Virus..help me plz!!

View previous topic View next topic Go down

Solved Virus..help me plz!!

Post by vikneshwaren on Mon Feb 02, 2009 9:55 am

My pc is infected with a virus..as a result i was not able to open my drives and some applications are not working..

Here is the MBAM log file:

Malwarebytes' Anti-Malware 1.31
Database version: 1456
Windows 5.1.2600 Service Pack 2

2/2/2009 3:20:13 PM
mbam-log-2009-02-02 (15-20-13).txt

Scan type: Quick Scan
Objects scanned: 54718
Time elapsed: 6 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Msn.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\system32\system32 (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\system32\klog.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\system32\win32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32:msn.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\winhost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Viki\Application Data\addon.dat (Malware.Trace) -> Quarantined and deleted successfully.

Here is my HJT Log :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:31:44 PM, on 2/2/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\FastStone Capture\FSCapture.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Opera\opera.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: CMVideoPlugin - {8D42A04C-8B18-467F-9A44-C1348AEF2D75} - C:\WINDOWS\system32\CMVideo.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: FastStone Capture.lnk = C:\Program Files\FastStone Capture\FSCapture.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Send by Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
O8 - Extra context menu item: Send via &Message... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - [You must be registered and logged in to see this link.]
O17 - HKLM\System\CCS\Services\Tcpip\..\{F94EF3F2-3C4A-4ACD-8229-A5BB968AFDE6}: NameServer = 192.168.1.1,218.248.255.145
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\skype4com.dll
O20 - AppInit_DLLs: wbsys.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: fsp_lmwl - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 10516 bytesg]

Plz see this too :



Sad tearing









vikneshwaren
Senior
Senior

Status :
Online
Offline

Posts : 251
Joined : 2008-12-23
Gender : Male
OS : Microsoft Windows 7 Ultimate

View user profile

Back to top Go down

Solved Re: Virus..help me plz!!

Post by Belahzur on Mon Feb 02, 2009 1:44 pm

Hello.
MBAM should have cleared most of it.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run
  • When complete, DDS.txt will open.
  • Click No for Optional Scan.
  • Save the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: Virus..help me plz!!

Post by vikneshwaren on Mon Feb 02, 2009 3:24 pm

Here is the DDS.txt results:
[You must be registered and logged in to see this link.]

Bow or Thanks









vikneshwaren
Senior
Senior

Status :
Online
Offline

Posts : 251
Joined : 2008-12-23
Gender : Male
OS : Microsoft Windows 7 Ultimate

View user profile

Back to top Go down

Solved Re: Virus..help me plz!!

Post by Belahzur on Mon Feb 02, 2009 4:01 pm

Hello.
Looks okay, just execute this to tidy up leftovers.

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :services
    scrcap

    :files
    c:\windows\system32\svcnost.exe
    C:\autorun.inf
    c:\windows\49253DE2FC994BE399A4DAB01A8E6088.TMP
    C:\t84.2

    :commands
    [purity]
    [emptytemp]
    [reboot]


  • Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: Virus..help me plz!!

Post by vikneshwaren on Mon Feb 02, 2009 4:39 pm

File/Folder dss.exe not found.
File/Folder Deckard not found.
File/Folder deljob.exe not found.
File/Folder deljob not found.
File/Folder logit.txt not found.
File/Folder FindAWF.exe not found.
File/Folder AWF.txt not found.
File/Folder fixwareout.exe not found.
File/Folder fixwareout not found.
File/Folder fsbl.exe not found.
File/Folder fsbl*.log not found.
File/Folder gmer.exe not found.
File/Folder gmer.dll not found.
File/Folder gmer.ini not found.
File/Folder gmer.log not found.
File/Folder gmer_uninstall.cmd not found.
File/Folder gmer.sys not found.
Service not present: gmer.
File/Folder haxfix.exe not found.
File/Folder haxfix.txt not found.
File/Folder killbox.exe not found.
File/Folder !Killbox not found.
File/Folder NoLop.exe not found.
File/Folder NoLop.txt not found.
File/Folder NoLopOLD.txt not found.
File/Folder delete.bat not found.
File/Folder OTListIt2.exe not found.
File/Folder OTListIt.txt not found.
File/Folder Extras.txt not found.
File/Folder OTMoveIt.exe not found.
File/Folder OTMoveIt2.exe not found.
File delete failed. C:\Documents and Settings\Viki\Desktop\OTMoveIt3.exe scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Viki\Desktop\OTMoveIt3.exe scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Viki\Desktop\OTMoveIt3.exe scheduled to be deleted on reboot.









vikneshwaren
Senior
Senior

Status :
Online
Offline

Posts : 251
Joined : 2008-12-23
Gender : Male
OS : Microsoft Windows 7 Ultimate

View user profile

Back to top Go down

Solved Re: Virus..help me plz!!

Post by Belahzur on Mon Feb 02, 2009 4:56 pm

You pressed CleanUp! instad of MoveIt!
You'll have to do it again now. LMBO or ROFL


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: Virus..help me plz!!

Post by vikneshwaren on Tue Feb 03, 2009 11:29 am

========== SERVICES/DRIVERS ==========
Service scrcap stopped successfully.
Service scrcap deleted successfully.
========== FILES ==========
c:\windows\system32\svcnost.exe moved successfully.
C:\autorun.inf moved successfully.
c:\windows\49253DE2FC994BE399A4DAB01A8E6088.TMP moved successfully.
C:\t84.2 moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Viki\LOCALS~1\Temp\Perflib_Perfdata_ab4.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Viki\LOCALS~1\Temp\Perflib_Perfdata_bf4.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Viki\LOCALS~1\Temp\tmp9.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Viki\LOCALS~1\Temp\tmpC.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Viki\LOCALS~1\Temp\~DFAF8D.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_794.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_f98.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
File delete failed. C:\Documents and Settings\Viki\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Viki\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\md.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Viki\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\url.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Viki\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\w.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Viki\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\wb.vx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Viki\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Viki\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\md.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Viki\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\url.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Viki\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\w.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Viki\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\wb.vx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Viki\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Viki\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\md.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Viki\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\url.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Viki\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\w.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Viki\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\wb.vx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Viki\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Viki\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\md.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Viki\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\url.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Viki\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\w.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Viki\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\wb.vx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Viki\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Viki\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\md.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Viki\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\url.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Viki\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\w.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Viki\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\wb.vx scheduled to be deleted on reboot.
Opera cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02032009_165459

Files moved on Reboot...
File C:\DOCUME~1\Viki\LOCALS~1\Temp\Perflib_Perfdata_ab4.dat not found!
File C:\DOCUME~1\Viki\LOCALS~1\Temp\Perflib_Perfdata_bf4.dat not found!
C:\DOCUME~1\Viki\LOCALS~1\Temp\tmp9.tmp moved successfully.
C:\DOCUME~1\Viki\LOCALS~1\Temp\tmpC.tmp moved successfully.
C:\DOCUME~1\Viki\LOCALS~1\Temp\~DFAF8D.tmp moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_794.dat moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_f98.dat moved successfully.
C:\Documents and Settings\Viki\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\adoc.bx moved successfully.
C:\Documents and Settings\Viki\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\md.dat moved successfully.
C:\Documents and Settings\Viki\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\url.ax moved successfully.
C:\Documents and Settings\Viki\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\w.ax moved successfully.
C:\Documents and Settings\Viki\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\wb.vx moved successfully.
C:\Documents and Settings\Viki\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\adoc.bx moved successfully.
C:\Documents and Settings\Viki\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\md.dat moved successfully.
C:\Documents and Settings\Viki\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\url.ax moved successfully.
C:\Documents and Settings\Viki\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\w.ax moved successfully.
C:\Documents and Settings\Viki\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\wb.vx moved successfully.
C:\Documents and Settings\Viki\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\adoc.bx moved successfully.
C:\Documents and Settings\Viki\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\md.dat moved successfully.
C:\Documents and Settings\Viki\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\url.ax moved successfully.
C:\Documents and Settings\Viki\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\w.ax moved successfully.
C:\Documents and Settings\Viki\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\wb.vx moved successfully.
C:\Documents and Settings\Viki\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\adoc.bx moved successfully.
C:\Documents and Settings\Viki\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\md.dat moved successfully.
C:\Documents and Settings\Viki\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\url.ax moved successfully.
C:\Documents and Settings\Viki\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\w.ax moved successfully.
C:\Documents and Settings\Viki\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\wb.vx moved successfully.
C:\Documents and Settings\Viki\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\adoc.bx moved successfully.
C:\Documents and Settings\Viki\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\md.dat moved successfully.
C:\Documents and Settings\Viki\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\url.ax moved successfully.
C:\Documents and Settings\Viki\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\w.ax moved successfully.
C:\Documents and Settings\Viki\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\wb.vx moved successfully.









vikneshwaren
Senior
Senior

Status :
Online
Offline

Posts : 251
Joined : 2008-12-23
Gender : Male
OS : Microsoft Windows 7 Ultimate

View user profile

Back to top Go down

Solved Re: Virus..help me plz!!

Post by Belahzur on Tue Feb 03, 2009 1:44 pm

How is everything now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: Virus..help me plz!!

Post by vikneshwaren on Tue Feb 03, 2009 2:13 pm

SAme problem again..i've also formatted my os and installed again..but the same problem persists..when i try to access my drives this error comming..plz plz help me..










vikneshwaren
Senior
Senior

Status :
Online
Offline

Posts : 251
Joined : 2008-12-23
Gender : Male
OS : Microsoft Windows 7 Ultimate

View user profile

Back to top Go down

Solved Re: Virus..help me plz!!

Post by Belahzur on Tue Feb 03, 2009 2:55 pm

Okay.
We'll use this.


  • Download combofix from here [You must be registered and logged in to see this link.]
  • Please disable your local AV (Anti-virus) by right clicking it's icon in the tray, and exit it.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: Virus..help me plz!!

Post by vikneshwaren on Wed Feb 04, 2009 3:03 am

Hi Belahzur Sir,
Thx a lot for your assistance....Combo Fix helped me a lot ....it just removed that virus...again thx a lot...
I was thinking back up my files and to format all my drives..but now it is no more needed..
thx


Thank You! Thank You! Thank You! Thank You! Thank You! Thank You! Thank You! Thank You! Thank You! Thank You! Thank You! Thank You! Thank You! Thank You! Thank You! Thank You! Thank You! Thank You! Thank You! Thank You! Thank You! Thank You! Thank You! Thank You! Thank You! Thank You! Thank You! Thank You! Thank You! Thank You! Thank You! Thank You! Thank You! Thank You! Thank You! Thank You!









vikneshwaren
Senior
Senior

Status :
Online
Offline

Posts : 251
Joined : 2008-12-23
Gender : Male
OS : Microsoft Windows 7 Ultimate

View user profile

Back to top Go down

Solved Re: Virus..help me plz!!

Post by Belahzur on Wed Feb 04, 2009 2:27 pm

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:

  • Download the latest version of [You must be registered and logged in to see this link.].
  • Select the first option where it says "Java SE Runtime Environment (JRE) 6 Update 11".
  • Click the "Download" button to the right.
  • In the Window that opens, select your platform and language, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add or Remove Programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    - Java 2 Runtime Environment, SE v1.4.2
    - J2SE Runtime Environment 5.0
    - J2SE Runtime Environment 5.0 Update 2
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u11-windows-i586-p.exe that you downloaded to install the newest version.
Please make sure the new version of Java is installed before you run JavaRa.

Please download JavaRa from [You must be registered and logged in to see this link.]

  • First, unzip it.
  • Then run JavaRa.
  • Select English from the drop down menu and press Select.
  • This will open JavaRa.
  • Press Remove older versions
  • Press yes to the prompt.
  • It will make a log file of what it's removed.
  • Copy and paste the log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: Virus..help me plz!!

Post by vikneshwaren on Wed Feb 04, 2009 3:06 pm

thx u Belahzur...









vikneshwaren
Senior
Senior

Status :
Online
Offline

Posts : 251
Joined : 2008-12-23
Gender : Male
OS : Microsoft Windows 7 Ultimate

View user profile

Back to top Go down

Solved Re: Virus..help me plz!!

Post by Doctor Inferno on Sat May 09, 2009 10:15 am

Since this issue has been addressed, a "solved" tag will be added and this topic will be closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a [You must be registered and logged in to see this link.] for your questions.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Status :
Online
Offline

Posts : 12017
Joined : 2007-12-26
Gender : Male
OS : Windows 7 Home Premium and Ultimate X64

View user profile

Back to top Go down

Solved Re: Virus..help me plz!!

Post by Doctor Inferno on Sat May 09, 2009 10:16 am

Since this issue has been addressed, a "solved" tag will be added and this topic will be closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a [You must be registered and logged in to see this link.] for your questions.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Status :
Online
Offline

Posts : 12017
Joined : 2007-12-26
Gender : Male
OS : Windows 7 Home Premium and Ultimate X64

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum