Bullguard Antivirus Forum Download A Free Copy Of Bullguard Antivirus Software
Free Antivirus Forum - Learn about antivirus, firewalls and personal security Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Virus Removal Help Needed
   
BullGuard Antivirus Forum > Virus Removal > Removal Help > Virus Removal Help Needed  
Forum Quick Jump
 
New Topic Post reply to : Virus Removal Help Needed Printable version of : Virus Removal Help Needed
[ << Previous Thread | Next Thread >> ]

lilmads
New Member


Date Joined Jun 2005
Total Posts : 34
  		   Posted 7-14-2008 5:05 (GMT +1)    Quote: Virus Removal Help NeededAlert an admin about: Virus Removal Help Needed
I have a Vundo virus on my computer. This is my log. Can someone please help me?
 
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:58:26 PM, on 7/13/2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell\Dell Laser Printer 1110\LocalSM\jbDetect.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\rundll32.exe
C:\Windows\explorer.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0080129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Dell Laser Printer 1110 SM_JB] C:\Program Files\DELL\Dell Laser Printer 1110\LocalSM\jbDetect.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\RITESH~1\AppData\Local\Temp\nnnliFxy.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\RITESH~1\AppData\Local\Temp\hgGaAPhe.dll,c
O4 - HKCU\..\Run: [BM616bf63b] Rundll32.exe "C:\Users\RITESH~1\AppData\Local\Temp\grxaebpa.dll",s
O4 - HKCU\..\Run: [6258c5a7] rundll32.exe "C:\Users\RITESH~1\AppData\Local\Temp\ifeygdua.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 12228 bytes
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 16319
  		   Posted 7-14-2008 8:02 (GMT +1)    Quote: Virus Removal Help NeededAlert an admin about: Virus Removal Help Needed
Hello scool
 
 
 
Please download Combofix:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
 
 
And save to the desktop.

Close all other browser windows.
 
Please connect all your external hard drive/flash drive before running Combofix
 
 
 
Important-> Temporarily disable your anti-virus, real-time protection before performing a scan. They can interfere with combofix or remove some of its embedded files which may cause "unpredictable results".
 
 
Go to Start->Run and copy/paste: ComboFix /snapshot and hit OK. It should run Combofix.
 
Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

 When finished, it will produce a logfile located at C:\combofix.txt.
 

Post the contents of that log in your next reply with a new hijackthis log.
 
Please copy and paste your log files. DO NOT add it as an attachment



NB. If you are using any P2P (file sharing) programs, please remove them before we clean your computer.. We do not clean logs that have P2P applications installed as this can cause reinfection during your cleaning.

Do NOT post your problem in someone elses thread.
Member of - Alliance of Security Analysis Professionals
Please do NOT PM me any logs. They will be deleted

Back to Top
 

lilmads
New Member


Date Joined Jun 2005
Total Posts : 34
  		   Posted 7-15-2008 4:05 (GMT +1)    Quote: Virus Removal Help NeededAlert an admin about: Virus Removal Help Needed
thanks for the reply!


ComboFix 08-07-14.2 - Ritesh Punjabi 2008-07-14 20:55:16.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.1036 [GMT -6:00]
Running from: C:\Users\Ritesh Punjabi\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Ritesh Punjabi\ctfmon.exe
C:\Users\Ritesh Punjabi\svchost.exe

.
((((((((((((((((((((((((( Files Created from 2008-06-15 to 2008-07-15 )))))))))))))))))))))))))))))))
.

2008-07-12 13:09 . 2008-07-12 13:09 <DIR> d-------- C:\Users\Ritesh Punjabi\AppData\Roaming\Simply Super Software
2008-07-12 13:09 . 2008-07-12 13:09 <DIR> d-------- C:\Users\All Users\Simply Super Software
2008-07-12 13:09 . 2008-07-12 13:09 <DIR> d-------- C:\ProgramData\Simply Super Software
2008-07-12 13:09 . 2008-07-12 13:13 <DIR> d-------- C:\Program Files\Trojan Remover
2008-07-12 12:51 . 2008-07-12 12:51 <DIR> d-------- C:\Users\Ritesh Punjabi\AppData\Roaming\PC Tools
2008-07-12 12:51 . 2008-07-14 19:54 <DIR> d-a------ C:\Users\All Users\TEMP
2008-07-12 12:51 . 2008-07-14 19:54 <DIR> d-a------ C:\ProgramData\TEMP
2008-07-12 12:51 . 2008-07-13 22:02 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-07-11 23:36 . 2008-07-11 23:36 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-07-11 22:34 . 2008-07-11 22:34 550 --a------ C:\Users\Ritesh Punjabi\541.bat
2008-07-11 21:16 . 2008-06-25 18:33 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-07-11 21:14 . 2008-06-25 18:33 11,722,752 --a------ C:\Windows\System32\NlsLexicons0001.dll
2008-07-11 20:14 . 2008-07-11 20:14 550 --a------ C:\Users\Ritesh Punjabi\744.bat
2008-07-11 11:29 . 2008-07-11 11:29 549 --a------ C:\Users\Ritesh Punjabi\40.bat
2008-07-11 00:46 . 2008-07-11 00:46 550 --a------ C:\Users\Ritesh Punjabi\917.bat
2008-07-10 11:39 . 2008-07-10 11:40 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-07-10 00:12 . 2008-07-10 00:12 550 --a------ C:\Users\Ritesh Punjabi\800.bat
2008-07-09 23:50 . 2008-07-12 12:26 <DIR> d--hs---- C:\Users\Ritesh Punjabi\'
2008-07-09 23:50 . 2008-07-14 20:42 147,456 --a------ C:\Users\Ritesh Punjabi\vbzip10.dll
2008-07-09 23:50 . 2008-07-14 20:42 115,969 --a------ C:\Users\Ritesh Punjabi\a.zip
2008-06-27 21:37 . 2006-10-26 19:56 32,592 --a------ C:\Windows\System32\msonpmon.dll
2008-06-27 21:34 . 2008-06-27 21:34 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-06-27 21:32 . 2008-06-27 21:35 <DIR> d-------- C:\Windows\SHELLNEW
2008-06-27 21:32 . 2008-06-27 21:32 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-06-27 21:31 . 2008-07-11 21:56 <DIR> d-------- C:\Users\All Users\Microsoft Help
2008-06-27 21:31 . 2008-07-11 21:56 <DIR> d-------- C:\ProgramData\Microsoft Help
2008-06-27 21:30 . 2008-06-27 21:30 <DIR> dr-h----- C:\MSOCache
2008-06-27 00:25 . 2001-03-18 12:52 766 --------- C:\Windows\Uninstall.ico
2008-06-27 00:24 . 2006-12-19 07:24 156,552 --a------ C:\Windows\System32\DELS3ci.exe
2008-06-27 00:24 . 2006-11-21 05:40 65,536 --a------ C:\Windows\System32\DELS3ci.dll
2008-06-27 00:24 . 2006-12-05 00:08 22,723 --a------ C:\Windows\System32\DELS3L3.DLL
2008-06-27 00:24 . 2006-08-23 19:26 363 --a------ C:\Windows\System32\DELS3L3.SMT
2008-06-26 01:11 . 2008-06-26 01:11 <DIR> d-------- C:\IUware Online

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-15 02:42 --------- d-----w C:\Users\Ritesh Punjabi\AppData\Roaming\LimeWire
2008-07-14 03:57 --------- d-----w C:\Program Files\Trend Micro
2008-07-10 06:18 --------- d-----w C:\Program Files\LimeWire
2008-07-09 10:22 174 --sha-w C:\Program Files\desktop.ini
2008-07-09 09:01 --------- d-----w C:\Program Files\Windows Mail
2008-06-28 03:36 --------- d-----w C:\Program Files\Microsoft Works
2008-06-28 03:35 --------- d-----w C:\Program Files\MSBuild
2008-06-27 06:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-27 06:23 --------- d-----w C:\Program Files\Dell
2008-06-26 00:34 7,964,672 ----a-w C:\Windows\System32\NlsLexicons0024.dll
2008-06-26 00:33 9,892,864 ----a-w C:\Windows\System32\NlsLexicons000a.dll
2008-06-04 18:32 --------- d-----w C:\ProgramData\Roxio
2008-06-02 21:03 214 ----a-w C:\Users\Ritesh Punjabi\AppData\Roaming\wklnhst.dat
2008-05-23 17:32 --------- d-----w C:\Users\Ritesh Punjabi\AppData\Roaming\Template
2008-05-19 15:51 --------- d-----w C:\Program Files\iTunes
2008-05-19 15:51 --------- d-----w C:\Program Files\iPod
2008-05-19 09:05 --------- d-----w C:\Program Files\QuickTime
2008-05-19 09:05 --------- d-----w C:\Program Files\Bonjour
2008-05-19 09:04 --------- d-----w C:\ProgramData\Apple Computer
2008-05-19 09:04 --------- d-----w C:\Program Files\Apple Software Update
2008-05-19 09:03 --------- d-----w C:\ProgramData\Apple
2008-05-19 09:03 --------- d-----w C:\Program Files\Common Files\Apple
2008-05-19 05:07 --------- d-----w C:\Users\Ritesh Punjabi\AppData\Roaming\Apple Computer
2008-05-19 05:07 --------- d-----w C:\ProgramData\QuickTime
2008-05-10 03:30 14,848 ----a-w C:\Windows\System32\wshrm.dll
2008-04-26 07:41 1,327,616 ----a-w C:\Windows\System32\quartz.dll
2008-04-25 04:23 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-04-25 04:23 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-04-25 04:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-25 04:22 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-01-10 18:15 282,642 ----a-w C:\Users\Ritesh Punjabi\Setup.exe
2007-01-10 18:15 282,641 ----a-w C:\Users\Ritesh Punjabi\svchost.exe.vir
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 06:34 201728]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 06:34 2159104 C:\Windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2007-05-25 00:03 17920]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-09-07 00:49 159744]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-12-14 21:54 137752]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-12-14 21:53 154136]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-12-14 21:53 133656]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 13:00 174872]
"Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [2007-12-12 00:02 3444736]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 11:37 81920]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-29 07:18 1838592]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-09 18:57 16384]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" [2007-08-27 03:21 1807696]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-11-01 15:39 189736]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"Dell Laser Printer 1110 SM_JB"="C:\Program Files\DELL\Dell Laser Printer 1110\LocalSM\jbDetect.exe" [2006-12-19 07:25 222088]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-01-29 07:05:53 50688]
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [2007-09-07 16:27:08 1180952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{85C56323-69E3-4F2A-8870-6EEDF6597699}"= C:\Program Files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{3955ED58-C568-4BBE-B0E5-E7C081DBCE60}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{249B6DC6-8C59-45DC-8230-3FCB224BDE67}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{F5D175CD-6FE3-4A62-9158-3FB2899B6FD0}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{B8E2AAD8-B600-40D1-A796-0F7574527536}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{3F530B77-86F3-497F-8D5F-625ED1E6D66A}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{98D179BC-ED41-447A-9EE1-F662B1038A61}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D8BFAFA5-196D-472F-9E53-EAE1031972FB}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{A9B516C0-2E7B-43BC-9566-A1CC1C7568E0}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{F84B3EFD-1087-4F30-9FF9-614339A63954}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{82092E2C-9721-479B-9923-D5FA9A4E8979}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{DF042F3C-AD72-40FE-BC5A-76F18F248512}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{47B80C6A-EDA6-47E8-BE58-BBA1C8806812}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{C8958190-730D-454D-923B-6BE581AF5267}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{067296D6-1D92-47B0-A1AB-CDC031B30E73}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0085FF58-60E2-47BE-B8C6-26D7F3604F19}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2007-11-12 05:07]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 15:38]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;C:\Windows\system32\drivers\IntcHdmi.sys [2007-12-14 21:54]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-09-28 23:31]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eea4faaf-5213-11dd-9f81-001d0938198c}]
\shell\AutoRun\command - F:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Host Process - C:\Users\Ritesh Punjabi\svchost.exe
HKCU-Run-Aim6 - (no file)


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-14 20:57:57
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-14 20:59:26
ComboFix-quarantined-files.txt 2008-07-15 02:59:01

Pre-Run: 60,898,263,040 bytes free
Post-Run: 60,937,420,800 bytes free

169 --- E O F --- 2008-07-12 03:58:52
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 16319
  		   Posted 7-15-2008 7:17 (GMT +1)    Quote: Virus Removal Help NeededAlert an admin about: Virus Removal Help Needed
Please download Malwarebytes' Anti-Malware:
http://www.besttechie.net/tools/mbam-setup.exe
 
 to your desktop.
 
Double-click mbam-setup.exe and follow the prompts to install the program.
                     
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch

Malwarebytes' Anti-Malware, then click Finish.
                     
If an update is found, it will download and install the latest version.
                     
Once the program has loaded, select Perform full scan, then click Scan.
                     
When the scan is complete, click OK, then Show Results to view the results.
 
Be sure that everything is checked, and click Remove Selected.
 
When completed, a log will open in Notepad. Please save it to a convenient location.
 
 
Copy and Paste that log into your next reply, along with new combofix log and a fresh hijackthis log.

Do NOT post your problem in someone elses thread.
Member of - Alliance of Security Analysis Professionals
Please do NOT PM me any logs. They will be deleted

Back to Top
 

lilmads
New Member


Date Joined Jun 2005
Total Posts : 34
  		   Posted 7-16-2008 5:11 (GMT +1)    Quote: Virus Removal Help NeededAlert an admin about: Virus Removal Help Needed
When I ran the scan the first time, I mistakenly forgot to save the log. So I ran it again and saved it.
Also, when I had to restart, my antivirus detected 6 infected files which I deleted.

Here is my log now...

Malwarebytes' Anti-Malware 1.20
Database version: 957
Windows 6.0.6000

9:39:58 PM 7/15/2008
mbam-log-7-15-2008 (21-39-58).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 151884
Time elapsed: 31 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 16319
  		   Posted 7-16-2008 10:17 (GMT +1)    Quote: Virus Removal Help NeededAlert an admin about: Virus Removal Help Needed
Ok. Don´t forget posting combo and hijackthis log´s ;-)

Do NOT post your problem in someone elses thread.
Member of - Alliance of Security Analysis Professionals
Please do NOT PM me any logs. They will be deleted

Back to Top
 
New Topic Post reply to : Virus Removal Help Needed Printable version of : Virus Removal Help Needed
 
Forum Information
Currently it is Saturday, November 21, 2009 3:24 PM (GMT +1)
There are a total of 73.033 posts in 17.116 threads.
In the last 3 days there were 14 new threads and 70 reply posts. View Active Threads
Who's Online
This forum has 30334 registered members. Please welcome our newest member, sushil.
33 Guest(s), 2 Registered Member(s) are currently online.  Details
prolife, Dickens
5 Latest Threads
Constant scanning andskipped files? (2)21-11-2009 14:20:07 (prolife)
Cannot install anti-virus softeware or do window updates... need help (17)21-11-2009 13:46:11 (superjesse)
Michael Vick jerseys (1)21-11-2009 09:42:37 (Dickens)
Arizona Cardinals Jerseys (1)21-11-2009 09:37:23 (Dickens)
How to remove this Malware/Virus (0)21-11-2009 06:54:16 (bozzack)


Need Support? Write to: | Forum Help Manual

Download free trial version of Bullguard