Need help with removing a virus[Still Need Help][Nothing worked, at least I think]

View previous topic View next topic Go down

Need help with removing a virus[Still Need Help][Nothing worked, at least I think]

Post by Stephon on 28th December 2008, 9:58 pm

Okay, I thought this wouldn't happen to me but it did. I was browsing some websites then I guess something got into my computer(No, not any porn sites or anything like that..). Also, I'm running a full system scan with ESET and when I was updating, it said something or someone was trying to edit or mess with svchost - Whatever you call it. ;) PS: I did a system restore before coming here, because I thought it would help but I guess not because it stored itself into the System_32 folder. Sad tearing

Scan Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:52:58 PM, on 12/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Austen.AUSTEN-LABTOP\Desktop\hijackgpthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=presario&pf=laptop
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

--
End of file - 5138 bytes

Thanks.


Last edited by 11PM on 29th December 2008, 2:00 am; edited 1 time in total

Stephon
Intermediate
Intermediate

Posts Posts : 93
Joined Joined : 2008-09-06
Gender Gender : Male
OS OS : Windows XP
Points Points : 30190
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need help with removing a virus[Still Need Help][Nothing worked, at least I think]

Post by Belahzur on 28th December 2008, 10:01 pm

Hello.


  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
    O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)


  • Press "Fix Checked"
  • Close Hijack This.


Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Need help with removing a virus[Still Need Help][Nothing worked, at least I think]

Post by Stephon on 28th December 2008, 10:04 pm

Can those programs run with ESET or no?

Stephon
Intermediate
Intermediate

Posts Posts : 93
Joined Joined : 2008-09-06
Gender Gender : Male
OS OS : Windows XP
Points Points : 30190
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need help with removing a virus[Still Need Help][Nothing worked, at least I think]

Post by Belahzur on 28th December 2008, 10:05 pm

Yeah, MBAM won't be flagged as a false positive or anything.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Need help with removing a virus[Still Need Help][Nothing worked, at least I think]

Post by Stephon on 28th December 2008, 10:32 pm

Here it is:

Malwarebytes' Anti-Malware 1.31
Database version: 1563
Windows 5.1.2600 Service Pack 2

12/28/2008 2:27:10 PM
mbam-log-2008-12-28 (14-27-10).txt

Scan type: Quick Scan
Objects scanned: 50928
Time elapsed: 4 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 2
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\iCheck (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetModule (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\iCheck\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetModule\GetModule32.exe (Trojan.Agent) -> Quarantined and deleted successfully.

So, is it totally gone? And if so, should I do a full scan just in case?

Stephon
Intermediate
Intermediate

Posts Posts : 93
Joined Joined : 2008-09-06
Gender Gender : Male
OS OS : Windows XP
Points Points : 30190
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need help with removing a virus[Still Need Help][Nothing worked, at least I think]

Post by Belahzur on 28th December 2008, 10:35 pm

Now that should of cleared some of it, lets have a look around.


  • Download combofix from here, use the top links - [You must be registered and logged in to see this link.]
  • Please disable your local AV (Anti-virus) by right clicking it's icon in the tray, and exit it.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Need help with removing a virus[Still Need Help][Nothing worked, at least I think]

Post by Stephon on 28th December 2008, 10:43 pm

ComboFix 08-12-28.01 - Austen 2008-12-28 14:41:08.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.502.193 [GMT -8:00]
Running from: c:\documents and settings\Austen.AUSTEN-LABTOP\Desktop\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
FW: ESET Personal firewall *enabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\setup.inf
c:\windows\wiaserviv.log
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-28 )))))))))))))))))))))))))))))))
.

2008-12-28 14:21 . 2008-12-28 14:21 d-------- c:\documents and settings\Austen.AUSTEN-LABTOP\Application Data\Malwarebytes
2008-12-28 14:21 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-28 14:20 . 2008-12-28 14:21 d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-28 14:20 . 2008-12-28 14:20 d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-28 14:20 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-28 13:27 . 2008-12-28 13:27 d-------- c:\documents and settings\Austen.AUSTEN-LABTOP\Application Data\ESET
2008-12-28 13:23 . 2008-12-28 13:23 d-------- c:\program files\ESET
2008-12-28 13:11 . 2008-10-16 14:09 43,544 --a------ c:\windows\system32\wups2.dll
2008-12-28 13:11 . 2008-10-16 14:09 31,768 --a------ c:\windows\system32\wucltui.dll.mui
2008-12-28 13:11 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuaucpl.cpl.mui
2008-12-28 13:11 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2008-12-28 13:11 . 2008-10-16 14:07 18,456 --a------ c:\windows\system32\wuaueng.dll.mui
2008-12-28 13:10 . 2008-12-28 13:10 d---s---- c:\documents and settings\Austen.AUSTEN-LABTOP\UserData
2008-12-28 11:23 . 2008-12-28 14:41 d---s---- c:\documents and settings\Austen.AUSTEN-LABTOP\Temporary Internet Files
2008-12-28 11:23 . 2008-12-28 11:23 d---s---- c:\documents and settings\Austen.AUSTEN-LABTOP\History
2008-12-28 11:22 . 2008-12-28 10:37 d-------- c:\documents and settings\Austen.AUSTEN-LABTOP\Application Data\Intuit
2008-12-28 11:22 . 2008-12-28 13:10 d-------- c:\documents and settings\Austen.AUSTEN-LABTOP
2008-12-28 11:22 . 2008-12-28 11:23 1,716 -rahs---- c:\windows\system32\drivers\103C_HP_NTBK_Presario V5000 (EZ429UA#ABA)_YN_0Pres_QCND629480P_E413900001_46_I30A8_SHP_V56.38_BF.15_T060613_WXH2_L409_M503_J40_7Intel_8Celeron M 410_91.46_#081228_N14E44311_(EZ429UA#ABA)_XMOBILE_CN10_Z_2F.15.MRK
2008-12-28 11:12 . 2004-08-04 05:00 185,344 --a------ c:\windows\system32\Thawbrkr.dll
2008-12-28 11:12 . 2004-08-04 05:00 66,594 --a------ c:\windows\system32\c_864.nls
2008-12-28 11:12 . 2004-08-04 05:00 66,594 --a------ c:\windows\system32\c_862.nls
2008-12-28 11:12 . 2004-08-04 05:00 66,594 --a------ c:\windows\system32\c_720.nls
2008-12-28 11:12 . 2004-08-04 05:00 66,082 --a------ c:\windows\system32\c_708.nls
2008-12-28 11:12 . 2004-08-04 05:00 66,082 --a------ c:\windows\system32\C_28596.NLS
2008-12-28 11:12 . 2004-08-04 05:00 66,082 --a------ c:\windows\system32\c_10021.nls
2008-12-28 11:12 . 2004-08-04 05:00 66,082 --a------ c:\windows\system32\c_10005.nls
2008-12-28 11:12 . 2004-08-04 05:00 66,082 --a------ c:\windows\system32\c_10004.nls
2008-12-28 11:12 . 2004-08-04 05:00 10,752 --a------ c:\windows\system32\c_iscii.dll
2008-12-28 11:12 . 2004-08-04 05:00 6,144 --a------ c:\windows\system32\ftlx041e.dll
2008-12-28 11:12 . 2004-08-04 05:00 5,632 --a------ c:\windows\system32\kbdusa.dll
2008-12-28 11:11 . 2004-08-04 00:56 21,504 --a------ c:\windows\system32\hidserv.dll
2008-12-28 11:11 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2008-12-28 11:11 . 2001-08-17 14:02 9,600 --a------ c:\windows\system32\drivers\hidusb.sys
2008-12-27 00:47 . 2008-12-27 00:47 d-------- c:\program files\SystemRequirementsLab
2008-12-25 14:15 . 2008-12-25 14:15 d-------- c:\program files\Pando Networks
2008-12-25 14:15 . 2008-12-25 14:16 d-------- c:\documents and settings\All Users\Application Data\PMB Files
2008-12-25 09:03 . 2008-12-25 09:03 d-------- c:\program files\Microsoft Silverlight
2008-12-25 08:17 . 2008-12-25 08:17 d--h-c--- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-12-06 10:28 . 2008-02-17 16:52 d-------- c:\documents and settings\Administrator\Application Data\Intuit
2008-12-06 10:28 . 2008-12-06 10:28 d-------- c:\documents and settings\Administrator

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-28 21:38 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-28 21:38 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-12-28 19:40 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-28 19:40 --------- d-----w c:\program files\Hewlett-Packard
2008-12-28 18:48 --------- d-----w c:\program files\Quickensetup
2008-12-28 18:46 --------- d-----w c:\program files\NetWaiting
2008-12-28 18:46 --------- d-----w c:\program files\Microsoft Works
2008-12-28 18:42 --------- d-----w c:\program files\CONEXANT
2008-12-28 18:41 --------- d-----w c:\program files\Common Files\SureThing Shared
2008-12-28 18:41 --------- d-----w c:\program files\Common Files\Sonic Shared
2008-12-28 18:40 --------- d-----w c:\program files\Common Files\LightScribe
2008-12-28 18:37 --------- d-----w c:\documents and settings\All Users\Application Data\Sonic
2008-11-13 19:58 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-13 19:45 --------- dc-h--w c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2008-11-13 16:10 --------- d-----w c:\program files\Cyberstep
2008-11-01 04:06 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-10-16 22:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 22:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 22:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 22:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 22:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 22:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 22:12 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 22:12 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 22:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 22:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 22:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 22:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 22:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 22:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 454656]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761948]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-04-11 102400]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-02-22 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"Reminder"="c:\windows\CREATOR\Remind_XP.exe" [2006-02-09 643072]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-10-24 1451264]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 c:\windows\system32\CHDAudPropShortcut.exe]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R2 ekrn;Eset Service;"c:\program files\ESET\ESET Smart Security\ekrn.exe" [2008-10-24 468224]

*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2008-12-28 14:42:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ????V??????(?@???????@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-12-28 14:42:40
ComboFix-quarantined-files.txt 2008-12-28 22:42:28

Pre-Run: 17,720,225,792 bytes free
Post-Run: 17,815,556,096 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

147

Stephon
Intermediate
Intermediate

Posts Posts : 93
Joined Joined : 2008-09-06
Gender Gender : Male
OS OS : Windows XP
Points Points : 30190
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need help with removing a virus[Still Need Help][Nothing worked, at least I think]

Post by Belahzur on 28th December 2008, 10:50 pm

Looks good, what problems remain?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Need help with removing a virus[Still Need Help][Nothing worked, at least I think]

Post by Stephon on 28th December 2008, 10:52 pm

[You must be registered and logged in to see this link.] wrote:Looks good, what problems remain?

To me, nothing. But I'm wondering if I should take extra steps to prevent this And how can I be really sure that there's nothing on it. ;)

Stephon
Intermediate
Intermediate

Posts Posts : 93
Joined Joined : 2008-09-06
Gender Gender : Male
OS OS : Windows XP
Points Points : 30190
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need help with removing a virus[Still Need Help][Nothing worked, at least I think]

Post by Belahzur on 28th December 2008, 10:56 pm

We can start by updating Java.
Old versions of Java can be exploited by malware, so lets take that security risk out first.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:

  • Download the latest version of [You must be registered and logged in to see this link.].
  • Select the first option where it says "Java SE Runtime Environment (JRE) 6 Update 11".
  • Click the "Download" button to the right.
  • In the Window that opens, select your platform and language, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add or Remove Programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    - Java 2 Runtime Environment, SE v1.4.2
    - J2SE Runtime Environment 5.0
    - J2SE Runtime Environment 5.0 Update 2
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u11-windows-i586-p.exe that you downloaded to install the newest version.
Please make sure the new version of Java is installed before you run JavaRa.

Please download JavaRa from [You must be registered and logged in to see this link.]

  • First, unzip it.
  • Then run JavaRa.
  • Select English from the drop down menu and press Select.
  • This will open JavaRa.
  • Press Remove older versions
  • Press yes to the prompt.
  • It will make a log file of what it's removed.
  • Copy and paste the log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Need help with a virus or two[I still need help][Nothing fixed the issue]

Post by Stephon on 29th December 2008, 1:59 am

11PM wrote:Okay, I thought this wouldn't happen to me but it did. I was browsing some websites then I guess something got into my computer(No, not any porn sites or anything like that..). Also, I'm running a full system scan with ESET and when I was updating, it said something or someone was trying to edit or mess with svchost - Whatever you call it. ;) PS: I did a system restore before coming here, because I thought it would help but I guess not because it stored itself into the System_32 folder. Sad tearing

Scan Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:52:58 PM, on 12/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Austen.AUSTEN-LABTOP\Desktop\hijackgpthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=presario&pf=laptop
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

--
End of file - 5138 bytes

Thanks.

Stephon
Intermediate
Intermediate

Posts Posts : 93
Joined Joined : 2008-09-06
Gender Gender : Male
OS OS : Windows XP
Points Points : 30190
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need help with removing a virus[Still Need Help][Nothing worked, at least I think]

Post by Belahzur on 29th December 2008, 2:01 am

Why did you quote your old post?

If you still need help, please update Java, THEN post a new Hijack This log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Need help with removing a virus[Still Need Help][Nothing worked, at least I think]

Post by Stephon on 29th December 2008, 2:03 am

OK, after I did everything and thought it was okay, I started to update my computer because I used system restore. But I'm still getting a message from ESET that someone or something is trying to edit svchost.exe - Something like that... I also can't access my account's doc and settings for some reason..

Could anyone please explain to me how to fully get rid of the problem? It's bcoming very annoying now.. Sad tearing

Plus, do you think I would have to reinstall Windows? Or reformat? Just wondering...

EDIT:

Sorry, FireFox is acting weird on me..

Stephon
Intermediate
Intermediate

Posts Posts : 93
Joined Joined : 2008-09-06
Gender Gender : Male
OS OS : Windows XP
Points Points : 30190
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need help with removing a virus[Still Need Help][Nothing worked, at least I think]

Post by Belahzur on 29th December 2008, 2:04 am

No, I don't think it will come to that.
Please update Java and then post a new Hijack This log before we move ahead.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Need help with removing a virus[Still Need Help][Nothing worked, at least I think]

Post by Stephon on 29th December 2008, 2:28 am

It's saying that it must close and I can't continue(It's the JavaRa thing). But I did remove the Java I had via Add and remove programs. Is that why it's doing that?

EDIT:

I didn't extract the files... lol

Here's the log:

JavaRa 1.12 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sun Dec 28 18:25:12 2008

JavaRa 1.12 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sun Dec 28 18:26:57 2008

JavaRa 1.12 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sun Dec 28 18:27:10 2008

JavaRa 1.12 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sun Dec 28 18:32:15 2008

Found and removed: Software\JavaSoft\Java2D\1.5.0_06

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\

------------------------------------

Finished reporting.




Should I install Java now?

Stephon
Intermediate
Intermediate

Posts Posts : 93
Joined Joined : 2008-09-06
Gender Gender : Male
OS OS : Windows XP
Points Points : 30190
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need help with removing a virus[Still Need Help][Nothing worked, at least I think]

Post by Belahzur on 29th December 2008, 12:58 pm

Yes, please install the new version of Java, then post a new Hijack This log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Need help with removing a virus[Still Need Help][Nothing worked, at least I think]

Post by Stephon on 29th December 2008, 6:01 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:00:42 AM, on 12/29/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Documents and Settings\Austen.AUSTEN-LABTOP\Desktop\hijackgpthis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [KeyScrambler] C:\Program Files\KeyScrambler\getting_started.html (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [KeyScrambler] C:\Program Files\KeyScrambler\getting_started.html (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=presario&pf=laptop
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

--
End of file - 6474 bytes

Stephon
Intermediate
Intermediate

Posts Posts : 93
Joined Joined : 2008-09-06
Gender Gender : Male
OS OS : Windows XP
Points Points : 30190
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need help with removing a virus[Still Need Help][Nothing worked, at least I think]

Post by Belahzur on 29th December 2008, 6:08 pm

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

  • Vongo



  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')


  • Press "Fix Checked"
  • Close Hijack This.


Delete this folder if it exists:
C:\Program Files\Vongo


  • Download random's system information tool (RSIT) by random/random from [You must be registered and logged in to see this link.] and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<< will be maximized) and info.txt (<< will be minimized)


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Need help with removing a virus[Still Need Help][Nothing worked, at least I think]

Post by Stephon on 29th December 2008, 6:18 pm

Here's the Info.txt one:

info.txt logfile of random's system information tool 1.05 2008-12-29 10:17:18

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 6.0.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_HDAUDIO\UIU32a.exe -U -Icpl30a5a.inf
Customer Experience Enhancement-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
ESET Smart Security-->MsiExec.exe /I{4CEBE5E6-D1FD-4BDF-8C9C-29A9A3CC2B7C}
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_CPL30A5m\HXFSETUP.EXE -U -ICPL30A5m.inf
HijackThis 2.0.2-->"C:\Documents and Settings\Austen.AUSTEN-LABTOP\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP DVD Play 2.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP Help and Support-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly
HP Imaging Device Functions 6.0-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Premier Software 6.0-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
HP User Guides 0019-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E74E3D81-773B-4DCF-B706-50236F80BD81}\setup.exe" -l0x9 -removeonly
HP User Guides--System Recovery-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BC96BBA7-C634-460E-AD18-A0A994213F80}\Setup.exe" -l0x9 -removeonly
HP Wireless Assistant 2.00 E1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9 hpquninst
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Intel(R) Network Connections Drivers-->Prounstl.exe
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
KeyScrambler-->C:\Program Files\KeyScrambler\uninstall.exe
Macromedia Flash Player 8-->MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
muvee autoProducer 4.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{286F29AF-0BE2-4D5F-AB17-B7631A810553}\setup.exe" -l0x9
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel -S
Office 2003 Trial Assistant-->MsiExec.exe /I{47D2103B-FD51-4017-9C20-DD408B17D726}
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SmartAudio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AEF7A12C-CD9B-4773-8AD1-6916138CA7EA}\setup.exe" -l0x9 -removeonly -S
Sonic Audio Module-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic Copy Module-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic Data Module-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A} /l1033
TourSetup-->MsiExec.exe /I{A01FC76F-CC09-4658-9E37-5C2F635EE708}
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Wireless Home Network Setup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{09D8492A-C8E2-421E-927D-46800FB327A3}\setup.exe" -l0x9 -removeonly

======Security center information======

AV: ESET Smart Security 3.0
FW: ESET Personal firewall

System event log

Computer Name: AUSTEN-LABTOP
Event Code: 7035
Message: The Fast User Switching Compatibility service was successfully sent a start control.

Record Number: 5
Source Name: Service Control Manager
Time Written: 20081228112322.000000-480
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: AUSTEN-LABTOP
Event Code: 7036
Message: The Terminal Services service entered the running state.

Record Number: 4
Source Name: Service Control Manager
Time Written: 20081228112322.000000-480
Event Type: information
User:

Computer Name: AUSTEN-LABTOP
Event Code: 6005
Message: The Event log service was started.

Record Number: 3
Source Name: EventLog
Time Written: 20081228112209.000000-480
Event Type: information
User:

Computer Name: AUSTEN-LABTOP
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 2 Uniprocessor Free.

Record Number: 2
Source Name: EventLog
Time Written: 20081228112209.000000-480
Event Type: information
User:

Computer Name: Austen-Labtop
Event Code: 115
Message: System Restore monitoring was enabled on all drives.

Record Number: 1
Source Name: SRService
Time Written: 20081228112115.000000-480
Event Type: information
User:

Application event log

Computer Name: AUSTEN-LABTOP
Event Code: 11728
Message: Product: Norton Internet Security -- Configuration completed successfully.

Record Number: 5
Source Name: MsiInstaller
Time Written: 20081228112917.000000-480
Event Type: information
User: AUSTEN-LABTOP\Austen

Computer Name: AUSTEN-LABTOP
Event Code: 11724
Message: Product: Vongo -- Removal completed successfully.

Record Number: 4
Source Name: MsiInstaller
Time Written: 20081228112852.000000-480
Event Type: information
User: AUSTEN-LABTOP\Austen

Computer Name: AUSTEN-LABTOP
Event Code: 0
Message:
Record Number: 3
Source Name: IDriverT
Time Written: 20081228112845.000000-480
Event Type: information
User:

Computer Name: AUSTEN-LABTOP
Event Code: 101
Message: wuauclt (2928) The database engine stopped.

Record Number: 2
Source Name: ESENT
Time Written: 20081228112829.000000-480
Event Type: information
User:

Computer Name: AUSTEN-LABTOP
Event Code: 103
Message: wuaueng.dll (2928) SUS20ClientDataStore: The database engine stopped the instance (0).

Record Number: 1
Source Name: ESENT
Time Written: 20081228112829.000000-480
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"PCTYPE"=PRESARIO
"PLATFORM"=MCD

-----------------EOF-----------------

Stephon
Intermediate
Intermediate

Posts Posts : 93
Joined Joined : 2008-09-06
Gender Gender : Male
OS OS : Windows XP
Points Points : 30190
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need help with removing a virus[Still Need Help][Nothing worked, at least I think]

Post by Stephon on 29th December 2008, 6:21 pm

Logfile of random's system information tool 1.05 (written by random/random)
Run by Austen at 2008-12-29 10:17:10
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 15 GB (50%) free of 30 GB
Total RAM: 502 MB (31% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:17:15 AM, on 12/29/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Austen.AUSTEN-LABTOP\Desktop\RSIT.exe
C:\Program Files\trend micro\Austen.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [KeyScrambler] C:\Program Files\KeyScrambler\getting_started.html (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [KeyScrambler] C:\Program Files\KeyScrambler\getting_started.html (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=presario&pf=laptop
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

--
End of file - 6553 bytes

Stephon
Intermediate
Intermediate

Posts Posts : 93
Joined Joined : 2008-09-06
Gender Gender : Male
OS OS : Windows XP
Points Points : 30190
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need help with removing a virus[Still Need Help][Nothing worked, at least I think]

Post by Stephon on 29th December 2008, 6:21 pm

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2B9F5787-88A5-4945-90E7-C4B18563BC5E}]
CKeyScramblerBHO Object - C:\Program Files\KeyScrambler\KeyScramblerIE.dll [2008-06-01 808936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-28 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-28 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-28 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2006-02-14 454656]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-03-23 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-03-23 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-03-23 118784]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\CHDAudPropShortcut.exe [2006-04-18 61952]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-09-15 1015808]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2006-04-11 102400]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2005-08-11 249856]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe [2006-02-22 40960]
"RecGuard"=C:\Windows\SMINST\RecGuard.exe [2005-10-11 1187840]
"Reminder"=C:\Windows\CREATOR\Remind_XP.exe [2006-02-09 643072]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2008-10-24 1451264]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-15 102400]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-28 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-12-29 10:17:10 ----D---- C:\rsit
2008-12-29 10:17:10 ----D---- C:\Program Files\trend micro
2008-12-28 21:02:42 ----D---- C:\Program Files\KeyScrambler
2008-12-28 18:55:10 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-28 18:55:10 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-28 18:55:10 ----A---- C:\WINDOWS\system32\java.exe
2008-12-28 18:55:10 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-28 18:54:50 ----D---- C:\Program Files\Java
2008-12-28 18:12:15 ----D---- C:\Documents and Settings\Austen.AUSTEN-LABTOP\Application Data\Sun
2008-12-28 17:42:28 ----SHD---- C:\RECYCLER
2008-12-28 16:56:58 ----D---- C:\Documents and Settings\Austen.AUSTEN-LABTOP\Application Data\Windows Desktop Search
2008-12-28 16:56:20 ----D---- C:\WINDOWS\system32\GroupPolicy
2008-12-28 16:56:10 ----HDC---- C:\WINDOWS\$NtUninstallKB940157$
2008-12-28 16:48:22 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-28 16:41:34 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-12-28 16:38:56 ----D---- C:\WINDOWS\system32\LogFiles
2008-12-28 16:23:54 ----D---- C:\WINDOWS\Prefetch
2008-12-28 16:09:57 ----D---- C:\Program Files\Messenger
2008-12-28 16:09:37 ----D---- C:\WINDOWS\system32\en-us
2008-12-28 16:09:36 ----D---- C:\WINDOWS\system32\scripting
2008-12-28 16:09:33 ----D---- C:\WINDOWS\system32\en
2008-12-28 16:09:33 ----D---- C:\WINDOWS\system32\bits
2008-12-28 16:09:33 ----D---- C:\Program Files\msn
2008-12-28 16:01:14 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-12-28 16:01:13 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-12-28 16:01:11 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-12-28 16:01:09 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-12-28 16:01:09 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-12-28 16:01:07 ----N---- C:\WINDOWS\system32\verclsid.exe
2008-12-28 16:01:04 ----N---- C:\WINDOWS\system32\tzchange.exe
2008-12-28 16:01:03 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-12-28 16:01:03 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-12-28 16:00:59 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-12-28 16:00:58 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-12-28 16:00:56 ----N---- C:\WINDOWS\system32\slserv.exe
2008-12-28 16:00:56 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-12-28 16:00:56 ----N---- C:\WINDOWS\system32\slgen.dll
2008-12-28 16:00:56 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-12-28 16:00:56 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-12-28 16:00:53 ----N---- C:\WINDOWS\system32\setupn.exe
2008-12-28 16:00:51 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-12-28 16:00:50 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-12-28 16:00:49 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-12-28 16:00:48 ----N---- C:\WINDOWS\system32\qutil.dll
2008-12-28 16:00:47 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-12-28 16:00:47 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-12-28 16:00:47 ----N---- C:\WINDOWS\system32\qagent.dll
2008-12-28 16:00:45 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-12-28 16:00:43 ----N---- C:\WINDOWS\system32\onex.dll
2008-12-28 16:00:40 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2008-12-28 16:00:35 ----N---- C:\WINDOWS\system32\napstat.exe
2008-12-28 16:00:35 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-12-28 16:00:35 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-12-28 16:00:35 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-12-28 16:00:34 ----A---- C:\WINDOWS\system32\msxml6.dll
2008-12-28 16:00:33 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-12-28 16:00:32 ----N---- C:\WINDOWS\system32\mssha.dll
2008-12-28 16:00:21 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-12-28 16:00:21 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-12-28 16:00:21 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-12-28 16:00:21 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-12-28 16:00:16 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-12-28 16:00:16 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-12-28 16:00:16 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-12-28 16:00:16 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-12-28 16:00:16 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-12-28 16:00:15 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-12-28 16:00:08 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-12-28 16:00:05 ----A---- C:\WINDOWS\005551_.tmp
2008-12-28 16:00:04 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-12-28 16:00:03 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-12-28 16:00:03 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-12-28 16:00:03 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-12-28 16:00:03 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-12-28 16:00:03 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-12-28 16:00:03 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-12-28 16:00:02 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-12-28 16:00:02 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-12-28 16:00:00 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-12-28 16:00:00 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-12-28 16:00:00 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-12-28 16:00:00 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-12-28 16:00:00 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-12-28 16:00:00 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-12-28 15:59:59 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-12-28 15:59:57 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-12-28 15:59:57 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-12-28 15:59:57 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-12-28 15:59:56 ----N---- C:\WINDOWS\system32\credssp.dll
2008-12-28 15:59:53 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-12-28 15:59:52 ----N---- C:\WINDOWS\system32\azroles.dll
2008-12-28 15:59:52 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-12-28 15:59:52 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-12-28 15:59:52 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-12-28 15:59:52 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-12-28 15:59:52 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-12-28 15:59:52 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-12-28 15:59:52 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-12-28 15:59:51 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-12-28 15:51:07 ----D---- C:\ComboFix
2008-12-28 14:56:54 ----D---- C:\Documents and Settings\Austen.AUSTEN-LABTOP\Application Data\Macromedia
2008-12-28 14:56:54 ----D---- C:\Documents and Settings\Austen.AUSTEN-LABTOP\Application Data\Adobe
2008-12-28 14:42:43 ----D---- C:\WINDOWS\temp
2008-12-28 14:40:43 ----A---- C:\Boot.bak
2008-12-28 14:40:36 ----RASHD---- C:\cmdcons
2008-12-28 14:39:37 ----D---- C:\WINDOWS\ERDNT
2008-12-28 14:39:36 ----AD---- C:\Qoobox
2008-12-28 14:21:05 ----D---- C:\Documents and Settings\Austen.AUSTEN-LABTOP\Application Data\Malwarebytes
2008-12-28 14:20:58 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-28 14:20:57 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-28 13:27:36 ----D---- C:\Documents and Settings\Austen.AUSTEN-LABTOP\Application Data\ESET
2008-12-28 13:23:51 ----D---- C:\Program Files\ESET
2008-12-28 13:21:49 ----D---- C:\WINDOWS\system32\PreInstall
2008-12-28 13:11:55 ----A---- C:\WINDOWS\system32\wups2.dll
2008-12-28 13:11:55 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-12-28 13:11:55 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-12-28 13:11:54 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-12-28 13:11:54 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-12-28 11:48:58 ----D---- C:\Documents and Settings\Austen.AUSTEN-LABTOP\Application Data\Mozilla
2008-12-28 11:30:11 ----A---- C:\WINDOWS\system32\LuResult.txt
2008-12-28 11:22:27 ----ASH---- C:\Documents and Settings\Austen.AUSTEN-LABTOP\Application Data\desktop.ini
2008-12-28 11:22:21 ----SD---- C:\Documents and Settings\Austen.AUSTEN-LABTOP\Application Data\Microsoft
2008-12-28 11:22:21 ----D---- C:\Documents and Settings\Austen.AUSTEN-LABTOP\Application Data\Intuit
2008-12-28 11:22:21 ----D---- C:\Documents and Settings\Austen.AUSTEN-LABTOP\Application Data\Identities
2008-12-28 11:12:08 ----A---- C:\WINDOWS\system32\Thawbrkr.dll
2008-12-28 11:12:07 ----A---- C:\WINDOWS\system32\kbdusa.dll
2008-12-28 11:12:07 ----A---- C:\WINDOWS\system32\ftlx041e.dll
2008-12-28 11:12:07 ----A---- C:\WINDOWS\system32\c_iscii.dll
2008-12-28 11:11:46 ----A---- C:\WINDOWS\system32\hidserv.dll
2008-12-27 00:47:05 ----D---- C:\Program Files\SystemRequirementsLab
2008-12-25 14:15:55 ----D---- C:\Documents and Settings\All Users\Application Data\PMB Files
2008-12-25 14:15:39 ----D---- C:\Program Files\Pando Networks
2008-12-25 09:03:13 ----D---- C:\Program Files\Microsoft Silverlight
2008-12-25 09:02:35 ----HDC---- C:\WINDOWS\$NtUninstallWdf01005$
2008-12-25 08:17:39 ----HDC---- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-12-10 13:40:32 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-10 13:39:34 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-10 13:39:28 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-10 13:39:12 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-06 10:28:27 ----A---- C:\WINDOWS\ntbtlog.txt

Stephon
Intermediate
Intermediate

Posts Posts : 93
Joined Joined : 2008-09-06
Gender Gender : Male
OS OS : Windows XP
Points Points : 30190
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need help with removing a virus[Still Need Help][Nothing worked, at least I think]

Post by Stephon on 29th December 2008, 6:22 pm

======List of files/folders modified in the last 1 months======

2008-12-29 10:17:10 ----D---- C:\Program Files
2008-12-29 10:01:01 ----D---- C:\Program Files\Mozilla Firefox
2008-12-29 10:00:09 ----A---- C:\hpqp.ini
2008-12-29 10:00:04 ----A---- C:\XP_TV.ini
2008-12-29 09:59:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-28 21:02:42 ----D---- C:\WINDOWS\system32\drivers
2008-12-28 18:55:15 ----SHD---- C:\WINDOWS\Installer
2008-12-28 18:55:14 ----HD---- C:\Config.Msi
2008-12-28 18:55:11 ----D---- C:\WINDOWS\system32
2008-12-28 17:41:41 ----D---- C:\WINDOWS
2008-12-28 17:35:03 ----HD---- C:\WINDOWS\inf
2008-12-28 17:34:58 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-12-28 17:34:14 ----D---- C:\Program Files\Internet Explorer
2008-12-28 17:34:10 ----D---- C:\WINDOWS\WinSxS
2008-12-28 17:33:07 ----A---- C:\WINDOWS\imsins.BAK
2008-12-28 17:33:04 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-12-28 17:32:55 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2008-12-28 17:32:03 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2008-12-28 17:31:12 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2008-12-28 17:30:18 ----D---- C:\WINDOWS\ie7updates
2008-12-28 17:30:07 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-28 17:29:59 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-28 17:29:04 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-28 17:28:12 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-28 17:26:21 ----D---- C:\Program Files\Hewlett-Packard
2008-12-28 17:23:27 ----D---- C:\WINDOWS\Help
2008-12-28 17:01:58 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-28 17:01:44 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-12-28 17:01:21 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-28 17:01:09 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-28 17:00:56 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-28 17:00:41 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-28 17:00:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-28 17:00:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-12-28 17:00:04 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-28 16:58:22 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-28 16:58:14 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-28 16:58:02 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-28 16:57:50 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-28 16:57:38 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-12-28 16:57:26 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-28 16:57:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-12-28 16:56:36 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-28 16:56:23 ----D---- C:\Program Files\Windows Desktop Search
2008-12-28 16:56:20 ----D---- C:\WINDOWS\system32\wbem
2008-12-28 16:56:03 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$
2008-12-28 16:55:48 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-12-28 16:55:38 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-28 16:55:27 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2008-12-28 16:54:41 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-12-28 16:51:56 ----HDC---- C:\WINDOWS\ie7
2008-12-28 16:41:20 ----A---- C:\WINDOWS\win.ini
2008-12-28 16:41:11 ----D---- C:\Program Files\Windows Media Player
2008-12-28 16:41:08 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2008-12-28 16:39:49 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2008-12-28 16:36:53 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2008-12-28 16:24:57 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-28 16:24:31 ----A---- C:\WINDOWS\setuplog.txt
2008-12-28 16:23:29 ----D---- C:\WINDOWS\system32\Setup
2008-12-28 16:23:28 ----D---- C:\WINDOWS\AppPatch
2008-12-28 16:23:27 ----RSD---- C:\WINDOWS\Fonts
2008-12-28 16:13:32 ----D---- C:\WINDOWS\security
2008-12-28 16:09:54 ----D---- C:\WINDOWS\ime
2008-12-28 16:09:37 ----D---- C:\WINDOWS\system32\usmt
2008-12-28 16:09:33 ----D---- C:\WINDOWS\PeerNet
2008-12-28 16:09:33 ----D---- C:\Program Files\Movie Maker
2008-12-28 16:09:21 ----D---- C:\WINDOWS\system32\Restore
2008-12-28 16:09:21 ----D---- C:\WINDOWS\system32\npp
2008-12-28 16:09:20 ----D---- C:\WINDOWS\msagent
2008-12-28 16:09:19 ----D---- C:\WINDOWS\srchasst
2008-12-28 16:09:18 ----D---- C:\Program Files\NetMeeting
2008-12-28 16:09:17 ----D---- C:\WINDOWS\system32\Com
2008-12-28 16:09:15 ----D---- C:\Program Files\Windows NT
2008-12-28 16:09:15 ----D---- C:\Program Files\Outlook Express
2008-12-28 16:09:13 ----D---- C:\Program Files\Common Files\System
2008-12-28 16:09:03 ----D---- C:\WINDOWS\system32\oobe
2008-12-28 16:09:02 ----D---- C:\WINDOWS\system
2008-12-28 16:06:55 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-12-28 16:05:18 ----D---- C:\WINDOWS\EHome
2008-12-28 15:53:34 ----D---- C:\WINDOWS\SoftwareDistribution
2008-12-28 14:42:03 ----A---- C:\WINDOWS\system.ini
2008-12-28 14:41:36 ----D---- C:\Program Files\Common Files
2008-12-28 14:41:11 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-28 14:40:44 ----RASH---- C:\boot.ini
2008-12-28 13:38:34 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-28 13:38:34 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-12-28 13:21:45 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-12-28 11:44:54 ----D---- C:\WINDOWS\pchealth
2008-12-28 11:44:54 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-28 11:42:30 ----A---- C:\WINDOWS\QUICKEN.INI
2008-12-28 11:40:34 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-28 11:29:44 ----SD---- C:\WINDOWS\Tasks
2008-12-28 11:27:12 ----HD---- C:\system.sav
2008-12-28 11:27:12 ----D---- C:\WINDOWS\system32\config
2008-12-28 11:27:12 ----D---- C:\SWSETUP
2008-12-28 11:23:35 ----D---- C:\hp
2008-12-28 11:23:31 ----AD---- C:\WINDOWS\system32\pcintro
2008-12-28 11:22:19 ----D---- C:\Documents and Settings
2008-12-28 11:21:10 ----SHD---- C:\System Volume Information
2008-12-28 11:14:52 ----D---- C:\WINDOWS\Registration
2008-12-28 11:06:19 ----RD---- C:\WINDOWS\Web
2008-12-28 11:06:19 ----D---- C:\WINDOWS\twain_32
2008-12-28 11:06:19 ----D---- C:\WINDOWS\tiinst
2008-12-28 11:06:04 ----D---- C:\WINDOWS\system32\URTTemp
2008-12-28 11:06:01 ----D---- C:\WINDOWS\system32\spool
2008-12-28 11:05:51 ----D---- C:\WINDOWS\system32\ras
2008-12-28 11:05:40 ----D---- C:\WINDOWS\system32\mui
2008-12-28 11:05:33 ----D---- C:\WINDOWS\system32\MsDtc
2008-12-28 11:05:31 ----SD---- C:\WINDOWS\system32\Microsoft
2008-12-28 11:05:29 ----D---- C:\WINDOWS\system32\Macromed
2008-12-28 11:05:25 ----D---- C:\WINDOWS\system32\IME
2008-12-28 11:05:22 ----D---- C:\WINDOWS\system32\icsxml
2008-12-28 11:05:22 ----D---- C:\WINDOWS\system32\ias
2008-12-28 11:05:04 ----D---- C:\WINDOWS\system32\DirectX
2008-12-28 11:04:48 ----D---- C:\WINDOWS\system32\1033
2008-12-28 11:04:45 ----D---- C:\WINDOWS\SMINST
2008-12-28 11:04:41 ----D---- C:\WINDOWS\repair
2008-12-28 11:03:44 ----RD---- C:\WINDOWS\Offline Web Pages
2008-12-28 11:03:33 ----D---- C:\WINDOWS\Media
2008-12-28 11:01:55 ----D---- C:\WINDOWS\Debug
2008-12-28 11:01:55 ----D---- C:\WINDOWS\Cursors
2008-12-28 11:01:54 ----D---- C:\WINDOWS\CREATOR
2008-12-28 11:01:40 ----RSD---- C:\WINDOWS\assembly
2008-12-28 11:01:37 ----HDC---- C:\WINDOWS\$NtUninstallKB915326$
2008-12-28 11:01:37 ----HD---- C:\WINDOWS\$NtUninstallKB913446$
2008-12-28 11:01:36 ----HDC---- C:\WINDOWS\$NtUninstallKB912436$
2008-12-28 11:01:36 ----HD---- C:\WINDOWS\$NtUninstallKB912919$
2008-12-28 11:01:36 ----HD---- C:\WINDOWS\$NtUninstallKB911927$
2008-12-28 11:01:36 ----HD---- C:\WINDOWS\$NtUninstallKB911565$
2008-12-28 11:01:35 ----HDC---- C:\WINDOWS\$NtUninstallKB909095$
2008-12-28 11:01:35 ----HD---- C:\WINDOWS\$NtUninstallKB911564$
2008-12-28 11:01:33 ----HD---- C:\WINDOWS\$NtUninstallKB908519$
2008-12-28 11:01:32 ----HD---- C:\WINDOWS\$NtUninstallKB904706$
2008-12-28 11:01:32 ----HD---- C:\WINDOWS\$NtUninstallKB903235$
2008-12-28 11:01:32 ----HD---- C:\WINDOWS\$NtUninstallKB901214$
2008-12-28 11:01:32 ----HD---- C:\WINDOWS\$NtUninstallKB896727$
2008-12-28 11:01:31 ----HD---- C:\WINDOWS\$NtUninstallKB896423$
2008-12-28 11:01:31 ----HD---- C:\WINDOWS\$NtUninstallKB896422$
2008-12-28 11:01:31 ----HD---- C:\WINDOWS\$NtUninstallKB896358$
2008-12-28 11:01:30 ----HDC---- C:\WINDOWS\$NtUninstallKB896256$
2008-12-28 11:01:29 ----HD---- C:\WINDOWS\$NtUninstallKB894391$
2008-12-28 11:01:28 ----HDC---- C:\WINDOWS\$NtUninstallKB889673$
2008-12-28 11:01:28 ----HDC---- C:\WINDOWS\$NtUninstallKB888402$
2008-12-28 11:01:28 ----HD---- C:\WINDOWS\$NtUninstallKB893066$
2008-12-28 11:01:28 ----HD---- C:\WINDOWS\$NtUninstallKB891781$
2008-12-28 11:01:27 ----HDC---- C:\WINDOWS\$NtUninstallKB888239$
2008-12-28 11:01:27 ----HDC---- C:\WINDOWS\$NtUninstallKB885464$
2008-12-28 11:01:27 ----HDC---- C:\WINDOWS\$NtUninstallKB884575$
2008-12-28 11:01:27 ----HD---- C:\WINDOWS\$NtUninstallKB888113$
2008-12-28 11:01:27 ----HD---- C:\WINDOWS\$NtUninstallKB887472$
2008-12-28 11:01:27 ----HD---- C:\WINDOWS\$NtUninstallKB886185$
2008-12-28 11:01:27 ----HD---- C:\WINDOWS\$NtUninstallKB885250$
2008-12-28 11:01:26 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2008-12-28 11:01:26 ----HD---- C:\WINDOWS\$NtUninstallKB873333$
2008-12-28 10:48:49 ----D---- C:\Program Files\Quickensetup
2008-12-28 10:46:59 ----D---- C:\Program Files\NetWaiting
2008-12-28 10:46:14 ----D---- C:\Program Files\Microsoft Works
2008-12-28 10:42:19 ----D---- C:\Program Files\CONEXANT
2008-12-28 10:41:45 ----D---- C:\Program Files\Common Files\SureThing Shared
2008-12-28 10:41:45 ----D---- C:\Program Files\Common Files\Sonic Shared
2008-12-28 10:41:42 ----D---- C:\Program Files\Common Files\Services
2008-12-28 10:40:57 ----D---- C:\Program Files\Common Files\LightScribe
2008-12-28 10:39:32 ----D---- C:\I386
2008-12-28 10:37:23 ----D---- C:\Documents and Settings\All Users\Application Data\Sonic
2008-12-14 12:15:24 ----D---- C:\WINDOWS\Minidump
2008-12-12 22:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll

Stephon
Intermediate
Intermediate

Posts Posts : 93
Joined Joined : 2008-09-06
Gender Gender : Male
OS OS : Windows XP
Points Points : 30190
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need help with removing a virus[Still Need Help][Nothing worked, at least I think]

Post by Stephon on 29th December 2008, 6:22 pm

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-10-24 53256]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2008-10-24 54280]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-10-24 39944]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2008-10-24 73224]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-02-15 12672]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2008-10-23 1391104]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2007-11-16 165496]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2008-10-24 31240]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2008-04-28 9344]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2007-05-01 630272]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-08-22 1035008]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-08-22 201600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-23 1166972]
R3 KeyScrambler;KeyScrambler; C:\WINDOWS\System32\drivers\keyscrambler.sys [2008-03-22 113896]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NuidFltr;NUID filter driver; C:\WINDOWS\system32\DRIVERS\NuidFltr.sys [2007-01-15 9728]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-09-15 213696]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-08-22 718464]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-03-02 57096]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2005-09-19 7808]
S3 eabusb;eabusb; C:\WINDOWS\system32\DRIVERS\eabusb.sys [2005-09-19 5760]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2008-10-24 468224]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-28 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-02-17 73728]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2008-10-24 19200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

Stephon
Intermediate
Intermediate

Posts Posts : 93
Joined Joined : 2008-09-06
Gender Gender : Male
OS OS : Windows XP
Points Points : 30190
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need help with removing a virus[Still Need Help][Nothing worked, at least I think]

Post by Belahzur on 29th December 2008, 6:27 pm

Don't see any problems here, what problems are you still having?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Need help with removing a virus[Still Need Help][Nothing worked, at least I think]

Post by Stephon on 29th December 2008, 6:32 pm

[You must be registered and logged in to see this link.] wrote:Don't see any problems here, what problems are you still having?

When I try to go to My computer>>Doc and settings>>Austen - It says "Access denied but I'm on the account Austen and it's a admin account..

Stephon
Intermediate
Intermediate

Posts Posts : 93
Joined Joined : 2008-09-06
Gender Gender : Male
OS OS : Windows XP
Points Points : 30190
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need help with removing a virus[Still Need Help][Nothing worked, at least I think]

Post by Belahzur on 29th December 2008, 6:34 pm

Press Start > Run
Type in:
%userprofile%
Press enter.

Are you able to do it that way.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Need help with removing a virus[Still Need Help][Nothing worked, at least I think]

Post by Stephon on 29th December 2008, 6:37 pm

[You must be registered and logged in to see this link.] wrote:Press Start > Run
Type in:
%userprofile%
Press enter.

Are you able to do it that way.

Yeah..

But.. It puts me into Austen.AUSTEN-LABTOP when there's another folder named Austen(witch I can't go inside of..).

Might be nothing but don't really know..

Stephon
Intermediate
Intermediate

Posts Posts : 93
Joined Joined : 2008-09-06
Gender Gender : Male
OS OS : Windows XP
Points Points : 30190
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need help with removing a virus[Still Need Help][Nothing worked, at least I think]

Post by Belahzur on 29th December 2008, 6:41 pm

Ah, so there is more than one user profile.
You are on Austen.AUSTEN-LABTOP right now?

If so, and you don't use the Austen user profile, then do this and just leave it as it's not a threat nor in use.
Right click the normal Austen folder > Properties > Tick the "Hidden" attributes box.
You may get an alert box that asks how you want the hidden attribute to work.
Select it to that folder only (the first option I think)


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Need help with removing a virus[Still Need Help][Nothing worked, at least I think]

Post by Stephon on 29th December 2008, 6:43 pm

[You must be registered and logged in to see this link.] wrote:Ah, so there is more than one user profile.
You are on Austen.AUSTEN-LABTOP right now?

If so, and you don't use the Austen user profile, then do this and just leave it as it's not a threat nor in use.
Right click the normal Austen folder > Properties > Tick the "Hidden" attributes box.
You may get an alert box that asks how you want the hidden attribute to work.
Select it to that folder only (the first option I think)

I just did that now and it said it had nothing in it. Could this be because I did a system restore?

Stephon
Intermediate
Intermediate

Posts Posts : 93
Joined Joined : 2008-09-06
Gender Gender : Male
OS OS : Windows XP
Points Points : 30190
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need help with removing a virus[Still Need Help][Nothing worked, at least I think]

Post by Belahzur on 29th December 2008, 6:48 pm

No.
I didn't get the alert either when I made sure my instructions were right, but I did on my other machine.
Aside from the profile that is likely corrupt, but I'd rather not fix something that's not broken.

What other problems remain?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Need help with removing a virus[Still Need Help][Nothing worked, at least I think]

Post by Stephon on 29th December 2008, 6:50 pm

[You must be registered and logged in to see this link.] wrote:No.
I didn't get the alert either when I made sure my instructions were right, but I did on my other machine.
Aside from the profile that is likely corrupt, but I'd rather not fix something that's not broken.

What other problems remain?

So, should I delete it or just leave it be?

One more thing ;)

If ESET detects something messing with the svchost, what should I do?

Stephon
Intermediate
Intermediate

Posts Posts : 93
Joined Joined : 2008-09-06
Gender Gender : Male
OS OS : Windows XP
Points Points : 30190
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need help with removing a virus[Still Need Help][Nothing worked, at least I think]

Post by Belahzur on 29th December 2008, 6:56 pm

I can see from the drivers list a legit driver is using svchost.exe to run it, so chances are if Nod32 warns you of it, allow it to.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Need help with removing a virus[Still Need Help][Nothing worked, at least I think]

Post by Stephon on 29th December 2008, 6:59 pm

[You must be registered and logged in to see this link.] wrote:I can see from the drivers list a legit driver is using svchost.exe to run it, so chances are if Nod32 warns you of it, allow it to.

Alright, thanks for all the help. Thank You! Bow or Thanks

Stephon
Intermediate
Intermediate

Posts Posts : 93
Joined Joined : 2008-09-06
Gender Gender : Male
OS OS : Windows XP
Points Points : 30190
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need help with removing a virus[Still Need Help][Nothing worked, at least I think]

Post by Doctor Inferno on 14th February 2009, 4:04 am

Since this issue is resolved, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 11976
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104620
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum