Go Back   Computer Juice > Computer Software > Virus, Spyware & Security
Reload this Page

I think a got a virus - Desktopvirii

Register Members New Posts Donate Unanswered Posts Site Spy Search


Reply
1 2 >
 
Thread Tools
  #1  
Old 23-03-2008, 09:45 PM
No Avatar
XeneX  Canada
CJ Member
 
XeneX is offline
 
Join Date: Mar 2008
Last Online: 24-04-2008 11:54 PM
Posts: 11
iTrader: (0)
XeneX is on a distinguished road
Default I think a got a virus - Desktopvirii
Ok, here's my problem. I downloaded a file, opened it. Blah Blah. My background changes to a blue colour with a link on it saying: CLICK HERE TO GET RID OF VIRUSES! So I click it and it wants me to buy a program. I changed my background and i keep getting pop-ups saying the same thing as the background. SO... I scanned my computer with 6 different anti-viruses and STILL the problem persists . Oh another thing. I'm the admin but when I first got the virus it said task manager was disabled by the administrator. Help... Please...
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #2  
Old 23-03-2008, 11:52 PM
No Avatar
CJ Donator
Intel Nvidia
thingie2 is offline
 
Join Date: Dec 2007
Last Online: 16-08-2008 05:06 AM
Age: 17
Posts: 811
iTrader: (0)
thingie2 will become famous soon enoughthingie2 will become famous soon enoughthingie2 will become famous soon enough
Default I think a got a virus - Desktopvirii
Try looking for a program call procces patrolon the web, I use it, it's very good for disabling running programs that shouldn't be. It works a but like the task manager, but will shutdown programs that are in your disalowed list, and will notify you if anything new pops up. try looking though that, and using the built in web search to find if the running programs are safe.

Also, try going though the stages in the sticky in this forum, which has several scans to do, which comes up with three logs, which should be posted here for people who what about them, to be able to tell you which are ok programs, and which arn't.

Hope I helped
__________________
Don't forget: If you think someone's post was very useful, give them some rep!
__________________

My System: Self built several years ago

CPU(s):
pentium 4 3.0Ghz
Motherboard:
Gigabyte GA-8I945GMF
RAM:
2048 MB (DDR2-533)
Graphics Card(s):
RADEON X800 GTO (256 MB)
Sound Card:
on board
Hard Drive(s):
FSAMSUNG SP2504C (250 GB, 7200 RPM, SAT
Optical Drive(s):
HITACHI DVD-ROM GD-2500 (4x/24x DVD-ROM
Case / PSU:
Cheepy 400W unit that came in case
Cooling:
provided fans, plus 2x80mm case fans
Network / Internet:
on board
Monitor(s):
Viewsonic Vx922; Viewsonic VE702m
Operating System(s):
XP

Want your system info in your signature?
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #3  
Old 24-03-2008, 02:20 PM
kanoakavirus's Avatar
CJ Donator
Intel Nvidia
kanoakavirus is offline
 
Join Date: Mar 2008
Last Online: 25-08-2008 11:51 AM
Age: 97
Posts: 1,203
iTrader: (0)
kanoakavirus is on a distinguished roadkanoakavirus is on a distinguished road
Default I think a got a virus - Desktopvirii
you shouldn't need 6 different anti virus scanners let alone use them, its most likely adware, what anti virus protection do you have?
 __________________

My System: KaV

CPU(s):
Intel(R) Pentium(R) 4 CPU 3.00GHz
Motherboard:
DCC 0N2828
RAM:
Dell 2 x 256 mb DDR
Graphics Card(s):
NVIDIA GeForce4 MX 440 with AGP8x
Sound Card:
Creative Sound Blaster 5.1
Hard Drive(s):
Maxtor 2x 60gb
Optical Drive(s):
Generic Shite
Case / PSU:
Dell/Custom - 550w Trust
Cooling:
1 x 120/80mm led fans 2x 40mm led fans
Network / Internet:
Broadband 2mb
Monitor(s):
DELL M992 17"
Operating System(s):
Windows XP Home/Service pack 2 /32bit

Want your system info in your signature?
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #4  
Old 24-03-2008, 02:26 PM
kanoakavirus's Avatar
CJ Donator
Intel Nvidia
kanoakavirus is offline
 
Join Date: Mar 2008
Last Online: 25-08-2008 11:51 AM
Age: 97
Posts: 1,203
iTrader: (0)
kanoakavirus is on a distinguished roadkanoakavirus is on a distinguished road
Default I think a got a virus - Desktopvirii
http://www.computer-juice.com/forums...n-guide-15254/
 __________________

My System: KaV

CPU(s):
Intel(R) Pentium(R) 4 CPU 3.00GHz
Motherboard:
DCC 0N2828
RAM:
Dell 2 x 256 mb DDR
Graphics Card(s):
NVIDIA GeForce4 MX 440 with AGP8x
Sound Card:
Creative Sound Blaster 5.1
Hard Drive(s):
Maxtor 2x 60gb
Optical Drive(s):
Generic Shite
Case / PSU:
Dell/Custom - 550w Trust
Cooling:
1 x 120/80mm led fans 2x 40mm led fans
Network / Internet:
Broadband 2mb
Monitor(s):
DELL M992 17"
Operating System(s):
Windows XP Home/Service pack 2 /32bit

Want your system info in your signature?
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #5  
Old 24-03-2008, 07:57 PM
evilfantasy's Avatar
CJ Moderator
Intel ATi
evilfantasy is offline
Send a message via Yahoo to evilfantasy
 
Join Date: Jul 2007
Last Online: Today 08:00 AM
Posts: 4,546
iTrader: (0)
evilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond repute
Default I think a got a virus - Desktopvirii
Post a HJT log from here > http://www.computer-juice.com/forums...-posting-7476/
__________________
.
.
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #6  
Old 24-03-2008, 09:26 PM
No Avatar
XeneX  Canada
CJ Member
 
XeneX is offline
 
Join Date: Mar 2008
Last Online: 24-04-2008 11:54 PM
Posts: 11
iTrader: (0)
XeneX is on a distinguished road
Default I think a got a virus - Desktopvirii
---------------
HJT log
---------------


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:29:47 PM, on 3/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Antivirus_ETC\Avast\aswUpdSv.exe
C:\Antivirus_ETC\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Antivirus_ETC\Avast\ashMaiSv.exe
C:\Antivirus_ETC\Avast\ashWebSv.exe
C:\WINDOWS\cjofklcn.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\ANTIVI~1\Avast\ashDisp.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Razer\razerhid.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\DNA\btdna.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\ARM Software\MacroMaker\MacroMaker.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
C:\Program Files\Razer\razertra.exe
C:\Program Files\Razer\razerofa.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\ANTIVI~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Vystal] C:\Documents and Settings\Owner\Desktop\VystalVivid\Vystal 2.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKCU\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe" /lang en
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKLM\..\Policies\Explorer\Run: [gsgnOglhP0] C:\WINDOWS\cjofklcn.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: MacroMaker.lnk = ?
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: YouTube Uploader.lnk = C:\Documents and Settings\Owner\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.ncix.com
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1198446616406
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Antivirus_ETC\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Antivirus_ETC\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Antivirus_ETC\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Antivirus_ETC\Avast\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 11983 bytes
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #7  
Old 25-03-2008, 04:14 AM
evilfantasy's Avatar
CJ Moderator
Intel ATi
evilfantasy is offline
Send a message via Yahoo to evilfantasy
 
Join Date: Jul 2007
Last Online: Today 08:00 AM
Posts: 4,546
iTrader: (0)
evilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond repute
Default I think a got a virus - Desktopvirii
Uninstall one of the antivirus you have. Running two is never advised and will cause problems. Slow system, crashes and false positives.

After you have uninstalled one of the AVs

Download NoLop to your desktop from one of the links below...
  • Close any programs you have running since a reboot is required
  • Double click NoLop.exe to run it
  • Next, click the button labeled: Search and Destroy
    • Your computer will now be scanned for infected files
  • When the scan finishes, if infected, you are prompted to reboot
  • Click OK
  • Now click: REBOOT
  • A Message should popup from NoLop. If not, double click the program again and it will finish.
  • Post the contents of C:\NoLop.log in the next reply.
Note: If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program.

----------

Download Vundofix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • When VundoFix opens, click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.

Please let Vundo finish, sometimes it can take multiple passes

----------

Now run a new HJT scan and post that log also.

----------

Next post please add
No Lop log
Vundofix log
New HJT log
__________________
.
.
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #8  
Old 25-03-2008, 07:14 PM
No Avatar
XeneX  Canada
CJ Member
 
XeneX is offline
 
Join Date: Mar 2008
Last Online: 24-04-2008 11:54 PM
Posts: 11
iTrader: (0)
XeneX is on a distinguished road
Default I think a got a virus - Desktopvirii
OK. No Lop and Vundofix didn't find any "problems" but I know there are. Here's the new logs and crap:

----------------
HJT Log
----------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:09:57 PM, on 3/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Antivirus_ETC\Avast\aswUpdSv.exe
C:\Antivirus_ETC\Avast\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\cjofklcn.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\ANTIVI~1\Avast\ashDisp.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Razer\razerhid.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\ARM Software\MacroMaker\MacroMaker.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Razer\razertra.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Antivirus_ETC\Avast\ashMaiSv.exe
C:\Antivirus_ETC\Avast\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Razer\razerofa.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\sniper.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\ANTIVI~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Vystal] C:\Documents and Settings\Owner\Desktop\VystalVivid\Vystal 2.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKCU\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe" /lang en
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKLM\..\Policies\Explorer\Run: [gsgnOglhP0] C:\WINDOWS\cjofklcn.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: MacroMaker.lnk = ?
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: YouTube Uploader.lnk = C:\Documents and Settings\Owner\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.ncix.com
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1198446616406
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Antivirus_ETC\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Antivirus_ETC\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Antivirus_ETC\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Antivirus_ETC\Avast\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 11533 bytes




-----------------
Vundo Log
-----------------

VundoFix V7.0.3

Scan started at 3:39:17 PM 3/25/2008

Listing files found while scanning....

No infected files were found.


Beginning removal...

VundoFix V7.0.3

Scan started at 4:01:44 PM 3/25/2008

Listing files found while scanning....

No infected files were found.


--------------------
No Lop Log
--------------------
NoLop! Log by Skate_Punk_21

Please Note: any existing old logs will have now been renamed to NoLop!OLD.log

Fix running from: C:\Program Files\Mozilla Firefox
[3/25/2008]
[3:53:43 PM]

---Infection Files Found/Removed---
NO INFECTION FILES FOUND - Cleaning Aborted.

---Listing AppData sub directories---

C:\Documents and Settings\All Users\Application Data\Acoustica
C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Apple
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Avg7
C:\Documents and Settings\All Users\Application Data\Firstclass
C:\Documents and Settings\All Users\Application Data\Flexnet
C:\Documents and Settings\All Users\Application Data\Grisoft
C:\Documents and Settings\All Users\Application Data\Lavasoft
C:\Documents and Settings\All Users\Application Data\Macromedia
C:\Documents and Settings\All Users\Application Data\Malwarebytes
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Microsoft Help
C:\Documents and Settings\All Users\Application Data\Nch Swift Sound
C:\Documents and Settings\All Users\Application Data\Nero
C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Sectaskman
C:\Documents and Settings\All Users\Application Data\Songbirdvlc
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Application Data\Superantispyware.com
C:\Documents and Settings\All Users\Application Data\Techsmith
C:\Documents and Settings\All Users\Application Data\Temp -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Winzip
C:\Documents and Settings\All Users\Application Data\Yoyogames
C:\Documents and Settings\Default User\Application Data\Identities
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Hackaged\Application Data\Adobe
C:\Documents and Settings\Hackaged\Application Data\Avg7
C:\Documents and Settings\Hackaged\Application Data\Identities
C:\Documents and Settings\Hackaged\Application Data\Macromedia
C:\Documents and Settings\Hackaged\Application Data\Microsoft
C:\Documents and Settings\Hackaged\Application Data\Mozilla
C:\Documents and Settings\Hax\Application Data\Avg7
C:\Documents and Settings\Hax\Application Data\Identities
C:\Documents and Settings\Hax\Application Data\Microsoft
C:\Documents and Settings\Lksljksdjksdf\Application Data\Avg7
C:\Documents and Settings\Lksljksdjksdf\Application Data\Identities
C:\Documents and Settings\Lksljksdjksdf\Application Data\Microsoft
C:\Documents and Settings\Lksljksdjksdf\Application Data\Mozilla
C:\Documents and Settings\Lksljksdjksdf\Application Data\Nero
C:\Documents and Settings\Localservice\Application Data\Avg7 -- EMPTY Directory
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Logmeinremoteuser\Application Data\Identities
C:\Documents and Settings\Logmeinremoteuser\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Owner\Application Data\Ace Explorer
C:\Documents and Settings\Owner\Application Data\Acoustica
C:\Documents and Settings\Owner\Application Data\Adobe
C:\Documents and Settings\Owner\Application Data\Apple Computer
C:\Documents and Settings\Owner\Application Data\Avg7
C:\Documents and Settings\Owner\Application Data\Bittorrent
C:\Documents and Settings\Owner\Application Data\Clickteam
C:\Documents and Settings\Owner\Application Data\Dev-cpp
C:\Documents and Settings\Owner\Application Data\Dna
C:\Documents and Settings\Owner\Application Data\Dvdcss
C:\Documents and Settings\Owner\Application Data\Fretsonfire
C:\Documents and Settings\Owner\Application Data\Google
C:\Documents and Settings\Owner\Application Data\Gtk-2.0
C:\Documents and Settings\Owner\Application Data\Hamachi
C:\Documents and Settings\Owner\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Owner\Application Data\Identities
C:\Documents and Settings\Owner\Application Data\Installshield
C:\Documents and Settings\Owner\Application Data\Leadertech
C:\Documents and Settings\Owner\Application Data\Lego Company
C:\Documents and Settings\Owner\Application Data\Macromedia
C:\Documents and Settings\Owner\Application Data\Malwarebytes
C:\Documents and Settings\Owner\Application Data\Microsoft
C:\Documents and Settings\Owner\Application Data\Move Networks
C:\Documents and Settings\Owner\Application Data\Mozilla
C:\Documents and Settings\Owner\Application Data\Mxboost
C:\Documents and Settings\Owner\Application Data\Nch Swift Sound
C:\Documents and Settings\Owner\Application Data\Nero
C:\Documents and Settings\Owner\Application Data\Netscape
C:\Documents and Settings\Owner\Application Data\Nexon
C:\Documents and Settings\Owner\Application Data\Notepad++
C:\Documents and Settings\Owner\Application Data\Openoffice.org2
C:\Documents and Settings\Owner\Application Data\Opera
C:\Documents and Settings\Owner\Application Data\Qtrax1
C:\Documents and Settings\Owner\Application Data\Realworld
C:\Documents and Settings\Owner\Application Data\Securom
C:\Documents and Settings\Owner\Application Data\Styler
C:\Documents and Settings\Owner\Application Data\Sun
C:\Documents and Settings\Owner\Application Data\Superantispyware.com
C:\Documents and Settings\Owner\Application Data\Thunderbird
C:\Documents and Settings\Owner\Application Data\Utorrent
C:\Documents and Settings\Owner\Application Data\Ventrilo
C:\Documents and Settings\Owner\Application Data\Vistart
C:\Documents and Settings\Owner\Application Data\Vlc
C:\Documents and Settings\Owner\Application Data\Winrar -- EMPTY Directory


OK, please message me back if you find any crappy things that are eating my computer. I really appreciate this!
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #9  
Old 25-03-2008, 07:33 PM
evilfantasy's Avatar
CJ Moderator
Intel ATi
evilfantasy is offline
Send a message via Yahoo to evilfantasy
 
Join Date: Jul 2007
Last Online: Today 08:00 AM
Posts: 4,546
iTrader: (0)
evilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond repute
Default I think a got a virus - Desktopvirii
I have it identified, these next few steps will begin to cure it.

----------

Uninstall one of the antivirus you have. Running two is never advised and will cause problems. Slow system, crashes and false positives.


----------

Please download Combofix by sUBs from one of the below links.
(Try all three if necessary)Important! Combofix.exe MUST be saved to and ran from the Desktop.
  • Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting Combofix.
  • Important! Temporarily disable your antivirus, script blocking and any antispyware real time protection before performing a scan.
    • Click this link to see a list of security programs that should be disabled and how to disable them.
    • If yours is not listed and you don't know how to disable it, please ask.
  • Warning: Combofix disconnects your computer from the internet. The connection is automatically restored before Combofix completes its run.
  • Double click combofix.exe & follow the prompts.
    • From the keyboard select 1 and press Enter
  • When finished, it will produce a log for you.
  • Post that log in your next reply.
Warning: Do not mouseclick combofix's window while it is running. That may cause it to stall
  • If Combofix runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your computer.
  • Important: Remember to re-enable your antivirus and antispyware before reconnecting to the Internet.
----------

Create An Uninstall List
  • Start HijackThis
  • Click on the Open the Misc Tools section
  • Click on the Open Uninstall Manager button.
  • Click on the Save list button and specify where you would like to save this file and click Save.
    • When you press Save button a notepad will open with the contents of that file.
  • Copy and paste that list in your reply.
----------

Next post
Combofix log
Uninstall list
A NEW Hijackthis log
__________________
.
.
Last edited by evilfantasy : 25-03-2008 at 07:33 PM.
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #10  
Old 25-03-2008, 10:00 PM
No Avatar
XeneX  Canada
CJ Member
 
XeneX is offline
 
Join Date: Mar 2008
Last Online: 24-04-2008 11:54 PM
Posts: 11
iTrader: (0)
XeneX is on a distinguished road
Default I think a got a virus - Desktopvirii
Combofix takes a while, Don't it?

Combofix Log

ComboFix 08-03-25.1 - Owner 2008-03-25 18:48:43.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1424 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
TimedOut: progfile.dat
-- Script messages for sUBs --
Findstr -MIF:/ sursen
VFind.exe -ltf -s-1000000 -d+2007-12-25 "C:\Program Files\*"
Findstr -MIF:/ "\\TTC\.pdb InsertAdvertisement"
GREP -i "C:\\Program Files\\[^\\]*\\[^\\]*$"
VFind -tf -s282624 "C:\Program Files\????????*[0-9].dll"
VFind.exe -ltf -s-1000000 -d+2007-12-25 "C:\Program Files\*"

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\pskill.exe

.
((((((((((((((((((((((((( Files Created from 2008-02-25 to 2008-03-25 )))))))))))))))))))))))))))))))
.

2008-03-25 17:06 . 2008-03-25 17:06 <DIR> d--h----- C:\WINDOWS\PIF
2008-03-25 15:39 . 2008-03-25 15:39 <DIR> d-------- C:\VundoFix Backups
2008-03-25 08:28 . 2008-03-25 15:53 212 --a------ C:\delete.bat
2008-03-24 18:26 . 2008-03-24 18:26 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-23 18:59 . 2008-03-23 18:59 <DIR> d-------- C:\fsaua.data
2008-03-23 18:54 . 2008-03-23 18:54 3,070 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-23 18:53 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-03-23 18:53 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-03-23 18:53 . 2008-03-22 15:49 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-03-23 18:53 . 2008-03-15 17:16 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-03-23 18:53 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-03-23 18:53 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-23 18:53 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-23 17:56 . 2008-03-23 17:56 <DIR> d-------- C:\Program Files\Acoustica Shared Effects
2008-03-23 17:56 . 2008-03-23 17:56 <DIR> d-------- C:\Program Files\Acoustica Mixcraft 3
2008-03-23 17:56 . 2008-03-23 17:56 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Acoustica
2008-03-23 17:56 . 2008-03-23 17:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Acoustica
2008-03-23 17:56 . 2007-08-07 11:32 57,344 --a------ C:\WINDOWS\system32\Wnaspint.dll
2008-03-23 17:38 . 2008-03-23 17:38 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\RealWorld
2008-03-23 17:37 . 2008-03-23 17:37 <DIR> d-------- C:\Program Files\RealWorld Cursor Editor
2008-03-23 02:52 . 2008-03-23 02:52 94,208 --a------ C:\WINDOWS\system32\wwxzzslu.exe
2008-03-22 20:10 . 2008-03-22 20:12 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Dev-Cpp
2008-03-22 20:09 . 2008-03-22 20:10 <DIR> d-------- C:\Dev-Cpp
2008-03-22 18:33 . 2008-03-22 18:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-22 18:27 . 2008-03-22 18:27 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-22 18:27 . 2008-03-22 18:27 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-03-22 18:27 . 2008-03-22 18:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-22 18:26 . 2008-03-22 18:26 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-22 18:26 . 2008-03-22 18:26 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-03-22 18:26 . 2008-03-22 18:26 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-03-22 16:01 . 2008-03-22 16:01 <DIR> d-------- C:\Program Files\PC-Cleaner
2008-03-22 15:15 . 2008-03-22 15:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-03-22 15:14 . 2008-03-22 15:15 <DIR> d-------- C:\Program Files\Security Task Manager
2008-03-22 14:53 . 2008-03-22 14:53 <DIR> d-------- C:\Documents and Settings\Owner\Desktopvirii
2008-03-22 14:52 . 2008-03-22 14:52 94,208 --a------ C:\WINDOWS\system32\qyxfwuwo.exe
2008-03-22 14:52 . 2008-03-22 14:52 40,448 --a------ C:\WINDOWS\cjofklcn.exe
2008-03-22 14:48 . 2008-03-22 14:48 <DIR> d-------- C:\Program Files\ExeScript
2008-03-22 13:51 . 2008-03-22 13:51 <DIR> d-------- C:\WINDOWS\system32\test
2008-03-22 13:14 . 2008-03-22 13:17 34 --a------ C:\WINDOWS\system32\LOOKING.bat
2008-03-22 09:47 . 2008-03-22 09:52 90 --a------ C:\WINDOWS\system32\connect.bat
2008-03-21 20:44 . 2008-03-21 20:44 <DIR> d-------- C:\WINDOWS\system32\Pwned like a dinosaur
2008-03-21 20:31 . 2008-03-21 20:31 <DIR> d-------- C:\Documents and Settings\Users\Owner
2008-03-21 12:30 . 2008-03-21 12:30 <DIR> d-------- C:\WINDOWS\system32\hi
2008-03-21 07:12 . 1998-04-24 20:55 5 --a------ C:\WINDOWS\VS98ENT.MIF
2008-03-21 07:06 . 2008-03-21 07:06 <DIR> d-------- C:\~MSSETUP.T
2008-03-21 07:06 . 2008-03-21 07:11 143,300 --a------ C:\WINDOWS\vssetup.ttf
2008-03-21 07:06 . 2008-03-21 07:11 1,409 --a------ C:\WINDOWS\vssetup.for
2008-03-19 17:13 . 2008-03-19 17:13 <DIR> d-------- C:\Program Files\GrudgeMU
2008-03-19 08:13 . 2008-03-19 08:21 <DIR> d-------- C:\wget
2008-03-19 07:42 . 2008-03-22 18:24 <DIR> d-------- C:\Program Files\2Moons
2008-03-18 20:21 . 2007-11-15 18:46 83,288 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll
2008-03-18 20:21 . 2007-08-03 15:09 46,112 --a------ C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2008-03-18 20:21 . 2007-11-15 18:46 21,496 --a------ C:\WINDOWS\system32\LMIport.dll
2008-03-18 20:20 . 2008-03-25 07:38 <DIR> d-------- C:\Program Files\LogMeIn
2008-03-18 20:20 . 2007-11-15 18:46 87,352 --a------ C:\WINDOWS\system32\LMIinit.dll
2008-03-18 20:20 . 2008-03-18 20:20 1,024 --a------ C:\.rnd
2008-03-18 15:40 . 2008-03-18 15:42 <DIR> d-------- C:\Program Files\MediaCoder
2008-03-17 19:11 . 2008-03-17 19:12 <DIR> d-------- C:\Program Files\PlaneShift Steel Blue
2008-03-16 17:14 . 2008-03-16 17:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-03-16 07:39 . 2008-03-16 07:42 <DIR> d--h----- C:\Program Files\Zero G Registry
2008-03-16 07:39 . 2008-03-16 07:40 <DIR> d-------- C:\Program Files\Shadowbane - Throne of Oblivion
2008-03-16 07:38 . 2008-03-16 07:38 <DIR> d--h----- C:\Documents and Settings\Owner\InstallAnywhere
2008-03-14 18:40 . 2008-03-14 18:57 <DIR> d-------- C:\Program Files\Knight Online
2008-03-12 12:50 . 2008-03-12 12:50 <DIR> d-------- C:\Program Files\CDBurnerXP
2008-03-11 17:29 . 2008-03-22 06:58 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-03-10 18:15 . 2008-03-10 18:15 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Nero
2008-03-10 18:13 . 2008-03-10 18:13 <DIR> d-------- C:\Program Files\Nero
2008-03-10 18:13 . 2008-03-10 18:14 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-03-10 18:13 . 2008-03-10 18:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-03-09 09:53 . 2008-03-09 09:53 110,714 --a------ C:\WINDOWS\UninstallFirefox.exe
2008-03-09 09:43 . 2008-03-09 09:43 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\MxBoost
2008-03-09 09:39 . 2008-03-09 09:39 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Netscape
2008-03-09 09:38 . 2008-03-09 09:42 <DIR> d-------- C:\Program Files\MYIE2
2008-03-09 09:35 . 2008-03-09 09:47 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Ace Explorer
2008-03-09 09:34 . 2008-03-09 09:34 <DIR> d-------- C:\Program Files\Netscape
2008-03-09 09:34 . 2008-03-09 09:35 <DIR> d-------- C:\Program Files\Ace Explorer
2008-03-09 09:32 . 2008-03-09 09:43 <DIR> d-------- C:\Program Files\Maxthon2
2008-03-09 09:18 . 2008-03-09 09:18 <DIR> d-------- C:\Program Files\Safari
2008-03-09 09:09 . 2008-03-25 15:49 <DIR> d-------- C:\Program Files\Mozilla Firefox 3 Beta 3
2008-03-08 15:03 . 2008-03-08 15:03 <DIR> d-------- C:\Program Files\DNA
2008-03-08 15:03 . 2008-03-08 15:03 <DIR> d-------- C:\Program Files\BitTorrent
2008-03-08 15:03 . 2008-03-25 18:50 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\DNA
2008-03-08 15:03 . 2008-03-16 08:35 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\BitTorrent
2008-03-08 14:47 . 2008-03-08 14:47 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\LEGO Company
2008-03-08 14:45 . 2008-03-08 14:45 <DIR> d-------- C:\Program Files\LEGO Company
2008-03-08 10:29 . 2008-03-08 10:30 <DIR> d--h-c--- C:\WINDOWS\ie8
2008-03-07 21:19 . 2008-03-07 21:19 <DIR> d-------- C:\Program Files\SourceTec
2008-03-07 21:19 . 2008-03-07 21:19 <DIR> d-------- C:\Program Files\Common Files\SourceTec
2008-03-05 10:56 . 2008-03-07 21:20 <DIR> d-------- C:\DVDVideoSoft
2008-03-05 10:55 . 2008-03-05 10:55 <DIR> d-------- C:\Program Files\DVDVideoSoft
2008-03-05 10:55 . 2008-03-05 10:55 <DIR> d-------- C:\Program Files\Common Files\DVDVideoSoft
2008-03-05 10:55 . 2002-01-05 15:37 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2008-03-05 10:22 . 2008-03-05 10:22 <DIR> d-------- C:\Program Files\Veoh Networks
2008-03-04 17:15 . 2008-03-04 17:15 <DIR> d-------- C:\Program Files\Microsoft Works
2008-03-04 17:12 . 2008-03-04 17:15 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-03-04 17:12 . 2008-03-04 17:12 <DIR> dr-h----- C:\MSOCache
2008-03-03 21:01 . 2008-03-03 21:01 142,848 --------- C:\WINDOWS\system32\IESetting.dll
2008-03-03 19:13 . 2008-03-03 19:13 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2008-03-03 19:13 . 2008-03-03 19:13 <DIR> d-------- C:\Program Files\TechSmith
2008-03-03 19:13 . 2008-03-03 19:13 <DIR> d-------- C:\Program Files\Common Files\TechSmith Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-03-25 22:53 --------- d-----w C:\Documents and Settings\Owner\Application Data\Hamachi
2008-03-25 21:06 --------- d-----w C:\Documents and Settings\Owner\Application Data\AVG7
2008-03-25 19:49 --------- d-----w C:\Program Files\Steam
2008-03-24 22:15 --------- d-----w C:\Program Files\Java
2008-03-24 22:14 --------- d-----w C:\Program Files\Bonjour
2008-03-23 21:56 --------- d-----w C:\Program Files\VstPlugins
2008-03-22 22:25 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-22 22:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-22 19:06 --------- d-----w C:\Program Files\WinFlip
2008-03-22 00:26 --------- d-----w C:\Program Files\World of Warcraft
2008-03-21 14:19 --------- d-----w C:\Documents and Settings\Owner\Application Data\uTorrent
2008-03-16 20:59 --------- d-----w C:\Program Files\ArtMoney
2008-03-16 11:41 --------- d-----w C:\Program Files\Ubisoft
2008-03-15 00:20 --------- d-----w C:\Program Files\Qtrax_20080125
2008-03-10 22:16 --------- d-----w C:\Documents and Settings\Owner\Application Data\gtk-2.0
2008-03-09 13:19 --------- d-----w C:\Documents and Settings\Owner\Application Data\Apple Computer
2008-03-06 21:17 --------- d-----w C:\Documents and Settings\Owner\Application Data\OpenOffice.org2
2008-03-05 16:24 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-04 01:01 830,464 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-04 01:01 434,176 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-03-04 01:01 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
2008-03-04 00:53 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
2008-03-04 00:52 41,984 ----a-w C:\WINDOWS\system32\licmgr10.dll
2008-03-04 00:52 17,920 ----a-w C:\WINDOWS\system32\corpol.dll
2008-03-04 00:51 69,120 ----a-w C:\WINDOWS\system32\iesetup.dll
2008-03-04 00:51 69,120 ----a-w C:\WINDOWS\system32\admparse.dll
2008-03-04 00:50 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
2008-03-04 00:50 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
2008-03-04 00:50 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
2008-02-27 12:58 --------- d-----w C:\Program Files\Tiger Gaming
2008-02-26 01:00 --------- d-----w C:\Program Files\PokerStars
2008-02-25 20:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-24 15:59 64,866 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-02-24 15:59 6,114 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-02-24 15:27 --------- d-----w C:\Program Files\Common Files\Stardock
2008-02-24 00:20 --------- d-----w C:\Program Files\TGTSoft
2008-02-23 22:18 --------- d-----w C: