Win32/Virut.Gen

View previous topic View next topic Go down

Win32/Virut.Gen

Post by HarleyzMomma on 11th March 2009, 12:21 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:17:07 PM, on 3/10/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Java\jre1.6.0\bin\javaws.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Momma\Desktop\hijackgpthis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\partner.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
O4 - HKLM\..\Run: [VAIOMyMemCenter] "C:\Program Files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe" 1
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Fix-It Task Manager - Avanquest North America, Inc. - C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IviRegMgr - InterVideo - c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Partner Service - Google Inc. - C:\ProgramData\Partner\partner.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Windows\RtkAudioService.exe
O23 - Service: Intel(R) Sample Collector (SampleCollector) - Intel Corporation - C:\Program Files\Sony\VAIO Care\collsvc.exe
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDs.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8671 bytes

HarleyzMomma
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-03-10
OS OS : Windows Vista Home Premium
Points Points : 28320
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Virut.Gen

Post by Belahzur on 11th March 2009, 12:37 am


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run
  • When complete, DDS.txt will open.
  • Save the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

DDS log

Post by HarleyzMomma on 11th March 2009, 2:26 am

When I try to copy and paste the text here, it says there's too much text to post. What do I do?

HarleyzMomma
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-03-10
OS OS : Windows Vista Home Premium
Points Points : 28320
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Virut.Gen

Post by Belahzur on 11th March 2009, 2:36 am

Break it up into more than one post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

DDS text part 1

Post by HarleyzMomma on 11th March 2009, 2:46 am

Oh yeah. Duh. Let me think

DDS (Ver_09-02-01.01) - NTFSx86
Run by Momma at 15:42:03.28 on Tue 03/10/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2938.1761 [GMT -10:00]

AV: Windows Live OneCare *On-access scanning enabled* (Updated)
AV: Avanquest VirusScanner Pro *On-access scanning enabled* (Updated)
FW: Windows Live OneCare Firewall *enabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\RtkAudioService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\UI0Detect.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\Java\jre1.6.0\bin\javaws.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Users\Momma\Desktop\hijackgpthis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Momma\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uDefault_Page_URL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mDefault_Page_URL = [You must be registered and logged in to see this link.]
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: UrlHelper Class: {74322bf9-df26-493f-b0da-6d2fc5e6429e} - c:\program files\bearshare applications\bearshare mediabar\BearShareIEHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - c:\programdata\partner\partner.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: BearShare MediaBar: {d3dee18f-db64-4beb-9ff1-e1f0a5033e4a} - c:\program files\bearshare applications\bearshare mediabar\BearShareMediaBar.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [VAIOMyMemCenter] "c:\program files\sony\vaio my memory center\VAIO MyMemCenter.exe" 1
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [OneCareUI] "c:\program files\microsoft windows onecare live\winssnotify.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll

============= SERVICES / DRIVERS ===============

R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\microsoft windows onecare live\OcHealthMon.exe [2008-11-5 25968]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 RtkAudioService;Realtek Audio Service;c:\windows\RTKAUDIOSERVICE.EXE [2008-10-29 104992]
R2 tmpreflt;tmpreflt;c:\progra~1\avanqu~1\fix-it\tmpreflt.sys [2007-8-31 32528]
R2 uCamMonitor;CamMonitor;c:\program files\arcsoft\magic-i visual effects 2\uCamMonitor.exe [2009-3-3 104960]
R2 VAIO Power Management;VAIO Power Management;c:\program files\sony\vaio power management\SPMService.exe [2008-10-29 415584]
R2 VCFw;VAIO Content Folder Watcher;c:\program files\common files\sony shared\vaio content folder watcher\VCFw.exe [2008-9-3 446464]
R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2009-3-3 337184]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2009-3-3 17920]
R3 MailScan;MailScan;c:\progra~1\avanqu~1\fix-it\MailScan.sys [2008-8-26 20496]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2008-10-29 9344]
S3 Partner Service;Partner Service;c:\programdata\partner\partner.exe [2009-3-3 110576]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [2009-3-3 29824]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [2009-3-3 41344]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [2009-3-3 39936]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [2009-3-3 59776]
S3 SampleCollector;Intel(R) Sample Collector;c:\program files\sony\vaio care\collsvc.exe [2009-3-6 122880]
S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\sony\vaio media plus\SOHCImp.exe [2009-3-3 103712]
S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\sony\vaio media plus\SOHDms.exe [2009-3-3 353568]
S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\sony\vaio media plus\SOHDs.exe [2009-3-3 62752]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2009-3-3 83232]

HarleyzMomma
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-03-10
OS OS : Windows Vista Home Premium
Points Points : 28320
# Likes # Likes : 0

View user profile

Back to top Go down

DDS text part 2

Post by HarleyzMomma on 11th March 2009, 2:47 am

=============== Created Last 30 ================

2009-03-10 14:03 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-10 13:35 --d----- c:\users\momma\.SunDownloadManager
2009-03-09 23:25 510 a------- c:\windows\WORDPAD.INI
2009-03-07 23:38 --d----- c:\users\momma\appdata\roaming\FrostWire
2009-03-07 23:37 --d----- c:\program files\FrostWire
2009-03-07 21:37 --d----- c:\program files\VideoLAN
2009-03-07 19:41 --d----- C:\Click to Disc
2009-03-05 19:29 --d----- c:\programdata\359E
2009-03-05 19:29 --d----- c:\progra~2\359E
2009-03-04 19:29 --d----- c:\programdata\01E9
2009-03-04 19:29 --d----- c:\progra~2\01E9
2009-03-04 19:24 --d----- c:\users\momma\appdata\roaming\MusicNet
2009-03-04 19:24 --d----- c:\programdata\6B4
2009-03-04 19:24 --d----- c:\progra~2\6B4
2009-03-04 17:09 --d----- c:\programdata\B2C6
2009-03-04 17:09 --d----- c:\progra~2\B2C6
2009-03-04 16:34 --d----- c:\programdata\119F
2009-03-04 16:34 --d----- c:\progra~2\119F
2009-03-04 16:33 483,328 a------- c:\windows\system32\actskn45.ocx
2009-03-04 16:33 --d----- c:\program files\xxx.xxx
2009-03-04 09:48 --d----- c:\users\momma\{794d798f-9dbf-4b6e-839c-b2311a65ebb9}
2009-03-04 09:47 827,392 a------- c:\windows\system32\wininet.dll
2009-03-04 09:47 1,383,424 a------- c:\windows\system32\mshtml.tlb
2009-03-04 09:46 7,680 a------- c:\windows\system32\spwmp.dll
2009-03-04 09:46 4,096 a------- c:\windows\system32\msdxm.ocx
2009-03-04 09:46 4,096 a------- c:\windows\system32\dxmasf.dll
2009-03-04 09:46 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-03-04 09:18 2,048 a------- c:\windows\system32\tzres.dll
2009-03-04 08:57 97,800 a------- c:\windows\system32\infocardapi.dll
2009-03-04 08:57 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-03-04 08:57 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-03-04 08:57 622,080 a------- c:\windows\system32\icardagt.exe
2009-03-04 08:57 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-03-04 08:57 11,264 a------- c:\windows\system32\icardres.dll
2009-03-04 08:57 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-03-04 08:57 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-03-04 08:48 96,760 a------- c:\windows\system32\dfshim.dll
2009-03-04 08:48 282,112 a------- c:\windows\system32\mscoree.dll
2009-03-04 08:48 41,984 a------- c:\windows\system32\netfxperf.dll
2009-03-04 08:47 158,720 a------- c:\windows\system32\mscorier.dll
2009-03-04 08:47 83,968 a------- c:\windows\system32\mscories.dll
2009-03-04 08:08 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-03-04 08:08 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-03-04 08:07 428,544 a------- c:\windows\system32\EncDec.dll
2009-03-04 08:06 705,024 a------- c:\windows\system32\sbe.dll
2009-03-04 08:06 604,672 a------- c:\windows\system32\CPFilters.dll
2009-03-04 08:06 153,088 a------- c:\windows\system32\sbeio.dll
2009-03-04 08:06 450,048 a------- c:\windows\system32\psisdecd.dll
2009-03-04 08:06 57,856 a------- c:\windows\system32\MSDvbNP.ax
2009-03-04 08:04 1,645,568 a------- c:\windows\system32\connect.dll
2009-03-04 08:04 147,456 a------- c:\windows\system32\Faultrep.dll
2009-03-04 08:04 125,952 a------- c:\windows\system32\wersvc.dll
2009-03-04 08:04 3,601,976 a------- c:\windows\system32\ntkrnlpa.exe
2009-03-04 08:04 3,549,752 a------- c:\windows\system32\ntoskrnl.exe
2009-03-04 08:04 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2009-03-04 08:01 1,334,272 a------- c:\windows\system32\msxml6.dll
2009-03-04 07:51 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-03-04 07:50 83,456 a------- c:\windows\system32\wudriver.dll
2009-03-04 07:50 162,064 a------- c:\windows\system32\wuwebv.dll
2009-03-04 07:50 31,232 a------- c:\windows\system32\wuapp.exe
2009-03-04 00:51 37,440 a------- c:\windows\system32\drivers\msfwhlpr.sys
2009-03-04 00:51 91,200 a------- c:\windows\system32\drivers\msfwdrv.sys
2009-03-04 00:41 53,168 a------- c:\windows\system32\drivers\MpFilter.sys
2009-03-04 00:37 --d----- c:\program files\Microsoft Windows OneCare Live
2009-03-03 22:49 77,824 a------- c:\windows\system32\PTDUwmcp.dll
2009-03-03 22:49 59,776 a------- c:\windows\system32\drivers\PTDUWWAN.sys
2009-03-03 22:49 41,344 a------- c:\windows\system32\drivers\PTDUMdm.sys
2009-03-03 22:49 39,936 a------- c:\windows\system32\drivers\PTDUVsp.sys
2009-03-03 22:49 29,824 a------- c:\windows\system32\drivers\PTDUBus.sys
2009-03-03 22:49 --d----- c:\program files\PANTECH
2009-03-03 22:48 --d----- c:\program files\Verizon Wireless
2009-03-03 16:22 --d----- c:\program files\LSoft Technologies
2009-03-03 15:48 --d----- c:\programdata\ArcSoft
2009-03-03 15:48 --d----- c:\progra~2\ArcSoft
2009-03-03 11:26 335,144,807 a------- c:\windows\MEMORY.DMP
2009-03-03 09:48 --d----- c:\programdata\BVRP Software
2009-03-03 09:47 --dshr-- C:\_Backup.RC
2009-03-03 09:47 --d-h--- C:\_Backup
2009-03-03 09:46 --d----- c:\users\momma\appdata\roaming\Avanquest
2009-03-03 09:46 --d----- c:\programdata\Avanquest
2009-03-03 09:46 --d----- c:\progra~2\Avanquest
2009-03-03 09:46 --d----- c:\program files\Avanquest
2009-03-03 09:44 --d----- c:\program files\common files\Wise Installation Wizard
2009-03-03 09:26 --d----- c:\programdata\Roxio
2009-03-03 07:09 --d----- c:\users\momma\appdata\roaming\LimeWire
2009-03-03 07:07 --d----- c:\programdata\WinZip
2009-03-03 06:39 --d----- C:\VAIO Entertainment
2009-03-03 06:27 --d----- c:\users\Momma
2009-03-03 03:14 40 a---h--- c:\windows\system32\ivireg.ivr
2009-03-03 03:08 196,608 a------- c:\windows\ocsetup_cbs_install_OEMHelpCustomization.perf
2009-03-03 03:08 65,536 a------- c:\windows\ocsetup_cbs_install_OEMHelpCustomization.dpx
2009-03-03 03:08 42,991,616 a------- c:\windows\ocsetup_install_OEMHelpCustomization.etl
2009-03-03 03:03 --d----- c:\program files\common files\InterVideo
2009-03-03 03:02 --d----- c:\program files\InterVideo
2009-03-03 03:00 0 a------- c:\windows\VAIOUpdt.INI
2009-03-03 03:00 98,304 a------- c:\windows\system32\VESWinlogon.dll
2009-03-03 02:57 --d----- c:\programdata\Uninstall
2009-03-03 02:57 --d----- c:\progra~2\Uninstall
2009-03-03 02:57 --d----- c:\programdata\Sonic
2009-03-03 02:57 --d----- c:\program files\Roxio
2009-03-03 02:56 --d----- c:\program files\common files\Sonic Shared
2009-03-03 02:56 129,520 -------- c:\windows\system32\pxafs.dll
2009-03-03 02:53 245,408 a------- c:\windows\system32\unicows.dll
2009-03-03 02:53 212,480 a------- c:\windows\system32\PCDLIB32.DLL
2009-03-03 02:53 55,808 a------- c:\windows\system32\ArcSoftKsUFilter.dll
2009-03-03 02:53 17,920 a------- c:\windows\system32\drivers\ArcSoftKsUFilter.sys
2009-03-03 02:44 3,727,720 a------- c:\windows\system32\d3dx9_35.dll
2009-03-03 02:41 0 a------- c:\windows\system32\drivers\104D_SONY_VGN-NS230E.mrk
2009-03-03 02:41 0 a------- c:\windows\system32\104D_SONY_VGN-NS230E.mrk
2009-03-03 02:41 0 a---hr-- c:\windows\system32\drivers\Sony_VGN-NS230E.mrk
2009-03-03 02:41 --d----- c:\program files\OCA Marker
2009-03-03 02:40 --d----- c:\program files\common files\PX Storage Engine
2009-03-03 02:40 --d----- c:\program files\common files\Napster Shared
2009-03-03 02:40 --d----- c:\programdata\Napster
2009-03-03 02:40 --d----- c:\progra~2\Napster
2009-03-03 02:40 --d----- c:\program files\Napster
2009-03-03 02:40 --d----- c:\program files\Microsoft Office Suite Activation Assistant
2009-03-03 02:39 32,592 a------- c:\windows\system32\msonpmon.dll
2009-03-03 02:38 --d----- c:\windows\PCHEALTH
2009-03-03 02:37 --d----- c:\programdata\Microsoft Help
2009-03-03 02:36 --d----- c:\program files\common files\supportsoft
2009-03-03 02:36 3,518,464 a------- c:\windows\system32\cdintf300.dll
2009-03-03 02:36 1,843,200 a------- c:\windows\system32\acXMLParser.dll
2009-03-03 02:34 --d----- c:\programdata\Intuit
2009-03-03 02:34 --d----- c:\program files\Intuit
2009-03-03 02:34 --d----- c:\program files\common files\Intuit
2009-03-03 02:34 --d----- c:\progra~2\Intuit
2009-03-03 02:34 95 a------- c:\windows\QBChanUtil_Trigger.ini
2009-03-03 02:34 --d----- c:\programdata\SQL Anywhere 10
2009-03-03 02:34 --d----- c:\progra~2\SQL Anywhere 10
2009-03-03 02:34 --d----- c:\programdata\COMMON FILES
2009-03-03 02:34 --d----- c:\progra~2\COMMON FILES
2009-03-03 02:34 --d----- c:\program files\MSXML 4.0
2009-03-03 02:30 --d----- c:\programdata\Google
2009-03-03 02:30 --d----- c:\programdata\Partner
2009-03-03 02:30 --d----- c:\progra~2\Partner
2009-03-03 02:30 --d----- c:\windows\Sonysys

==================== Find3M ====================

2009-03-04 09:48 86,016 a------- c:\windows\inf\infstrng.dat
2009-03-04 09:48 86,016 a------- c:\windows\inf\infstor.dat
2009-03-04 09:48 51,200 a------- c:\windows\inf\infpub.dat
2008-10-29 12:58 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-20 16:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 02:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 02:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 02:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 02:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-01 23:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-01 23:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-01 23:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-01 23:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 15:43:11.31 ===============

HarleyzMomma
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-03-10
OS OS : Windows Vista Home Premium
Points Points : 28320
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Virut.Gen

Post by Belahzur on 11th March 2009, 2:52 am

Hello.

I see that you are running Frostwire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.
Should you choose to remove them, but you are having trouble doing so, please let me know in your next post here and I will aid you.

If you choose to follow my recommendation then follow these instructions.

  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight Frostwire
  • Click on the Uninstall/Change button at the top.

Lets have a scan around with this.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32/Virut.Gen

Post by HarleyzMomma on 11th March 2009, 3:20 am

Ok. I'm on it...... and thank you SOOOOOOOOOOOO much for time and generosity. Thank You! I'll get back to you shortly.

HarleyzMomma
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-03-10
OS OS : Windows Vista Home Premium
Points Points : 28320
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum