1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

VERY bad Virus problem... HELP!

Discussion in 'Virus & Other Malware Removal' started by ralphygarfield, Oct 9, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. ralphygarfield

    ralphygarfield Thread Starter

    Joined:
    May 23, 2008
    Messages:
    93
    It looks like I have some kind of vicious-circle of a virus problem. Seems they keep replicating themselves after I delete them. What's funny is that I'm not actually noticing any problems with my computer.

    I don't really have a clue where I keep getting these from. Some are from Key-Gens, although I don't make any revisions to these files, yet it keeps detecting new ones each time!! What's interesting is that I have another computer which I do all the same type of things from, and after a month of owning it, it has not had one virus that I know of.

    Please, Please take a look at the logs and let me know what could be happening and how to fix it!

    Here are all my Avast logs ever since this latest install of Windows XP:

    06/02/2008 20:45
    Scan of all local drives

    File C:\Documents and Settings\Admin\Desktop\Unused Desktop Items\AMV_Convert_400.zip\MP3 Player Utilities 4.00\MSI.CAB\_6227252443C841BF9FFDFF29A9856421 is infected by Win32:Deleter [Tool], Deleted
    File C:\Documents and Settings\Admin\Desktop\Unused Desktop Items\AMV_Convert_400.zip\MP3 Player Utilities 4.00\MSI.CAB\_D0894C466A324CC8A6726E1FE41CBFB7 is infected by Win32:Trojan-gen {Other}, Deleted
    File C:\Documents and Settings\Admin\Desktop\Unused Desktop Items\AMV_Convert_400.zip\MP3 Player Utilities 4.00\SETUP.EXE is infected by Win32:Deleter [Tool], Deleted
    File C:\Documents and Settings\Admin\Desktop\Unused Desktop Items\keys for programs\R-Studio 4 Net Keygen\keygen.exe is infected by Win32:Trojan-gen {Other}, Deleted
    File C:\Program Files\MP3 Player Utilities 4.00\DelDrv.exe is infected by Win32:Deleter [Tool], Deleted
    File C:\Program Files\MP3 Player Utilities 4.00\MediaManager\net.dll is infected by Win32:Trojan-gen {Other}, Deleted
    File C:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP46\A0020712.exe is infected by Win32:Trojan-gen {Other}, Deleted
    File C:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP46\A0020713.exe is infected by Win32:Deleter [Tool], Deleted
    File C:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP46\A0020714.dll is infected by Win32:Trojan-gen {Other}, Deleted
    Number of searched folders: 5596
    Number of tested files: 346617
    Number of infected files: 9

    ----------------------------------------
    06/19/2008 20:26
    Scan of all local drives

    File C:\Documents and Settings\Admin\Desktop\Unused Desktop Items\AMV_Convert_400.zip\MP3 Player Utilities 4.00\MSI.CAB Error 42125 {ZIP archive is corrupted.}
    Number of searched folders: 6757
    Number of tested files: 333914
    Number of infected files: 0

    ----------------------------------------
    07/25/2008 17:33
    Scan of C:\

    Scan of F:\

    File C:\Documents and Settings\Admin\Desktop\Unused Desktop Items\AMV_Convert_400.zip\MP3 Player Utilities 4.00\MSI.CAB Error 42125 {ZIP archive is corrupted.}
    File C:\Documents and Settings\Admin\Desktop\Unused Desktop Items\keys for programs\DDVDFabPlat3200Reg.ICU\All.Fengtao.Software.Universal.Patch.1.01-ICU\All.Fengtao.Software.Universal.Patch.1.01-ICU.exe is infected by Win32:Trojan-gen {Other}, Deleted
    File C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\Y1ELSNKZ\favicon1[1].ico is infected by Win32:Zlob-CGW [Trj], Deleted
    File C:\Documents and Settings\Secondary Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\b4pdvwqx.default\Cache\BC436E78d01 is infected by Win32:Spyware-gen [Trj], Deleted
    File C:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP99\A0027906.exe is infected by Win32:Trojan-gen {Other}, Deleted
    Number of searched folders: 21116
    Number of tested files: 678921
    Number of infected files: 4

    ----------------------------------------
    08/07/2008 04:25
    Scan of C:\

    Scan of G:\

    File C:\$RECYCLE.BIN\S-1-5-21-2958512360-3919329639-593960396-1000\$RQ8GU3L\keygen.exe is infected by Win32:Trojan-gen {Other}, Deleted
    File C:\Documents and Settings\Admin\Desktop\Unused Desktop Items\AMV_Convert_400.zip\MP3 Player Utilities 4.00\MSI.CAB Error 42125 {ZIP archive is corrupted.}
    File C:\Program Files\NeoSmart Technologies\EasyBCD\TweakVI Setup.exe\tweakvi-basic.exe\%AppFolder%\TweakVI.exe Error 42146 {Installer archive is corrupted.}
    File C:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP110\A0031439.exe is infected by Win32:Trojan-gen {Other}, Deleted
    File G:\found.000\dir0002.chk\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP56\A0021280.exe is infected by Win32:Trojan-gen {Other}, Deleted
    File G:\found.000\dir0002.chk\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP56\A0021281.exe is infected by Win32:Trojan-gen {Other}, Deleted
    File G:\found.000\dir0002.chk\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP77\A0023966.exe is infected by Win32:Trojan-gen {Other}, Deleted
    File G:\found.000\dir0002.chk\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP77\A0023967.exe is infected by Win32:Agent-YIM [Trj], Deleted
    File G:\found.000\dir0002.chk\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP77\A0023968.exe is infected by Win32:Agent-YIM [Trj], Deleted
    File G:\found.000\dir0002.chk\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP77\A0023970.exe is infected by Win32:Trojan-gen {Other}, Deleted
    File G:\found.000\dir0002.chk\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP99\A0027832.exe is infected by Win32:Trojan-gen {Other}, Deleted
    File G:\Maxtor backup\PAL\C\Documents and Settings\Admin\Desktop\Unused Desktop Items\AMV_Convert_400.zip\MP3 Player Utilities 4.00\MSI.CAB Error 42125 {ZIP archive is corrupted.}
    File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP100\A0030009.exe is infected by Win32:Trojan-gen {Other}, Deleted
    File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP100\A0030198.exe is infected by Win32:Trojan-gen {Other}, Deleted
    File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP100\A0030552.exe is infected by Win32:Trojan-gen {Other}, Deleted
    File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP100\A0030597.exe is infected by Win32:Trojan-gen {Other}, Deleted
    File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP100\A0030728.exe is infected by Win32:Trojan-gen {Other}, Deleted
    File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP104\A0031311.exe is infected by Win32:Trojan-gen {Other}, Deleted
    File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP104\A0031312.exe is infected by Win32:Agent-YIM [Trj], Deleted
    File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP104\A0031313.exe is infected by Win32:Trojan-gen {Other}, Deleted
    File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP104\A0031314.exe is infected by Win32:Trojan-gen {Other}, Deleted
    File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP110\A0031440.exe is infected by Win32:Trojan-gen {Other}, Deleted
    File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP110\A0031441.exe is infected by Win32:Trojan-gen {Other}, Deleted
    File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP110\A0031442.exe is infected by Win32:Trojan-gen {Other}, Deleted
    File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP110\A0031443.exe is infected by Win32:Agent-YIM [Trj], Deleted
    File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP110\A0031444.exe is infected by Win32:Agent-YIM [Trj], Deleted
    File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP110\A0031445.exe is infected by Win32:Trojan-gen {Other}, Deleted
    File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP110\A0031446.exe is infected by Win32:Trojan-gen {Other}, Deleted
    File G:\x\Downloads\Drivers, Programs & More\Unused Desktop Items\AMV_Convert_400.zip\MP3 Player Utilities 4.00\MSI.CAB Error 42125 {ZIP archive is corrupted.}
    Number of searched folders: 9861
    Number of tested files: 1126960
    Number of infected files: 25

    ----------------------------------------
    08/09/2008 11:40
    Scan of C:\

    Scan of G:\

    File C:\Program Files\NeoSmart Technologies\EasyBCD\TweakVI Setup.exe\tweakvi-basic.exe\%AppFolder%\TweakVI.exe Error 42146 {Installer archive is corrupted.}
    File G:\Maxtor backup\PAL\History\Level2\C\Documents and Settings\Admin\Desktop\Unused Desktop Items\AMV_Convert_400.zip\MP3 Player Utilities 4.00\MSI.CAB Error 42125 {ZIP archive is corrupted.}
    Number of searched folders: 9714
    Number of tested files: 1078626
    Number of infected files: 0

    ----------------------------------------
    09/16/2008 19:23
    Scan of C:\

    Scan of G:\

    File C:\Program Files\NeoSmart Technologies\EasyBCD\TweakVI Setup.exe\tweakvi-basic.exe\%AppFolder%\TweakVI.exe Error 42146 {Installer archive is corrupted.}
    File C:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP163\A0040912.exe is infected by Win32:Monga [Trj], Deleted
    File C:\WINDOWS\system32\reboot.exe is infected by Win32:Trojan-gen {Other}, Deleted
    File G:\System Volume Information\_restore{BF71FC7C-C3ED-41AB-842B-5E69B0FE98F8}\RP22\A0002314.exe is infected by Win32:Monga [Trj], Deleted
    File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP100\A0030197.exe is infected by Win32:Monga [Trj], Deleted
    File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP100\A0030551.exe is infected by Win32:Monga [Trj], Deleted
    File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP100\A0030727.exe is infected by Win32:Monga [Trj], Deleted
    File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP100\A0030749.exe is infected by Win32:Downloader-BQD [Trj], Deleted
    File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP100\A0030767.exe is infected by Win32:Agent-ABII [Trj], Deleted
    File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP110\A0031750.exe is infected by Win32:Monga [Trj], Deleted
    File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP163\A0040946.exe is infected by Win32:Monga [Trj], Deleted
    Number of searched folders: 10448
    Number of tested files: 1041979
    Number of infected files: 10

    ----------------------------------------
    10/08/2008 21:30
    Scan of C:\

    Scan of G:\

    File C:\Documents and Settings\Admin\Desktop\Unused Desktop Items\keys for programs\BitDefender AntiVirus 2008 Build 11.0.13 Keygen\Keymaker.exe is infected by Win32:VB-KHX [Trj], Deleted
    File C:\Documents and Settings\Admin\Desktop\Unused Desktop Items\keys for programs\BitDefender IS 2008 New KeyGen\Keymaker.exe is infected by Win32:VB-KHX [Trj], Deleted
    File C:\Documents and Settings\Admin\Desktop\Unused Desktop Items\keys for programs\BitDefender Total Security 2008 Keygen\Keymaker.exe is infected by Win32:VB-KHX [Trj], Deleted
    File C:\Documents and Settings\Admin\Desktop\Unused Desktop Items\keys for programs\Helium.Music.Manager_2007.0.0.5630.Crack-NoPE\helium.music.manager.2007.0.0.5630-NoPE.exe is infected by Win32:IRCBot-DIZ [Trj], Deleted
    File C:\Documents and Settings\Admin\Desktop\Unused Desktop Items\keys for programs\Registry.Mechanic.v7.0.0.1010.Incl.Keymaker-TSRh\Keygen\KeyGen.exe is infected by Win32:VB-KHW [Trj], Deleted
    File C:\Program Files\NeoSmart Technologies\EasyBCD\TweakVI Setup.exe\tweakvi-basic.exe\%AppFolder%\TweakVI.exe Error 42146 {Installer archive is corrupted.}
    File C:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP168\A0041090.exe is infected by Win32:Trojan-gen {Other}, Deleted
    File C:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP183\A0042468.exe is infected by Win32:VB-KHX [Trj], Deleted
    File C:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP183\A0042469.exe is infected by Win32:VB-KHX [Trj], Deleted
    File C:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP183\A0042470.exe is infected by Win32:VB-KHX [Trj], Deleted
    File C:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP183\A0042471.exe is infected by Win32:IRCBot-DIZ [Trj], Deleted
    File C:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP183\A0042472.exe is infected by Win32:VB-KHW [Trj], Deleted
    File G:\Maxtor backup\PAL\C\Documents and Settings\Admin\Desktop\Unused Desktop Items\keys for programs\BitDefender AntiVirus 2008 Build 11.0.13 Keygen\Keymaker.exe is infected by Win32:VB-KHX [Trj], Deleted
    File G:\Maxtor backup\PAL\C\Documents and Settings\Admin\Desktop\Unused Desktop Items\keys for programs\BitDefender IS 2008 New KeyGen\Keymaker.exe is infected by Win32:VB-KHX [Trj], Deleted
    File G:\Maxtor backup\PAL\C\Documents and Settings\Admin\Desktop\Unused Desktop Items\keys for programs\BitDefender Total Security 2008 Keygen\Keymaker.exe is infected by Win32:VB-KHX [Trj], Deleted
    File G:\Maxtor backup\PAL\C\Documents and Settings\Admin\Desktop\Unused Desktop Items\keys for programs\Helium.Music.Manager_2007.0.0.5630.Crack-NoPE\helium.music.manager.2007.0.0.5630-NoPE.exe is infected by Win32:IRCBot-DIZ [Trj], Deleted
    File G:\Maxtor backup\PAL\C\Documents and Settings\Admin\Desktop\Unused Desktop Items\keys for programs\Registry.Mechanic.v7.0.0.1010.Incl.Keymaker-TSRh\Keygen\KeyGen.exe is infected by Win32:VB-KHW [Trj], Deleted
    File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP100\A0030162.exe is infected by Win32:VB-KHW [Trj], Deleted
    File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP100\A0030192.exe is infected by Win32:IRCBot-DIZ [Trj], Deleted
    File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP100\A0030200.exe is infected by Win32:VB-KHX [Trj], Deleted
    File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP100\A0030202.exe is infected by Win32:VB-KHX [Trj], Deleted
    File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP100\A0030204.exe is infected by Win32:VB-KHX [Trj], Deleted
    File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP100\A0030516.exe is infected by Win32:VB-KHW [Trj], Deleted
    File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP100\A0030546.exe is infected by Win32:IRCBot-DIZ [Trj], Deleted
    File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP100\A0030554.exe is infected by Win32:VB-KHX [Trj], Deleted
    File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP100\A0030556.exe is infected by Win32:VB-KHX [Trj], Deleted
    File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP100\A0030558.exe is infected by Win32:VB-KHX [Trj], Deleted
    File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP100\A0030692.exe is infected by Win32:VB-KHW [Trj], Deleted
    File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP100\A0030722.exe is infected by Win32:IRCBot-DIZ [Trj], Deleted
    File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP100\A0030730.exe is infected by Win32:VB-KHX [Trj], Deleted
    File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP100\A0030732.exe is infected by Win32:VB-KHX [Trj], Deleted
    File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP100\A0030734.exe is infected by Win32:VB-KHX [Trj], Deleted
    File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP110\A0031742.exe is infected by Win32:VB-KHX [Trj], Deleted
    File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP110\A0031744.exe is infected by Win32:VB-KHX [Trj], Deleted
    File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP110\A0031746.exe is infected by Win32:VB-KHX [Trj], Deleted
    File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP110\A0031753.exe is infected by Win32:IRCBot-DIZ [Trj], Deleted
    File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP110\A0031784.exe is infected by Win32:VB-KHW [Trj], Deleted
    File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP183\A0042473.exe is infected by Win32:VB-KHX [Trj], Deleted
    File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP183\A0042474.exe is infected by Win32:VB-KHX [Trj], Deleted
    File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP183\A0042475.exe is infected by Win32:VB-KHX [Trj], Deleted
    File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP183\A0042476.exe is infected by Win32:IRCBot-DIZ [Trj], Deleted
    File G:\System Volume Information\_restore{DA4D9D20-E441-45BB-8C44-502785DEC9EF}\RP183\A0042477.exe is infected by Win32:VB-KHW [Trj], Deleted
    File G:/x\Downloads\Drivers, Programs & More\Programs\KEYS\keys for programs\BitDefender AntiVirus 2008 Build 11.0.13 Keygen\Keymaker.exe is infected by Win32:VB-KHX [Trj], Deleted
    File G:\x\Downloads\Drivers, Programs & More\Programs\KEYS\keys for programs\BitDefender IS 2008 New KeyGen\Keymaker.exe is infected by Win32:VB-KHX [Trj], Deleted
    File G:\x\Downloads\Drivers, Programs & More\Programs\KEYS\keys for programs\BitDefender Total Security 2008 Keygen\Keymaker.exe is infected by Win32:VB-KHX [Trj], Deleted
    File G:\x\Downloads\Drivers, Programs & More\Programs\KEYS\keys for programs\Helium.Music.Manager_2007.0.0.5630.Crack-NoPE\helium.music.manager.2007.0.0.5630-NoPE.exe is infected by Win32:IRCBot-DIZ [Trj], Deleted
    File G:\x\Downloads\Drivers, Programs & More\Programs\KEYS\keys for programs\Registry.Mechanic.v7.0.0.1010.Incl.Keymaker-TSRh\Keygen\KeyGen.exe is infected by Win32:VB-KHW [Trj], Deleted
    Number of searched folders: 10282
    Number of tested files: 1038955
    Number of infected files: 46
     
  2. ralphygarfield

    ralphygarfield Thread Starter

    Joined:
    May 23, 2008
    Messages:
    93
  3. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Click here to download HJTInstall.exe
    • Save HJTInstall.exe to your desktop.
    • Doubleclick on the HJTInstall.exe icon on your desktop.
    • By default it will install to C:\Program Files\Trend Micro\HijackThis .
    • Click on Install.
    • It will create a HijackThis icon on the desktop.
    • Once installed, it will launch Hijackthis.
    • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
     
  4. ralphygarfield

    ralphygarfield Thread Starter

    Joined:
    May 23, 2008
    Messages:
    93
    Thank you. Here is the Hijack This Log:

    But I should mention, I do use Spybot periodically and it typically finds nothing.


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:14:35 PM, on 10/9/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files\NCH Software\BroadCam\broadCam.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Maxtor\Sync\SyncServices.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\LAUNCH~1\LManager.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\igfxext.exe
    C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    C:\DOCUME~1\Admin\LOCALS~1\Temp\RtkBtMnt.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE
    C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
    O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: BroadCam Service (BroadCamService) - Unknown owner - C:\Program Files\NCH Software\BroadCam\broadCam.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

    --
    End of file - 8148 bytes
     
  5. ralphygarfield

    ralphygarfield Thread Starter

    Joined:
    May 23, 2008
    Messages:
    93
    ... Hello?
     
  6. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Disable SpybotSD TeaTimer:

    Open Spybot and click on Mode and check Advanced Mode
    Check yes to next window.
    Click on Tools in bottom left hand corner.
    Click on System Startup icon.
    Uncheck Teatimer box.
    Click Allow Change box.

    You can follow this link if you need help: http://russelltexas.com/malware/teatimer.htm


    Please download ATF Cleaner by Atribune.

    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main choose: Select All
    • Click the Empty Selected button.

    Click Exit on the Main menu to close the program.




    Please download Malwarebytes Anti-Malware and save it to your desktop.
    alternate download link 1 alternate download link 2
    • Make sure you are connected to the Internet.
    • Double-click on Download_mbam-setup.exe to install the application.
    • When the installation begins, follow the prompts and do not make any changes to default settings.
    • When installation has finished, make sure you leave both of these checked:
      • Update Malwarebytes' Anti-Malware
      • Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
    • On the Scanner tab:
      • Make sure the "Perform Quick Scan" option is selected.
      • Then click on the Scan button.
    • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
    • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
    • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    • Click OK to close the message box and continue with the removal process.
    • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked, and click Remove Selected.
    • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
    • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the contents of that report in your next reply with a new hijackthis log.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.



    Please do an online scan with Kaspersky WebScanner

    Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.

    • Read through the requirements and privacy statement and click on Accept button.
    • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    • When the downloads have finished, click on Settings.
    • Make sure the following is checked.
      • Spyware, Adware, Dialers, and other potentially dangerous programs
        [*]Archives
        [*]Mail databases
    • Click on My Computer under Scan.
    • Once the scan is complete, it will display the results. Click on View Scan Report.
    • You will see a list of infected items there. Click on Save Report As....
    • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
    • Please post this log in your next reply.

    Upgrading Java:
    • Download the latest version of Java Runtime Environment (JRE) 6 Update 7.
    • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
    • Click the "Download" button to the right.
    • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
    • Click on Continue.
    • Click on the link to download Windows Offline Installation (jre-6u7-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java version.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u7-windows-i586-p.exe and select "Run as an Administrator.")
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/757543

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice