Virus almost resolved...

View previous topic View next topic Go down

Solved Virus almost resolved...

Post by gwsfreak on 11th October 2008, 9:06 pm

ok i got bored one day and lets just say i went to a certain site i wasn't supposed to be on and i got a virus from it. After using a bunch of malware and antivirus stuff, the virus is almost gone, well not really its more lik under control. the virus is located deep inside my registry. i tried booting my comp up in safe mode and deleting it but no go. now after i used tons of applications to get rid of it, its still there, but not really doing much. i hav no idea how to get rid of it right now and everytime AVG scans, TONS of warnings pop up and the icons in the bottom right of my taskbar look a bit enlarged so they look a little blurry and the time and day of week is on 2 seperate lines. any advice or help on this issue?

gwsfreak
Novice
Novice

Posts Posts : 17
Joined Joined : 2008-10-11
Points Points : 29820
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Virus almost resolved...

Post by Belahzur on 11th October 2008, 9:19 pm

Please download the current version of HijackThis from [You must be registered and logged in to see this link.].

Double click and run the installer.
It will install to C:\Program Files\Trend Micro\Hijack This\hijackthis.exe
After installing, you should get the user agreement, press accept and Hijack This will run.
Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This finds, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Virus almost resolved...

Post by gwsfreak on 11th October 2008, 9:46 pm

here

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:45:59, on 10/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\AOL\1205076925\ee\AOLSoftware.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
C:\Program Files\AOL 9.1\waol.exe
C:\Program Files\AOL 9.1\shellmon.exe
C:\Program Files\World of Warcraft\BackgroundDownloader.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\John E. Najmy\Local Settings\Temporary Internet Files\Content.IE5\LBMBT9TI\HiJackThis[1].exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {76345738-044D-41EB-967B-FECC0606034F} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: {b58750c6-8ece-5ed8-2274-2e80d955c71b} - {b17c559d-08e2-4722-8de5-ece86c05785b} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1205076925\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RRT-Auto] C:\Documents and Settings\John E. Najmy\Local Settings\Temporary Internet Files\Content.IE5\L4VZB3KV\RRT[1].exe auto
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: NETGEAR WG311T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.download.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: xxyyxyXP - xxyyxyXP.dll (file missing)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 8675 bytes

gwsfreak
Novice
Novice

Posts Posts : 17
Joined Joined : 2008-10-11
Points Points : 29820
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Virus almost resolved...

Post by Belahzur on 11th October 2008, 10:03 pm

Did you already have Hijack This on your system? the file is running from a temp location, it should be running from Program Files not temp directory. Can you please download it again from the links supplied on the page linked above and this time it should be installed to Program Files.

Although, you've cleaned this up pretty much yourself.


  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O2 - BHO: (no name) - {76345738-044D-41EB-967B-FECC0606034F} - (no file)
    O2 - BHO: {b58750c6-8ece-5ed8-2274-2e80d955c71b} - {b17c559d-08e2-4722-8de5-ece86c05785b} - (no file)
    O4 - HKLM\..\Run: [RRT-Auto] C:\Documents and Settings\John E. Najmy\Local Settings\Temporary Internet Files\Content.IE5\L4VZB3KV\RRT[1].exe auto
    O15 - Trusted Zone: *.download.com
    O20 - Winlogon Notify: xxyyxyXP - xxyyxyXP.dll (file missing)


  • Press "Fix Checked"
  • Close Hijack This.


Note: It is never a good idea to put sites in the trusted zone.
===

Download [You must be registered and logged in to see this link.]

  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
  • Close ATF-Cleaner.exe.

===

Please download JavaRa from [You must be registered and logged in to see this link.]

  • First, unzip it.
  • Then run JavaRa.
  • Select English from the drop down menu and press Select.
  • This will open JavaRa.
  • Press Remove older versions
  • Press yes to the prompt.
  • It will make a log file of what it's removed.
  • Copy and paste the log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Virus almost resolved...

Post by gwsfreak on 11th October 2008, 11:26 pm

The JavaRa removal process was started on Sat Oct 11 19:19:03 2008
Found and removed: C:\Program Files\Java\jre1.6.0_03
Found and removed: C:\Program Files\Java\jre1.6.0_05
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610003
Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610005
Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610003
Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610005
Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003
Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005
Found and removed: SOFTWARE\Classes\JavaPlugin.160_03
Found and removed: SOFTWARE\Classes\JavaPlugin.160_05
Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03
Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05
Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610003
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610005
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610003
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610005
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160030}
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050}
Found and removed: Software\Classes\JavaPlugin.160_03
Found and removed: Software\Classes\JavaPlugin.160_05
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\bin\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\bin\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_03.b05\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_05.b13\
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05
Found and removed: Software\JavaSoft\Java2D\1.6.0_03
Found and removed: Software\JavaSoft\Java2D\1.6.0_05
Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_03
Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_05
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}
------------------------------------
Finished reporting.
JavaRa 1.11 Removal Log.
Report follows after line.
------------------------------------
The JavaRa removal process was started on Sat Oct 11 19:19:57 2008
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}
------------------------------------
Finished reporting.

gwsfreak
Novice
Novice

Posts Posts : 17
Joined Joined : 2008-10-11
Points Points : 29820
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Virus almost resolved...

Post by Belahzur on 11th October 2008, 11:28 pm

Thanks.

How's the machine? no complaints? Right On!


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Virus almost resolved...

Post by gwsfreak on 11th October 2008, 11:34 pm

it works fine but the icons in the task bar r still enlarged and i can't get WoW to connect still

gwsfreak
Novice
Novice

Posts Posts : 17
Joined Joined : 2008-10-11
Points Points : 29820
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Virus almost resolved...

Post by Belahzur on 11th October 2008, 11:51 pm

WoW failing to connect may not be malware related, lets see what this shows.

Random's System Information Tool (RSIT)

Download random's system information tool (RSIT) by random/random from [You must be registered and logged in to see this link.] and save it to your desktop.

  • Double click on RSIT.exe to launch program.
  • Click Continue at the disclaimer screen.
  • Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
  • Once it has finished, two logs will open: log.txt<-- this will be maximized and info.txt<-- this will be minimized.
  • Post log.txt back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Virus almost resolved...

Post by gwsfreak on 12th October 2008, 3:54 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:49:22, on 10/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

2008-09-24 19:28:40 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2008-09-24 19:28:39 ----A---- C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-09-24 19:28:37 ----A---- C:\WINDOWS\system32\404Fix.exe
2008-09-24 19:28:36 ----A---- C:\WINDOWS\system32\VACFix.exe
2008-09-24 19:28:35 ----A---- C:\WINDOWS\system32\IEDFix.exe
2008-09-24 19:28:34 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2008-09-24 19:28:33 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2008-09-24 19:28:32 ----A---- C:\WINDOWS\system32\swxcacls.exe
2008-09-24 19:28:31 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2008-09-24 19:28:31 ----A---- C:\WINDOWS\system32\dumphive.exe
2008-09-24 19:28:30 ----A---- C:\WINDOWS\system32\swsc.exe
2008-09-24 19:28:29 ----A---- C:\WINDOWS\system32\swreg.exe
2008-09-24 19:28:27 ----A---- C:\WINDOWS\system32\Process.exe
2008-09-24 17:51:07 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-09-24 17:51:07 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-24 17:48:27 ----D---- C:\Documents and Settings\John E. Najmy\Application Data\Uniblue
2008-09-24 17:21:45 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-24 17:18:46 ----D---- C:\Config.Msi
2008-09-21 20:51:35 ----D---- C:\Program Files\SUPERAntiSpyware
2008-09-21 20:51:35 ----D---- C:\Documents and Settings\John E. Najmy\Application Data\SUPERAntiSpyware.com
2008-09-21 20:34:57 ----D---- C:\Documents and Settings\John E. Najmy\Application Data\Malwarebytes
2008-09-21 20:06:48 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-21 11:16:03 ----D---- C:\Program Files\iPod
2008-09-21 11:16:00 ----D---- C:\Program Files\iTunes
2008-09-21 11:16:00 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-21 11:13:07 ----D---- C:\Program Files\QuickTime
2008-09-21 11:03:33 ----D---- C:\Program Files\Safari
2008-09-21 11:02:02 ----D---- C:\Program Files\Bonjour
2008-09-20 23:19:44 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-09-20 23:19:42 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-09-20 23:19:40 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-09-20 23:19:40 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-09-20 23:19:31 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-09-20 23:19:31 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-09-20 23:19:22 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-09-20 23:19:21 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-09-20 23:19:20 ----N---- C:\WINDOWS\system32\slserv.exe
2008-09-20 23:19:20 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-09-20 23:19:20 ----N---- C:\WINDOWS\system32\slgen.dll
2008-09-20 23:19:20 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-09-20 23:19:20 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-09-20 23:19:20 ----N---- C:\WINDOWS\slrundll.exe
2008-09-20 23:19:17 ----N---- C:\WINDOWS\system32\setupn.exe
2008-09-20 23:19:14 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-09-20 23:19:11 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-09-20 23:19:09 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-09-20 23:19:07 ----N---- C:\WINDOWS\system32\qutil.dll
2008-09-20 23:19:06 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-09-20 23:19:06 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-09-20 23:19:06 ----N---- C:\WINDOWS\system32\qagent.dll
2008-09-20 23:19:02 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-09-20 23:18:57 ----N---- C:\WINDOWS\system32\onex.dll
2008-09-20 23:18:48 ----N---- C:\WINDOWS\system32\napstat.exe
2008-09-20 23:18:48 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-09-20 23:18:48 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-09-20 23:18:47 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-09-20 23:18:46 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-09-20 23:18:46 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-09-20 23:18:44 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-09-20 23:18:44 ----N---- C:\WINDOWS\system32\mssha.dll
2008-09-20 23:18:27 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-09-20 23:18:26 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-09-20 23:18:26 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-09-20 23:18:26 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-09-20 23:18:24 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2008-09-20 23:18:14 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-09-20 23:18:13 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-09-20 23:18:12 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-09-20 23:18:12 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-09-20 23:18:12 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-09-20 23:18:12 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-09-20 23:18:02 ----N---- C:\WINDOWS\system32\smtpapi.dll
2008-09-20 23:18:01 ----N---- C:\WINDOWS\system32\rwnh.dll
2008-09-20 23:17:56 ----N---- C:\WINDOWS\system32\comsdupd.exe
2008-09-20 23:17:50 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-09-20 23:17:40 ----A---- C:\WINDOWS\003189_.tmp
2008-09-20 23:17:38 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-09-20 23:17:31 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-09-20 23:17:31 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-09-20 23:17:31 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-09-20 23:17:31 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-09-20 23:17:31 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-09-20 23:17:31 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-09-20 23:17:31 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-09-20 23:17:30 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-09-20 23:17:23 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-09-20 23:17:23 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-09-20 23:17:23 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-09-20 23:17:23 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-09-20 23:17:23 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-09-20 23:17:23 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-09-20 23:17:23 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-09-20 23:17:22 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-09-20 23:17:22 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-09-20 23:17:20 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-09-20 23:17:18 ----N---- C:\WINDOWS\system32\credssp.dll
2008-09-20 23:17:12 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-09-20 23:17:11 ----N---- C:\WINDOWS\system32\azroles.dll
2008-09-20 23:17:10 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-09-20 23:17:10 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-09-20 23:17:08 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-09-20 23:17:08 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-09-20 23:17:08 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-09-20 23:17:08 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-09-20 23:17:08 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-09-20 23:16:56 ----N---- C:\WINDOWS\system32\aaclient.dll

======List of files/folders modified in the last 1 months======

gwsfreak
Novice
Novice

Posts Posts : 17
Joined Joined : 2008-10-11
Points Points : 29820
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Virus almost resolved...

Post by gwsfreak on 12th October 2008, 3:54 pm

2008-10-12 11:49:22 ----D---- C:\WINDOWS\Temp
2008-10-12 11:49:22 ----D---- C:\Program Files\Trend Micro
2008-10-12 11:08:28 ----A---- C:\WINDOWS\win.ini
2008-10-12 11:07:55 ----D---- C:\WINDOWS
2008-10-12 09:52:42 ----D---- C:\WINDOWS\Registration
2008-10-11 23:20:57 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-11 22:02:29 ----D---- C:\Documents and Settings\John E. Najmy\Application Data\LimeWire
2008-10-11 19:19:04 ----D---- C:\Program Files\Java
2008-10-11 17:51:33 ----HD---- C:\$AVG8.VAULT$
2008-10-11 17:49:01 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-11 16:22:05 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-11 11:51:39 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-11 10:43:45 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2008-10-10 18:25:18 ----RD---- C:\Program Files
2008-10-10 17:52:06 ----D---- C:\Documents and Settings
2008-10-10 00:30:14 ----A---- C:\WINDOWS\OEWABLog.txt
2008-10-09 16:50:45 ----HD---- C:\WINDOWS\inf
2008-10-09 16:50:45 ----D---- C:\WINDOWS\system32\DirectX
2008-10-09 16:50:45 ----D---- C:\WINDOWS\system32
2008-10-09 14:32:23 ----SHD---- C:\WINDOWS\Installer
2008-10-07 23:20:35 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-07 18:39:33 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-06 20:40:29 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-06 20:38:51 ----A---- C:\WINDOWS\setuplog.txt
2008-10-06 20:38:17 ----D---- C:\WINDOWS\system32\wbem
2008-10-06 20:38:17 ----D---- C:\WINDOWS\system32\Setup
2008-10-06 20:38:17 ----D---- C:\WINDOWS\AppPatch
2008-10-06 20:38:16 ----RSD---- C:\WINDOWS\Fonts
2008-10-06 20:38:12 ----D---- C:\WINDOWS\system32\drivers
2008-10-06 20:19:58 ----D---- C:\WINDOWS\security
2008-10-06 20:18:44 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-06 20:17:57 ----A---- C:\WINDOWS\imsins.BAK
2008-10-06 20:16:09 ----D---- C:\Program Files\Messenger
2008-10-06 20:04:55 ----D---- C:\WINDOWS\WinSxS
2008-10-06 20:04:15 ----D---- C:\WINDOWS\system32\inetsrv
2008-10-06 20:04:14 ----D---- C:\WINDOWS\network diagnostic
2008-10-06 20:04:14 ----D---- C:\WINDOWS\Help
2008-10-06 20:04:13 ----D---- C:\WINDOWS\ime
2008-10-06 20:03:33 ----D---- C:\WINDOWS\system32\usmt
2008-10-06 20:03:33 ----D---- C:\WINDOWS\system32\en-US
2008-10-06 20:03:27 ----D---- C:\WINDOWS\PeerNet
2008-10-06 20:03:26 ----D---- C:\Program Files\Movie Maker
2008-10-06 19:56:26 ----D---- C:\WINDOWS\system32\Restore
2008-10-06 19:56:26 ----D---- C:\WINDOWS\system32\npp
2008-10-06 19:56:26 ----D---- C:\WINDOWS\mui
2008-10-06 19:56:23 ----D---- C:\WINDOWS\msagent
2008-10-06 19:56:22 ----D---- C:\WINDOWS\srchasst
2008-10-06 19:56:20 ----D---- C:\Program Files\NetMeeting
2008-10-06 19:56:18 ----D---- C:\WINDOWS\system32\Com
2008-10-06 19:56:16 ----D---- C:\Program Files\Windows NT
2008-10-06 19:56:15 ----D---- C:\Program Files\Outlook Express
2008-10-06 19:56:12 ----D---- C:\Program Files\Common Files\System
2008-10-06 19:55:47 ----D---- C:\WINDOWS\system32\oobe
2008-10-06 19:55:42 ----D---- C:\WINDOWS\system
2008-10-06 19:52:27 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-10-06 19:48:00 ----D---- C:\WINDOWS\ehome
2008-09-24 19:40:01 ----D---- C:\Program Files\RegistryFix Mantra
2008-09-24 19:39:46 ----D---- C:\Program Files\Common Files
2008-09-24 19:39:13 ----D---- C:\Program Files\TweakNow RegCleaner Std
2008-09-24 19:38:01 ----SD---- C:\WINDOWS\Tasks
2008-09-24 19:35:21 ----D---- C:\WINDOWS\system32\appmgmt
2008-09-24 18:01:24 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-09-21 12:00:36 ----D---- C:\Program Files\Apple Software Update
2008-09-21 11:16:18 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-09-21 11:13:12 ----D---- C:\Program Files\Common Files\Apple
2008-09-20 22:47:55 ----D---- C:\WINDOWS\Debug

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-09-02 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-09-02 26824]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2005-05-13 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2005-05-13 23545]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-03-08 17801]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-09-02 76040]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2005-04-21 40544]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2006-11-08 62336]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2005-05-31 25725]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2005-05-31 34845]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2005-05-31 4125]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2005-05-31 2241]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2005-05-31 86876]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2005-05-31 15069]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2005-05-31 6365]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2005-05-31 98716]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2005-05-31 100605]
R3 Angel;Angel MPEG Device; C:\WINDOWS\system32\DRIVERS\Angel.sys [2006-02-02 376320]
R3 AR5211;NETGEAR WG311T V1H3 Wireless Adapter Service; C:\WINDOWS\system32\DRIVERS\WG311T13.sys [2006-07-05 472000]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 b57w2k;Broadcom NetXtreme 57xx Gigabit Controller; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-03-17 132608]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2004-07-12 645360]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2004-08-05 366384]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2004-07-12 6096]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2004-07-12 130288]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2004-07-12 145488]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2004-08-12 904752]
R3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\system32\drivers\hap16v2k.sys [2004-07-12 148432]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-10 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-12-10 3536768]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2004-07-12 178672]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2003-11-12 333600]
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 IntelC51;IntelC51; C:\WINDOWS\system32\DRIVERS\IntelC51.sys [2004-03-05 1233525]
S3 IntelC52;IntelC52; C:\WINDOWS\system32\DRIVERS\IntelC52.sys [2004-03-05 647929]
S3 IntelC53;IntelC53; C:\WINDOWS\system32\DRIVERS\IntelC53.sys [2004-03-05 60949]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 mohfilt;mohfilt; C:\WINDOWS\system32\DRIVERS\mohfilt.sys [2004-03-05 37048]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-09-10 32000]
S3 USBIO;USBIO Driver (usbio.sys); C:\WINDOWS\System32\Drivers\usbio.sys [2001-05-07 19805]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdm1;USB Bridge Cable Driver; C:\WINDOWS\System32\Drivers\usbbc.sys [2005-02-14 15576]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACS;Atheros Configuration Service; C:\WINDOWS\system32\acs.exe [2006-04-25 36864]
R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-02 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-02 231704]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-12 44032]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2004-08-10 194560]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2004-08-10 102912]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-01 137200]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-12-10 131139]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-19 70656]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912]

-----------------EOF-----------------

gwsfreak
Novice
Novice

Posts Posts : 17
Joined Joined : 2008-10-11
Points Points : 29820
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Virus almost resolved...

Post by Belahzur on 12th October 2008, 4:08 pm

Looks clean to me.
Your problems aren't malware related.

I do see items of Smitfraudfix and AVG. Just a note, AVG detects IEDFix.C.exe as malware. Ignore it, because it's harmless and part of Smitfraudfix.

The enlarged icons could just be an enlarged screen resolution.
Right click anywhere on the desktop > Proporties > Settings Tab > Drag the screen resolution tab up/down to suit you.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Virus almost resolved...

Post by gwsfreak on 12th October 2008, 4:19 pm

sweet that worked, but the very last thing is now the icon at the top lefty when you open internet explorer the little e looks kinda blurry, anyways 2 fix this? and no problems so far other than the problem with WoW, ive tried everythin so far...

gwsfreak
Novice
Novice

Posts Posts : 17
Joined Joined : 2008-10-11
Points Points : 29820
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Virus almost resolved...

Post by Belahzur on 12th October 2008, 4:46 pm

Are you using an LCD screen? If so, maybe just the pixels need re-focusing. A reboot may fix it.

The problem with WoW... the WoW server may just be temp broken.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Virus almost resolved...

Post by gwsfreak on 12th October 2008, 4:59 pm

i don't think so, the realms r still up and running. anyways ty for the help on this

gwsfreak
Novice
Novice

Posts Posts : 17
Joined Joined : 2008-10-11
Points Points : 29820
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Virus almost resolved...

Post by Belahzur on 12th October 2008, 5:02 pm

Okay.
I'll mark this as solved, the problem with WoW can continue in your other thread.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Virus almost resolved...

Post by gwsfreak on 12th October 2008, 5:03 pm

k nothing wrong wit the computer and its workin fine and all but a ton of stuff is poppin up in AVG and one is messed up in my registry

gwsfreak
Novice
Novice

Posts Posts : 17
Joined Joined : 2008-10-11
Points Points : 29820
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Virus almost resolved...

Post by Belahzur on 12th October 2008, 5:09 pm

What is it complaing of now? I know AVG can be pesky, I've had a few false positives with AVG.

Post a new Hijack This log and can you name what it's picking up in the registry?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Virus almost resolved...

Post by gwsfreak on 12th October 2008, 5:25 pm

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\AOL\1205076925\ee\AOLSoftware.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\World of Warcraft\BackgroundDownloader.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\AOL 9.1\waol.exe
C:\Program Files\AOL 9.1\shellmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\John E. Najmy\Local Settings\Temporary Internet Files\Content.IE5\XRU5ATDU\HiJackThis[1].exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1205076925\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: NETGEAR WG311T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

HKLM/SYSTEM/ControlSet001/Enum/Vid_046d&Pid_c509&MI_00/6&1a77b46&0&0000//Location information

gwsfreak
Novice
Novice

Posts Posts : 17
Joined Joined : 2008-10-11
Points Points : 29820
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Virus almost resolved...

Post by Belahzur on 12th October 2008, 5:32 pm

Probably just some leftover.

Now open a new notepad file.
Input this into the notepad file:
QUOTE

REGEDIT4

[-HKEY_LOCAL_MACHINE/SYSTEM/ControlSet001/Enum/Vid_046d&Pid_c509&MI_00]

Save this as fix.reg, save it to your desktop.
Double click fix.reg and select yes to the merge with registry prompt.

That should fix that problem.


Last edited by Belahzur on 12th October 2008, 6:09 pm; edited 1 time in total


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Virus almost resolved...

Post by gwsfreak on 12th October 2008, 6:08 pm

it says i can only imput binary reg files or somethin lik that

gwsfreak
Novice
Novice

Posts Posts : 17
Joined Joined : 2008-10-11
Points Points : 29820
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Virus almost resolved...

Post by Belahzur on 12th October 2008, 6:10 pm

Sorry, my bad. I was rushing. LMBO or ROFL

Edited my post, try again.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Virus almost resolved...

Post by gwsfreak on 12th October 2008, 10:08 pm

ty

gwsfreak
Novice
Novice

Posts Posts : 17
Joined Joined : 2008-10-11
Points Points : 29820
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Virus almost resolved...

Post by Belahzur on 12th October 2008, 10:35 pm

I take it everything is good now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Virus almost resolved...

Post by gwsfreak on 12th October 2008, 10:43 pm

lol so far yep (except for WoW.... :/)

i'm going to call blizz tomorro. ive only played it for lik 5 days and now i have a hugh urge to play and depriving me of it for lik 3 days so far is killing me and my money

gwsfreak
Novice
Novice

Posts Posts : 17
Joined Joined : 2008-10-11
Points Points : 29820
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Virus almost resolved...

Post by Belahzur on 12th October 2008, 10:58 pm

Hah. LMBO or ROFL

Glad to hear everything is fine now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Virus almost resolved...

Post by gwsfreak on 15th October 2008, 2:16 am

alright real bad news... the reg thing is still popping up in my reg. i think its the virus can you help me out?

gwsfreak
Novice
Novice

Posts Posts : 17
Joined Joined : 2008-10-11
Points Points : 29820
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Virus almost resolved...

Post by Belahzur on 15th October 2008, 11:50 am

Is it the same key as before? or a new one?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum