frostwire virus?

View previous topic View next topic Go down

frostwire virus?

Post by drc on Tue Apr 28, 2009 5:21 pm

i installed frostwire about 3 weeks ago and uninstalled it since my computer started to process slow...but when i uninstalled it,the java program still appears everytime i turn on my laptop and also my computer still process slow compared to when it was still new...my laptop is only a month old...help me pls

drc
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-04-28
Gender Gender : Male
OS OS : windows XP home
Points Points : 27808
# Likes # Likes : 0

View user profile

Back to top Go down

Re: frostwire virus?

Post by Belahzur on Tue Apr 28, 2009 5:40 pm


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run
  • When complete, DDS.txt will open.
  • Save the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: frostwire virus?

Post by drc on Tue Apr 28, 2009 6:13 pm

DDS (Ver_09-03-16.01) - NTFSx86
Run by AXIOO at 2:07:32.21 on Wed 04/29/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1028 [GMT 7:00]

AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\OEM\OSD_1.5.2\OsdService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OEM\OSD_1.5.2\osd.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\AXIOO\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uSearch Page =
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
mSearchAssistant =
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Device Detector] DevDetect.exe -autorun
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [WinampAgent] c:\program files\winamp\winampa.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
StartupFolder: c:\docume~1\axioo\startm~1\programs\startup\frostw~1.lnk - c:\program files\frostwire\FrostWire.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\osd.lnk - c:\windows\installer\{73289228-1853-4623-982a-eb17ff0270ca}\_92336A3DC4E4457994C245.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: Backward &Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Si&milar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\axioo\applic~1\mozilla\firefox\profiles\6cl6ev71.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2009-4-1 11840]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;c:\program files\avira\antivir personaledition classic\sched.exe [2009-4-1 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2009-4-1 151297]
R2 OsdService;OSD Service;c:\program files\oem\osd_1.5.2\OsdService.exe [2008-2-22 94208]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-10 602392]
R3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2009-4-1 52032]
R3 GpdDevDPort;GpdDevDPort;c:\windows\system32\directport.sys [2008-6-17 7168]
R3 GpdKbFilter;GpdKbFilter;c:\windows\system32\kbfiltr.sys [2008-4-22 8192]
R3 ReallusionVirtualAudio;Reallusion Virtual Audio;c:\windows\system32\drivers\RLVrtAuCbl.sys [2008-10-19 31616]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2008-10-19 156160]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2008-10-19 275712]

=============== Created Last 30 ================

2009-04-19 20:39 216,064 a------- c:\windows\system32\CNMLM8R.DLL
2009-04-18 16:28 25,856 ac------ c:\windows\system32\dllcache\usbprint.sys
2009-04-18 16:28 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-04-18 16:28 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2009-04-18 16:28 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-04-16 23:01 1,970,176 a------- c:\windows\system32\d3dx9.dll
2009-04-16 23:01 679,936 a------- c:\windows\system32\D3DX81ab.dll
2009-04-16 23:01 --d----- c:\program files\Cheat Engine
2009-04-16 10:48 268,648 a------- c:\windows\system32\mucltui.dll
2009-04-16 10:48 208,744 a------- c:\windows\system32\muweb.dll
2009-04-16 10:48 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-04-15 21:50 --d----- c:\program files\Windows Media Connect 2
2009-04-15 21:48 --d----- c:\windows\system32\LogFiles
2009-04-15 21:37 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-04-15 21:37 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-04-15 21:37 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-04-15 21:37 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 21:37 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-04-15 21:37 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 21:37 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-04-15 21:37 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-04-15 21:37 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 20:12 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-15 20:12 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 20:12 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-04-13 12:12 --dsh--- c:\documents and settings\axioo\IECompatCache
2009-04-13 01:39 --d----- c:\docume~1\axioo\applic~1\FrostWire
2009-04-13 01:37 --d----- c:\program files\FrostWire
2009-04-08 10:44 --d----- c:\program files\Adobe PhotoShop CS3 v10.0 Portable
2009-04-05 23:07 --dsh--- c:\documents and settings\axioo\PrivacIE
2009-04-05 23:06 --dsh--- c:\documents and settings\axioo\IETldCache
2009-04-05 23:04 --d----- c:\windows\ie8updates
2009-04-05 23:02 -cd-h--- c:\windows\ie8
2009-04-05 23:01 --d-h--- c:\windows\msdownld.tmp
2009-04-05 23:00 --dsh--- c:\documents and settings\axioo\UserData
2009-04-05 22:58 105,984 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-04-03 08:50 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-04-03 08:49 914,944 ac------ c:\windows\system32\dllcache\wininet.dll
2009-04-03 08:49 1,206,784 ac------ c:\windows\system32\dllcache\urlmon.dll
2009-04-03 08:49 1,499,136 -c------ c:\windows\system32\dllcache\shdocvw.dll
2009-04-03 08:41 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-03 08:41 2,189,056 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-03 08:41 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-04-03 08:41 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-03 08:38 5,937,152 ac------ c:\windows\system32\dllcache\mshtml.dll
2009-04-03 08:33 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-04-03 08:33 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-04-03 08:32 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-04-03 08:32 331,776 -c------ c:\windows\system32\dllcache\msadce.dll
2009-04-03 08:31 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-04-03 08:26 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-04-03 08:26 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2009-04-03 02:01 --d----- c:\windows\system32\PreInstall
2009-04-02 17:55 --d----- c:\program files\Yahoo!
2009-04-01 22:31 --d----- c:\docume~1\axioo\applic~1\ACD Systems
2009-04-01 15:26 --d----- c:\program files\Bonjour
2009-04-01 15:23 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-04-01 15:23 15,464 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-04-01 15:23 --d----- c:\program files\iPod
2009-04-01 15:23 --d----- c:\program files\iTunes
2009-04-01 15:23 --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-04-01 13:42 773,120 a------- c:\windows\system32\bubbles.scr
2009-04-01 13:29 --d----- c:\docume~1\axioo\applic~1\Reallusion
2009-04-01 13:27 --d----- c:\program files\XP Codec Pack
2009-04-01 13:23 20,640 -------- c:\windows\system32\drivers\PxHelp20.sys
2009-04-01 13:23 155 a------- c:\windows\winamp.ini
2009-04-01 13:20 --d----- c:\program files\VideoLAN
2009-04-01 13:19 --d----- C:\noob
2009-04-01 13:18 --d----- c:\program files\DivX
2009-04-01 11:09 --d----- c:\program files\Avira
2009-04-01 11:09 --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-04-01 10:58 714 a------- c:\windows\m3jpeg.ini
2009-04-01 10:44 376 a------- c:\windows\ODBC.INI
2009-04-01 10:44 28,040 a------- c:\windows\system32\mdimon.dll
2009-04-01 10:43 --d----- c:\program files\common files\L&H
2009-04-01 10:43 --d----- c:\program files\Microsoft ActiveSync
2009-04-01 10:42 --d----- c:\windows\SHELLNEW
2009-04-01 10:32 --d----- c:\docume~1\alluse~1\applic~1\ACD Systems
2009-04-01 10:32 --d----- c:\program files\common files\ACD Systems
2009-04-01 10:32 --d----- c:\program files\ACD Systems
2009-04-01 10:26 --d----- c:\windows\Downloaded Installations

==================== Find3M ====================

2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 04:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-06 21:22 284,160 a------- c:\windows\system32\pdh.dll
2009-02-09 19:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 19:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 19:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 19:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 18:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-06 18:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 18:06 2,145,280 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 17:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 17:32 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-04 02:59 56,832 a------- c:\windows\system32\secur32.dll

============= FINISH: 2:08:00.51 ===============

drc
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-04-28
Gender Gender : Male
OS OS : windows XP home
Points Points : 27808
# Likes # Likes : 0

View user profile

Back to top Go down

Re: frostwire virus?

Post by Belahzur on Tue Apr 28, 2009 6:19 pm

Hello.
Do you know what this folder is?

C:\noob

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :files
    c:\docume~1\axioo\startm~1\programs\startup\frostw~1.lnk
    c:\program files\frostwire
    c:\docume~1\axioo\applic~1\FrostWire


  • Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: frostwire virus?

Post by drc on Tue Apr 28, 2009 6:27 pm

========== FILES ==========
c:\docume~1\axioo\startm~1\programs\startup\FrostWire On Startup.lnk moved successfully.
c:\program files\FrostWire moved successfully.
c:\docume~1\axioo\applic~1\FrostWire\xml\data moved successfully.
c:\docume~1\axioo\applic~1\FrostWire\xml moved successfully.
c:\docume~1\axioo\applic~1\FrostWire\themes\frostwirePro_theme moved successfully.
c:\docume~1\axioo\applic~1\FrostWire\themes moved successfully.
c:\docume~1\axioo\applic~1\FrostWire\.NetworkShare\Incomplete moved successfully.
c:\docume~1\axioo\applic~1\FrostWire\.NetworkShare moved successfully.
c:\docume~1\axioo\applic~1\FrostWire\.AppSpecialShare moved successfully.
c:\docume~1\axioo\applic~1\FrostWire moved successfully.

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04292009_022500

drc
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-04-28
Gender Gender : Male
OS OS : windows XP home
Points Points : 27808
# Likes # Likes : 0

View user profile

Back to top Go down

Re: frostwire virus?

Post by drc on Tue Apr 28, 2009 6:28 pm

sorry for being noob...its my 1st time trying out this site

drc
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-04-28
Gender Gender : Male
OS OS : windows XP home
Points Points : 27808
# Likes # Likes : 0

View user profile

Back to top Go down

Re: frostwire virus?

Post by Belahzur on Tue Apr 28, 2009 6:30 pm

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: frostwire virus?

Post by drc on Tue Apr 28, 2009 6:32 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:32:25 AM, on 4/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\OEM\OSD_1.5.2\OsdService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OEM\OSD_1.5.2\osd.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: OSD.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - [You must be registered and logged in to see this link.] Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - [You must be registered and logged in to see this link.] Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - [You must be registered and logged in to see this link.] Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Si&milar Pages - [You must be registered and logged in to see this link.] Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - [You must be registered and logged in to see this link.] Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: OSD Service (OsdService) - TODO: - C:\Program Files\OEM\OSD_1.5.2\OsdService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 7372 bytes

drc
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-04-28
Gender Gender : Male
OS OS : windows XP home
Points Points : 27808
# Likes # Likes : 0

View user profile

Back to top Go down

Re: frostwire virus?

Post by Belahzur on Tue Apr 28, 2009 6:48 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - Global Startup: OSD.lnk = ?
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe


  • Press "Fix Checked"
  • Close Hijack This.

Reboot normally.
Let me know what problems remain.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: frostwire virus?

Post by drc on Tue Apr 28, 2009 6:59 pm

ok...by the way,may i ask something?...does the removed program have anything to do with the slow processing of my laptop the past days?

drc
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-04-28
Gender Gender : Male
OS OS : windows XP home
Points Points : 27808
# Likes # Likes : 0

View user profile

Back to top Go down

Re: frostwire virus?

Post by Belahzur on Tue Apr 28, 2009 7:09 pm

Removing them from startup will speed the laptop up somewhat because there isn't a load of of unused stuff loading at startup.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: frostwire virus?

Post by drc on Tue Apr 28, 2009 7:58 pm

ok..so far the performance seems to be faster...thanks a lot for the help Thank You!

drc
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-04-28
Gender Gender : Male
OS OS : windows XP home
Points Points : 27808
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum