VERY bad Virus problem... HELP!

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

ralphygarfield

Thread Starter
Joined
May 23, 2008
Messages
93
It looks like I have some kind of vicious-circle of a virus problem. Seems they keep replicating themselves after I delete them. What's funny is that I'm not actually noticing any problems with my computer.

I don't really have a clue where I keep getting these from. Some are from Key-Gens, although I don't make any revisions to these files, yet it keeps detecting new ones each time!! What's interesting is that I have another computer which I do all the same type of things from, and after a month of owning it, it has not had one virus that I know of.

Please, Please take a look at the logs and let me know what could be happening and how to fix it!

Here are all my Avast logs ever since this latest install of Windows XP:

06/02/2008 20:45
Scan of all local drives

File C:\Documents and Settings\Admin\Desktop\Unused Desktop Items\AMV_Convert_400.zip\MP3 Player Utilities 4.00\MSI.CAB\_6227252443C841BF9FFDFF29A9856421 is infected by Win32:Deleter [Tool], Deleted
File C:\Documents and Settings\Admin\Desktop\Unused Desktop Items\AMV_Convert_400.zip\MP3 Player Utilities 4.00\MSI.CAB\_D0894C466A324CC8A6726E1FE41CBFB7 is infected by Win32:Trojan-gen {Other}, Deleted
File C:\Documents and Settings\Admin\Desktop\Unused Desktop Items\AMV_Convert_400.zip\MP3 Player Utilities 4.00\SETUP.EXE is infected by Win32:Deleter [Tool], Deleted
File C:\Documents and Settings\Admin\Desktop\Unused Desktop Items\keys for programs\R-Studio 4 Net Keygen\keygen.exe is infected by Win32:Trojan-gen {Other}, Deleted
File C:\Program Files\MP3 Player Utilities 4.00\DelDrv.exe is infected by Win32:Deleter [Tool], Deleted
File C:\Program Files\MP3 Player Utilities 4.00\MediaManager\net.dll is infected by Win32:Trojan-gen {Other}, Deleted
File C:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP46\A0020712.exe is infected by Win32:Trojan-gen {Other}, Deleted
File C:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP46\A0020713.exe is infected by Win32:Deleter [Tool], Deleted
File C:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP46\A0020714.dll is infected by Win32:Trojan-gen {Other}, Deleted
Number of searched folders: 5596
Number of tested files: 346617
Number of infected files: 9

----------------------------------------
06/19/2008 20:26
Scan of all local drives

File C:\Documents and Settings\Admin\Desktop\Unused Desktop Items\AMV_Convert_400.zip\MP3 Player Utilities 4.00\MSI.CAB Error 42125 {ZIP archive is corrupted.}
Number of searched folders: 6757
Number of tested files: 333914
Number of infected files: 0

----------------------------------------
07/25/2008 17:33
Scan of C:\

Scan of F:\

File C:\Documents and Settings\Admin\Desktop\Unused Desktop Items\AMV_Convert_400.zip\MP3 Player Utilities 4.00\MSI.CAB Error 42125 {ZIP archive is corrupted.}
File C:\Documents and Settings\Admin\Desktop\Unused Desktop Items\keys for programs\DDVDFabPlat3200Reg.ICU\All.Fengtao.Software.Universal.Patch.1.01-ICU\All.Fengtao.Software.Universal.Patch.1.01-ICU.exe is infected by Win32:Trojan-gen {Other}, Deleted
File C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\Y1ELSNKZ\favicon1[1].ico is infected by Win32:Zlob-CGW [Trj], Deleted
File C:\Documents and Settings\Secondary Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\b4pdvwqx.default\Cache\BC436E78d01 is infected by Win32:Spyware-gen [Trj], Deleted
File C:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP99\A0027906.exe is infected by Win32:Trojan-gen {Other}, Deleted
Number of searched folders: 21116
Number of tested files: 678921
Number of infected files: 4

----------------------------------------
08/07/2008 04:25
Scan of C:\

Scan of G:\

File C:\$RECYCLE.BIN\S-1-5-21-2958512360-3919329639-593960396-1000\$RQ8GU3L\keygen.exe is infected by Win32:Trojan-gen {Other}, Deleted
File C:\Documents and Settings\Admin\Desktop\Unused Desktop Items\AMV_Convert_400.zip\MP3 Player Utilities 4.00\MSI.CAB Error 42125 {ZIP archive is corrupted.}
File C:\Program Files\NeoSmart Technologies\EasyBCD\TweakVI Setup.exe\tweakvi-basic.exe\%AppFolder%\TweakVI.exe Error 42146 {Installer archive is corrupted.}
File C:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP110\A0031439.exe is infected by Win32:Trojan-gen {Other}, Deleted
File G:\found.000\dir0002.chk\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP56\A0021280.exe is infected by Win32:Trojan-gen {Other}, Deleted
File G:\found.000\dir0002.chk\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP56\A0021281.exe is infected by Win32:Trojan-gen {Other}, Deleted
File G:\found.000\dir0002.chk\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP77\A0023966.exe is infected by Win32:Trojan-gen {Other}, Deleted
File G:\found.000\dir0002.chk\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP77\A0023967.exe is infected by Win32:Agent-YIM [Trj], Deleted
File G:\found.000\dir0002.chk\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP77\A0023968.exe is infected by Win32:Agent-YIM [Trj], Deleted
File G:\found.000\dir0002.chk\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP77\A0023970.exe is infected by Win32:Trojan-gen {Other}, Deleted
File G:\found.000\dir0002.chk\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP99\A0027832.exe is infected by Win32:Trojan-gen {Other}, Deleted
File G:\Maxtor backup\PAL\C\Documents and Settings\Admin\Desktop\Unused Desktop Items\AMV_Convert_400.zip\MP3 Player Utilities 4.00\MSI.CAB Error 42125 {ZIP archive is corrupted.}
File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP100\A0030009.exe is infected by Win32:Trojan-gen {Other}, Deleted
File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP100\A0030198.exe is infected by Win32:Trojan-gen {Other}, Deleted
File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP100\A0030552.exe is infected by Win32:Trojan-gen {Other}, Deleted
File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP100\A0030597.exe is infected by Win32:Trojan-gen {Other}, Deleted
File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP100\A0030728.exe is infected by Win32:Trojan-gen {Other}, Deleted
File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP104\A0031311.exe is infected by Win32:Trojan-gen {Other}, Deleted
File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP104\A0031312.exe is infected by Win32:Agent-YIM [Trj], Deleted
File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP104\A0031313.exe is infected by Win32:Trojan-gen {Other}, Deleted
File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP104\A0031314.exe is infected by Win32:Trojan-gen {Other}, Deleted
File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP110\A0031440.exe is infected by Win32:Trojan-gen {Other}, Deleted
File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP110\A0031441.exe is infected by Win32:Trojan-gen {Other}, Deleted
File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP110\A0031442.exe is infected by Win32:Trojan-gen {Other}, Deleted
File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP110\A0031443.exe is infected by Win32:Agent-YIM [Trj], Deleted
File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP110\A0031444.exe is infected by Win32:Agent-YIM [Trj], Deleted
File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP110\A0031445.exe is infected by Win32:Trojan-gen {Other}, Deleted
File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP110\A0031446.exe is infected by Win32:Trojan-gen {Other}, Deleted
File G:\x\Downloads\Drivers, Programs & More\Unused Desktop Items\AMV_Convert_400.zip\MP3 Player Utilities 4.00\MSI.CAB Error 42125 {ZIP archive is corrupted.}
Number of searched folders: 9861
Number of tested files: 1126960
Number of infected files: 25

----------------------------------------
08/09/2008 11:40
Scan of C:\

Scan of G:\

File C:\Program Files\NeoSmart Technologies\EasyBCD\TweakVI Setup.exe\tweakvi-basic.exe\%AppFolder%\TweakVI.exe Error 42146 {Installer archive is corrupted.}
File G:\Maxtor backup\PAL\History\Level2\C\Documents and Settings\Admin\Desktop\Unused Desktop Items\AMV_Convert_400.zip\MP3 Player Utilities 4.00\MSI.CAB Error 42125 {ZIP archive is corrupted.}
Number of searched folders: 9714
Number of tested files: 1078626
Number of infected files: 0

----------------------------------------
09/16/2008 19:23
Scan of C:\

Scan of G:\

File C:\Program Files\NeoSmart Technologies\EasyBCD\TweakVI Setup.exe\tweakvi-basic.exe\%AppFolder%\TweakVI.exe Error 42146 {Installer archive is corrupted.}
File C:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP163\A0040912.exe is infected by Win32:Monga [Trj], Deleted
File C:\WINDOWS\system32\reboot.exe is infected by Win32:Trojan-gen {Other}, Deleted
File G:\System Volume Information\_restore{BF71FC7C-C3ED-41AB-842B-5E69B0FE98F8}\RP22\A0002314.exe is infected by Win32:Monga [Trj], Deleted
File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP100\A0030197.exe is infected by Win32:Monga [Trj], Deleted
File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP100\A0030551.exe is infected by Win32:Monga [Trj], Deleted
File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP100\A0030727.exe is infected by Win32:Monga [Trj], Deleted
File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP100\A0030749.exe is infected by Win32:Downloader-BQD [Trj], Deleted
File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP100\A0030767.exe is infected by Win32:Agent-ABII [Trj], Deleted
File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP110\A0031750.exe is infected by Win32:Monga [Trj], Deleted
File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP163\A0040946.exe is infected by Win32:Monga [Trj], Deleted
Number of searched folders: 10448
Number of tested files: 1041979
Number of infected files: 10

----------------------------------------
10/08/2008 21:30
Scan of C:\

Scan of G:\

File C:\Documents and Settings\Admin\Desktop\Unused Desktop Items\keys for programs\BitDefender AntiVirus 2008 Build 11.0.13 Keygen\Keymaker.exe is infected by Win32:VB-KHX [Trj], Deleted
File C:\Documents and Settings\Admin\Desktop\Unused Desktop Items\keys for programs\BitDefender IS 2008 New KeyGen\Keymaker.exe is infected by Win32:VB-KHX [Trj], Deleted
File C:\Documents and Settings\Admin\Desktop\Unused Desktop Items\keys for programs\BitDefender Total Security 2008 Keygen\Keymaker.exe is infected by Win32:VB-KHX [Trj], Deleted
File C:\Documents and Settings\Admin\Desktop\Unused Desktop Items\keys for programs\Helium.Music.Manager_2007.0.0.5630.Crack-NoPE\helium.music.manager.2007.0.0.5630-NoPE.exe is infected by Win32:IRCBot-DIZ [Trj], Deleted
File C:\Documents and Settings\Admin\Desktop\Unused Desktop Items\keys for programs\Registry.Mechanic.v7.0.0.1010.Incl.Keymaker-TSRh\Keygen\KeyGen.exe is infected by Win32:VB-KHW [Trj], Deleted
File C:\Program Files\NeoSmart Technologies\EasyBCD\TweakVI Setup.exe\tweakvi-basic.exe\%AppFolder%\TweakVI.exe Error 42146 {Installer archive is corrupted.}
File C:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP168\A0041090.exe is infected by Win32:Trojan-gen {Other}, Deleted
File C:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP183\A0042468.exe is infected by Win32:VB-KHX [Trj], Deleted
File C:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP183\A0042469.exe is infected by Win32:VB-KHX [Trj], Deleted
File C:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP183\A0042470.exe is infected by Win32:VB-KHX [Trj], Deleted
File C:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP183\A0042471.exe is infected by Win32:IRCBot-DIZ [Trj], Deleted
File C:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP183\A0042472.exe is infected by Win32:VB-KHW [Trj], Deleted
File G:\Maxtor backup\PAL\C\Documents and Settings\Admin\Desktop\Unused Desktop Items\keys for programs\BitDefender AntiVirus 2008 Build 11.0.13 Keygen\Keymaker.exe is infected by Win32:VB-KHX [Trj], Deleted
File G:\Maxtor backup\PAL\C\Documents and Settings\Admin\Desktop\Unused Desktop Items\keys for programs\BitDefender IS 2008 New KeyGen\Keymaker.exe is infected by Win32:VB-KHX [Trj], Deleted
File G:\Maxtor backup\PAL\C\Documents and Settings\Admin\Desktop\Unused Desktop Items\keys for programs\BitDefender Total Security 2008 Keygen\Keymaker.exe is infected by Win32:VB-KHX [Trj], Deleted
File G:\Maxtor backup\PAL\C\Documents and Settings\Admin\Desktop\Unused Desktop Items\keys for programs\Helium.Music.Manager_2007.0.0.5630.Crack-NoPE\helium.music.manager.2007.0.0.5630-NoPE.exe is infected by Win32:IRCBot-DIZ [Trj], Deleted
File G:\Maxtor backup\PAL\C\Documents and Settings\Admin\Desktop\Unused Desktop Items\keys for programs\Registry.Mechanic.v7.0.0.1010.Incl.Keymaker-TSRh\Keygen\KeyGen.exe is infected by Win32:VB-KHW [Trj], Deleted
File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP100\A0030162.exe is infected by Win32:VB-KHW [Trj], Deleted
File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP100\A0030192.exe is infected by Win32:IRCBot-DIZ [Trj], Deleted
File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP100\A0030200.exe is infected by Win32:VB-KHX [Trj], Deleted
File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP100\A0030202.exe is infected by Win32:VB-KHX [Trj], Deleted
File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP100\A0030204.exe is infected by Win32:VB-KHX [Trj], Deleted
File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP100\A0030516.exe is infected by Win32:VB-KHW [Trj], Deleted
File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP100\A0030546.exe is infected by Win32:IRCBot-DIZ [Trj], Deleted
File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP100\A0030554.exe is infected by Win32:VB-KHX [Trj], Deleted
File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP100\A0030556.exe is infected by Win32:VB-KHX [Trj], Deleted
File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP100\A0030558.exe is infected by Win32:VB-KHX [Trj], Deleted
File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP100\A0030692.exe is infected by Win32:VB-KHW [Trj], Deleted
File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP100\A0030722.exe is infected by Win32:IRCBot-DIZ [Trj], Deleted
File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP100\A0030730.exe is infected by Win32:VB-KHX [Trj], Deleted
File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP100\A0030732.exe is infected by Win32:VB-KHX [Trj], Deleted
File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP100\A0030734.exe is infected by Win32:VB-KHX [Trj], Deleted
File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP110\A0031742.exe is infected by Win32:VB-KHX [Trj], Deleted
File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP110\A0031744.exe is infected by Win32:VB-KHX [Trj], Deleted
File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP110\A0031746.exe is infected by Win32:VB-KHX [Trj], Deleted
File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP110\A0031753.exe is infected by Win32:IRCBot-DIZ [Trj], Deleted
File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP110\A0031784.exe is infected by Win32:VB-KHW [Trj], Deleted
File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP183\A0042473.exe is infected by Win32:VB-KHX [Trj], Deleted
File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP183\A0042474.exe is infected by Win32:VB-KHX [Trj], Deleted
File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP183\A0042475.exe is infected by Win32:VB-KHX [Trj], Deleted
File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP183\A0042476.exe is infected by Win32:IRCBot-DIZ [Trj], Deleted
File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP183\A0042477.exe is infected by Win32:VB-KHW [Trj], Deleted
File G:/x\Downloads\Drivers, Programs & More\Programs\KEYS\keys for programs\BitDefender AntiVirus 2008 Build 11.0.13 Keygen\Keymaker.exe is infected by Win32:VB-KHX [Trj], Deleted
File G:\x\Downloads\Drivers, Programs & More\Programs\KEYS\keys for programs\BitDefender IS 2008 New KeyGen\Keymaker.exe is infected by Win32:VB-KHX [Trj], Deleted
File G:\x\Downloads\Drivers, Programs & More\Programs\KEYS\keys for programs\BitDefender Total Security 2008 Keygen\Keymaker.exe is infected by Win32:VB-KHX [Trj], Deleted
File G:\x\Downloads\Drivers, Programs & More\Programs\KEYS\keys for programs\Helium.Music.Manager_2007.0.0.5630.Crack-NoPE\helium.music.manager.2007.0.0.5630-NoPE.exe is infected by Win32:IRCBot-DIZ [Trj], Deleted
File G:\x\Downloads\Drivers, Programs & More\Programs\KEYS\keys for programs\Registry.Mechanic.v7.0.0.1010.Incl.Keymaker-TSRh\Keygen\KeyGen.exe is infected by Win32:VB-KHW [Trj], Deleted
Number of searched folders: 10282
Number of tested files: 1038955
Number of infected files: 46
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Click here to download HJTInstall.exe
  • Save HJTInstall.exe to your desktop.
  • Doubleclick on the HJTInstall.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
 

ralphygarfield

Thread Starter
Joined
May 23, 2008
Messages
93
Thank you. Here is the Hijack This Log:

But I should mention, I do use Spybot periodically and it typically finds nothing.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:14:35 PM, on 10/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\NCH Software\BroadCam\broadCam.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\DOCUME~1\Admin\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BroadCam Service (BroadCamService) - Unknown owner - C:\Program Files\NCH Software\BroadCam\broadCam.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

--
End of file - 8148 bytes
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Disable SpybotSD TeaTimer:

Open Spybot and click on Mode and check Advanced Mode
Check yes to next window.
Click on Tools in bottom left hand corner.
Click on System Startup icon.
Uncheck Teatimer box.
Click Allow Change box.

You can follow this link if you need help: http://russelltexas.com/malware/teatimer.htm


Please download ATF Cleaner by Atribune.

  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

Click Exit on the Main menu to close the program.




Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1 alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply with a new hijackthis log.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.



Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      [*]Archives
      [*]Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

Upgrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 7.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u7-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u7-windows-i586-p.exe and select "Run as an Administrator.")
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top