virus overload

View previous topic View next topic Go down

Re: virus overload

Post by msemaress on Sat Apr 11, 2009 6:54 pm

I feel so stupid because its happening again... please tell me what to do you were soooo helpful last time! This time its running super slow, and is giving me alot of trouble when I try to connect to the internet and use my wireless network for my Ipod... i dont know why because it just started doing this all of a sudden. please help!!!

msemaress
Novice
Novice

Status :
Online
Offline

Posts : 18
Joined : 2009-03-09
OS : windows xp

View user profile

Back to top Go down

Re: virus overload

Post by Belahzur on Sat Apr 11, 2009 6:55 pm

Post a new DDS log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: virus overload

Post by msemaress on Sat Apr 11, 2009 7:01 pm

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/10/2007 10:50:13 AM
System Uptime: 4/11/2009 11:40:18 AM (3 hours ago)

Motherboard: Dell Inc. | | 0G8310
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2792/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 233 GiB total, 190.874 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP211: 3/10/2009 5:17:45 PM - System Checkpoint
RP212: 3/11/2009 2:00:23 AM - Software Distribution Service 3.0
RP213: 3/12/2009 2:14:40 AM - System Checkpoint
RP214: 3/12/2009 5:03:59 PM - Spyware Doctor: Cleaning Threats
RP215: 3/14/2009 1:31:32 PM - System Checkpoint
RP216: 3/15/2009 5:14:58 PM - System Checkpoint
RP217: 3/16/2009 3:00:15 AM - Software Distribution Service 3.0
RP218: 3/17/2009 2:25:05 PM - System Checkpoint
RP219: 3/20/2009 11:31:57 PM - System Checkpoint
RP220: 3/22/2009 6:32:35 PM - System Checkpoint
RP221: 3/23/2009 6:04:14 PM - Spyware Doctor: Cleaning Threats
RP222: 3/24/2009 6:02:51 PM - Spyware Doctor: Cleaning Threats
RP223: 3/25/2009 7:18:07 PM - System Checkpoint
RP224: 3/26/2009 8:43:29 AM - Avg8 Update
RP225: 3/26/2009 8:44:40 AM - Avg8 Update
RP226: 3/27/2009 8:54:49 AM - System Checkpoint
RP227: 3/29/2009 12:55:25 PM - Avg8 Update
RP228: 3/29/2009 10:15:34 PM - Spyware Doctor: Cleaning Threats
RP229: 3/31/2009 6:04:34 PM - Spyware Doctor: Cleaning Threats
RP230: 4/4/2009 1:06:42 PM - System Checkpoint
RP231: 4/4/2009 7:18:08 PM - Spyware Doctor: Cleaning Threats
RP232: 4/6/2009 5:08:36 PM - System Checkpoint
RP233: 4/7/2009 5:49:24 PM - Spyware Doctor: Cleaning Threats
RP234: 4/8/2009 10:12:51 PM - System Checkpoint
RP235: 4/10/2009 2:32:26 PM - System Checkpoint
RP236: 4/11/2009 8:09:58 AM - Avg8 Update

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Shockwave Player 11
AIM 6
AIM Toolbar
Apple Mobile Device Support
Apple Software Update
AVG 8.5
Axon Virtual PBX
Bonjour
Broadcom Management Programs
Broadcom NetXtreme Ethernet Controller
Byki
Byki Express
Critical Update for Windows Media Player 11 (KB959772)
Download Updater (AOL LLC)
Express Burn
FoxyTunes for Firefox
Google Desktop
Google Toolbar for Internet Explorer
Google Updater
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
IBM Rapid Access Keyboard (III, IIIe)
Intel(R) Graphics Media Accelerator Driver
iTunes
Java(TM) 6 Update 10
Java(TM) 6 Update 7
Lexmark 7500 Series
Lexmark Toolbar
LightScribe System Software 1.12.37.1
LightScribeTemplateLabeler
LimeWire 4.18.8
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft Visual C++ 2005 Redistributable
Microsoft WinUsb 1.0
Mouse Suite
Mozilla Firefox (3.0.8)
MSXML 6.0 Parser (KB933579)
Nero PhotoShow Express
Nero Suite
Norton Security Scan
Norton Security Scan (Symantec Corporation)
PCI Adapter
Picasa 2
PowerDVD 5.1
QuickTime
RealPlayer
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
SoundMAX
Spyware Doctor 6.0
Switch Sound File Converter
Symantec Ghost Console Client
The Sims 2 Glamour Life Stuff
The Sims 2 Open For Business
The Sims 2 Pets
The Sims 2 University
The Sims™ 2 Deluxe
The Sims™ 2 Seasons
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb962871)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VeohTV BETA
Viewpoint Media Player
VRS Recording System
Vuze
Vuze Toolbar
WavePad Sound Editor
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
Yahoo! Messenger
Yahoo! Toolbar
Zune
Zune Language Pack (ES)
Zune Language Pack (FR)

==== Event Viewer Messages From Past Week ========

4/7/2009 10:11:37 AM, error: Service Control Manager [7000] - The lxdlCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/7/2009 10:11:37 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the lxdlCATSCustConnectService service to connect.
4/6/2009 11:19:45 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\zh3r5npd.default\extensions\{a33fa729-d155-4b23-842b-2c665ecabdb6}\components\FFAlert.dll. Reference error message: The operation completed successfully. .
4/6/2009 11:19:45 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
4/6/2009 11:19:45 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
4/6/2009 1:53:55 PM, error: Dhcp [1002] - The IP address lease 192.168.1.102 for the Network Card with network address 00D041B0F79C has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
4/7/2009 5:06:29 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00D041B0F79C. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
4/7/2009 5:44:35 PM, error: ipnathlp [30002] - The DHCP allocator was unable to bind to the IP address 192.168.0.1. This error may indicate a problem with TCP/IP networking. The data is the error code.
4/7/2009 10:30:29 PM, error: NetBT [4307] - Initialization failed because the transport refused to open initial Addresses.
4/7/2009 10:54:16 PM, error: Server [2505] - The server could not bind to the transport \Device\NwlnkIpx because another computer on the network has the same name. The server could not start.
4/7/2009 10:54:16 PM, error: Server [2505] - The server could not bind to the transport \Device\NwlnkNb because another computer on the network has the same name. The server could not start.
4/7/2009 11:32:41 PM, error: ipnathlp [30005] - The DHCP allocator has detected a DHCP server with IP address 192.168.1.1 on the same network as the interface with IP address 192.168.0.1. The allocator has disabled itself on the interface in order to avoid confusing DHCP clients.
4/7/2009 11:32:41 PM, error: ipnathlp [30009] - The DHCP allocator encountered a network error while attempting to reply on IP address 240.49.70.102 to a request from a client. The data is the error code.
4/8/2009 6:49:20 PM, error: ipnathlp [30013] - The DHCP allocator has disabled itself on IP address 192.168.1.101, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, please change the scope to include the IP address, or change the IP address to fall within the scope.
4/9/2009 12:39:01 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer PATSM that believes that it is the master browser for the domain on transport NetBT_Tcpip_{731E0B3B-3C25-4F3C-8EA. The master browser is stopping or an election is being forced.

==== End Of File ===========================

msemaress
Novice
Novice

Status :
Online
Offline

Posts : 18
Joined : 2009-03-09
OS : windows xp

View user profile

Back to top Go down

Re: virus overload

Post by Belahzur on Sat Apr 11, 2009 7:04 pm

Please post DDS.txt too.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: virus overload

Post by msemaress on Sat Apr 11, 2009 7:06 pm

DDS (Ver_09-02-01.01) - NTFSx86
Run by user at 13:59:26.45 on Sat 04/11/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1024 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\FSRremoS.EXE
C:\WINDOWS\system32\Sktempdm.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\Ghost\ngtray.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Lexmark 7500 Series\lxdlamon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\T Serial PCI\PCI Adapter\ui.exe
C:\WINDOWS\system32\lxdlcoms.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Symantec\Ghost\ngctw32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\AIM6\aolsoftware.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\NCH Swift Sound\Axon\axon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\user\My Documents\Virus Remover\dds.pif
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uSearch Page = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
mDefault_Page_URL = [You must be registered and logged in to see this link.]
mDefault_Search_URL = [You must be registered and logged in to see this link.]
mSearch Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: NoExplorer - No File
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File
EB: SpeedRunner Bar: {cafb2180-ba09-11dc-95ff-0800200c9a66} - %SystemRoot%\system32\shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PhotoShow Deluxe Media Manager] c:\progra~1\nero\data\xtras\mssysmgr.exe
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Veoh] "c:\program files\veoh networks\veoh\VeohClient.exe" /VeohHide
uRun: []
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster

msemaress
Novice
Novice

Status :
Online
Offline

Posts : 18
Joined : 2009-03-09
OS : windows xp

View user profile

Back to top Go down

Re: virus overload

Post by msemaress on Sat Apr 11, 2009 7:06 pm

\RegistryBooster.exe /S
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US [You must be registered and logged in to see this link.]
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [Detect Kbd Daemon] SK2000DM.EXE
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [NGTray] "c:\program files\symantec\ghost\ngtray.exe"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [lxdlmon.exe] "c:\program files\lexmark 7500 series\lxdlmon.exe"
mRun: [lxdlamon] "c:\program files\lexmark 7500 series\lxdlamon.exe"
mRun: [Lexmark 7500 Series Fax Server] "c:\program files\lexmark 7500 series\fm3032.exe" /s
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [VRS] "c:\program files\nch swift sound\vrs\vrs.exe" -logon
mRun: [Axon] "c:\program files\nch swift sound\axon\axon.exe" -logon
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\user\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pciada~1.lnk - c:\program files\t serial pci\pci adapter\ui.exe
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: Web-Based Email Tools - [You must be registered and logged in to see this link.]
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - [You must be registered and logged in to see this link.]
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [You must be registered and logged in to see this link.]
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Authentication Packages = msv1_0 nwprovau

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\zh3r5npd.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - about:neterror?e=query&u=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-10-14 40840]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-8 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-8 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-8 108552]
R1 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-10-14 66952]
R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-10-14 81288]
S3 pelmouse;Mouse Suite Driver;c:\windows\system32\drivers\PELMOUSE.SYS [2007-12-10 16384]
S3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\drivers\pelusblf.sys [2007-12-10 9216]
S3 SKUSBKBF;USB Keyboard Filter Driver;c:\windows\system32\drivers\skusbkbf.sys [2001-7-27 14048]

=============== Created Last 30 ================

2009-04-06 21:20 --d----- c:\program files\common files\Software Update Utility
2009-04-06 21:20 --d----- c:\program files\AIM Toolbar
2009-04-06 21:20 --d----- c:\docume~1\alluse~1\applic~1\AIM Toolbar
2009-04-06 21:20 --d----- c:\docume~1\alluse~1\applic~1\Viewpoint
2009-04-06 21:20 --d----- c:\program files\Viewpoint
2009-04-06 21:20 --d----- c:\docume~1\alluse~1\applic~1\acccore
2009-04-06 21:19 --d----- c:\program files\common files\AOL
2009-04-06 21:19 --d----- c:\program files\AIM6
2009-04-06 21:18 366 a---h--- C:\IPH.PH
2009-03-26 00:06 --d----- c:\program files\iPod
2009-03-26 00:06 --d----- c:\program files\iTunes
2009-03-26 00:06 --d----- c:\docume~1\alluse~1\applic~1\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-26 00:05 --d----- c:\program files\Bonjour
2009-03-26 00:03 1,900,544 a------- c:\windows\system32\usbaaplrc.dll
2009-03-16 02:02 --d----- c:\program files\NCH Swift Sound
2009-03-16 01:23 --d----- c:\program files\NCH Software

==================== Find3M ====================

2009-04-07 22:27 170,954 a------- c:\windows\pchealth\helpctr\config\cache\Professional_32_1033.dat
2009-03-29 12:54 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-03-08 12:57 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-03-08 12:57 325,640 a------- c:\windows\system32\drivers\avgldx86.sys
2009-03-08 11:59 4,904 a------- c:\windows\system32\PerfStringBackup.TMP
2009-03-05 23:59 36,864 a------- c:\windows\system32\drivers\usbaapl.sys
2009-02-11 10:19 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 10:19 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-09 06:13 1,846,784 a------- c:\windows\system32\win32k.sys
2008-06-09 09:49 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008060920080610\index.dat

============= FINISH: 14:00:41.81 ===============

msemaress
Novice
Novice

Status :
Online
Offline

Posts : 18
Joined : 2009-03-09
OS : windows xp

View user profile

Back to top Go down

Re: virus overload

Post by Belahzur on Sat Apr 11, 2009 7:11 pm

Hello.

I see that you are still running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

If Limewire is not removed this time, then I WILL NOT help you.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

  • Adobe Reader 8.1.2
  • Java(TM) 6 Update 10
  • Java(TM) 6 Update 7
  • LimeWire 4.18.8
  • Viewpoint Media Player


Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :files
    C:\Program Files\Limewire
    c:\program files\Viewpoint
    c:\docume~1\alluse~1\applic~1\Viewpoint
    c:\docume~1\alluse~1\applic~1\Limewire
    c:\docume~1\user\startm~1\programs\startup\limewi~1.lnk
    c:\program files\askbardis
    C:\Documents and Settings\user\My Documents\Virus Remover\dds.pif

    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=-


  • Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: virus overload

Post by msemaress on Sat Apr 11, 2009 7:18 pm

is there anyway to remove limewire without losing all my music?

msemaress
Novice
Novice

Status :
Online
Offline

Posts : 18
Joined : 2009-03-09
OS : windows xp

View user profile

Back to top Go down

Re: virus overload

Post by Belahzur on Sat Apr 11, 2009 7:20 pm

Move your music files out of the Limewire folder, then uninstall it.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: virus overload

Post by msemaress on Sat Apr 11, 2009 7:40 pm

Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ deleted successfully.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 04112009_144013

msemaress
Novice
Novice

Status :
Online
Offline

Posts : 18
Joined : 2009-03-09
OS : windows xp

View user profile

Back to top Go down

Re: virus overload

Post by Belahzur on Sat Apr 11, 2009 7:53 pm

You missed :files as the first top line. Please make sure that is present and run the script again.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: virus overload

Post by msemaress on Sat Apr 11, 2009 8:06 pm

========== FILES ==========
C:\Program Files\LimeWire moved successfully.
File/Folder c:\program files\Viewpoint not found.
c:\docume~1\alluse~1\applic~1\Viewpoint moved successfully.
File/Folder c:\docume~1\alluse~1\applic~1\Limewire not found.
File/Folder c:\docume~1\user\startm~1\programs\startup\limewi~1.lnk not found.
c:\program files\AskBarDis\bar\Settings moved successfully.
c:\program files\AskBarDis\bar\History moved successfully.
c:\program files\AskBarDis\bar\Cache moved successfully.
c:\program files\AskBarDis\bar\bin moved successfully.
c:\program files\AskBarDis\bar moved successfully.
c:\program files\AskBarDis moved successfully.
C:\Documents and Settings\user\My Documents\Virus Remover\dds.pif moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ not found.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 04112009_150629

msemaress
Novice
Novice

Status :
Online
Offline

Posts : 18
Joined : 2009-03-09
OS : windows xp

View user profile

Back to top Go down

Re: virus overload

Post by Belahzur on Sat Apr 11, 2009 8:10 pm

Hello.
How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: virus overload

Post by msemaress on Sat Apr 11, 2009 8:15 pm

it is moving much faster, do you know why my wireless network would all of a sudden start being wierd? because i still cant access it from my ipod. Any ideas?

msemaress
Novice
Novice

Status :
Online
Offline

Posts : 18
Joined : 2009-03-09
OS : windows xp

View user profile

Back to top Go down

Re: virus overload

Post by Belahzur on Sat Apr 11, 2009 8:31 pm

Nope. You'd have to start a thread in our Internet and Networking forum, Doc might be able to help.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: virus overload

Post by msemaress on Sat Apr 11, 2009 8:38 pm

ok thanks so much for all of your help again, i really appreciate it!

msemaress
Novice
Novice

Status :
Online
Offline

Posts : 18
Joined : 2009-03-09
OS : windows xp

View user profile

Back to top Go down

Re: virus overload

Post by Belahzur on Sat Apr 11, 2009 8:41 pm

Glad I could help.

We can remove OTMoveIt now.

  • Please double-click OTMoveIt3.exe to run it again.
  • Press the green CleanUp! button.
  • Press Yes cleanup process prompt, do the same for the reboot prompt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum