wed Feb 10, 2010 7:20 pm

Hello.
Did you remove Crawler?

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
You can reenable TeaTimer once your system is clean.

Please make sure Teatimer is disable before we do this, otherwise this fix will fail.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O8 - Extra context menu item: Crawler Search - tbr:iemenu
    O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
    O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe


  • Press "Fix Checked"
  • Close Hijack This.

Will Myway go now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum