Virus?Post Date: 2008-11-16 |
Post Reply 
|
| Author | |
PatrickB 
DS Veteran 
Joined: 19 Oct 2008 Online Status: Offline Posts: 544 |
 Quote Reply
 Topic: Virus?Posted: 16 Nov 2008 at 8:36pm |
|
I think i may have a virus, although im not sure.
Random IE pages will pop up asking me to install VirusRemover2008. It sometimes will do it often or just every hour or so. Nothing showed up on McAfee showing an intrusion. I also deleted any files i had downloaded today. Anyone know how i can get rid of it? |
|
|
Q9550 @ 3.4Ghz for now
Xigmatek Thor's Hammer MSI P45 Neo2-fr 6gig 1066 Corsair Dominator XFX Radeon HD 4890 PC Power&Cooling 750W Seagate Barracuda 500Gb Antec 900 Vista 64bit |
|
 |
|
|
XpubuX
Senior Member 
Joined: 16 Oct 2008 Online Status: Offline Posts: 726 |
Quote Reply
Posted: 16 Nov 2008 at 8:40pm |
|
reformat hard drive and fresh install everything. Ive had to do this with my dell a few time it sucks. That porn will get ya.
 Edited by XpubuX - 16 Nov 2008 at 8:40pm |
|
|
|
|
PatrickB
DS Veteran
Joined: 19 Oct 2008 Online Status: Offline Posts: 544 |
Quote Reply
Posted: 16 Nov 2008 at 8:41pm |
|
Im not going to bother doing all of that. Ill be ordering my DS system in less than a week anyway. Time for a dreadfully long mcafee scan.
|
|
|
Q9550 @ 3.4Ghz for now
Xigmatek Thor's Hammer MSI P45 Neo2-fr 6gig 1066 Corsair Dominator XFX Radeon HD 4890 PC Power&Cooling 750W Seagate Barracuda 500Gb Antec 900 Vista 64bit |
|
|
|
|
DST4ME
DS ELITE 
Joined: 14 Apr 2008 Online Status: Offline Posts: 36758 |
Quote Reply
Posted: 16 Nov 2008 at 9:04pm |
|
uninstall mcafee, and download and install Nod32 Free 30 Day Trial and lets see what it finds
Edited by DST4ME - 16 Nov 2008 at 9:12pm |
|
|
|
|
PatrickB
DS Veteran
Joined: 19 Oct 2008 Online Status: Offline Posts: 544 |
Quote Reply
Posted: 16 Nov 2008 at 9:05pm |
|
Ill go ahead and do that if mcafee doesnt find anything.
|
|
|
Q9550 @ 3.4Ghz for now
Xigmatek Thor's Hammer MSI P45 Neo2-fr 6gig 1066 Corsair Dominator XFX Radeon HD 4890 PC Power&Cooling 750W Seagate Barracuda 500Gb Antec 900 Vista 64bit |
|
|
|
|
DST4ME
DS ELITE
Joined: 14 Apr 2008 Online Status: Offline Posts: 36758 |
Quote Reply
Posted: 16 Nov 2008 at 9:14pm |
|
clearly you got something now we need to find it with an anti virus or a spysweeer, download and install spysweeper
and see what it finds |
|
|
|
|
PatrickB
DS Veteran
Joined: 19 Oct 2008 Online Status: Offline Posts: 544 |
Quote Reply
Posted: 16 Nov 2008 at 9:30pm |
|
It won't let me download it. I just click download>savefile>... nothing happens.
|
|
|
Q9550 @ 3.4Ghz for now
Xigmatek Thor's Hammer MSI P45 Neo2-fr 6gig 1066 Corsair Dominator XFX Radeon HD 4890 PC Power&Cooling 750W Seagate Barracuda 500Gb Antec 900 Vista 64bit |
|
|
|
|
DST4ME
DS ELITE
Joined: 14 Apr 2008 Online Status: Offline Posts: 36758 |
Quote Reply
Posted: 16 Nov 2008 at 10:05pm |
|
no you need to click on that and you will be taken to spsyweeper's download page, once there click "Free Scan / Trials" and then download "Webroot Spy Sweeper 6.0" by clicking on "get free scan"
Edited by DST4ME - 16 Nov 2008 at 10:09pm |
|
|
|
|
PatrickB
DS Veteran
Joined: 19 Oct 2008 Online Status: Offline Posts: 544 |
Quote Reply
Posted: 16 Nov 2008 at 10:12pm |
|
Thats what im doing. Let me try in IE.
|
|
|
Q9550 @ 3.4Ghz for now
Xigmatek Thor's Hammer MSI P45 Neo2-fr 6gig 1066 Corsair Dominator XFX Radeon HD 4890 PC Power&Cooling 750W Seagate Barracuda 500Gb Antec 900 Vista 64bit |
|
|
|
|
PatrickB
DS Veteran
Joined: 19 Oct 2008 Online Status: Offline Posts: 544 |
Quote Reply
Posted: 16 Nov 2008 at 10:13pm |
|
Ok so it just doesnt work in firefox. Works on IE though.
Oh well. |
|
|
Q9550 @ 3.4Ghz for now
Xigmatek Thor's Hammer MSI P45 Neo2-fr 6gig 1066 Corsair Dominator XFX Radeon HD 4890 PC Power&Cooling 750W Seagate Barracuda 500Gb Antec 900 Vista 64bit |
|
|
|
|
DST4ME
DS ELITE
Joined: 14 Apr 2008 Online Status: Offline Posts: 36758 |
Quote Reply
Posted: 16 Nov 2008 at 10:17pm |
|
ok let me know what you find after the scan
make your settings like this before you do a scan: SS settings 
|
|
|
|
|
stilkster
Senior Member
Joined: 20 Oct 2008 Online Status: Offline Posts: 244 |
Quote Reply
Posted: 16 Nov 2008 at 10:46pm |
|
Find anything out yet, PB?
|
|
|
950Si 1000W PSU QX9650 4.0GHz 790i 8GB 1600MHz Dominator DHX 2x GTX 280
LC Dual Loop CPU/Dual Card |
|
|
|
|
PatrickB
DS Veteran
Joined: 19 Oct 2008 Online Status: Offline Posts: 544 |
Quote Reply
Posted: 16 Nov 2008 at 10:53pm |
|
Im scanning now. Its about 1/3 of the way done and its found these 2:
Adware found: virtumonde Adware found: trojan-downloader-xpreload UPDATE: About 1/2 way done and its found 64 items! UPDATE: About 2/3 way done and still at 64 items. 2 addware, 61 spycookies, and 1 trojan horse. Im guessing the trojan is what is causing the pop ups. Edited by PatrickB - 16 Nov 2008 at 11:00pm |
|
|
Q9550 @ 3.4Ghz for now
Xigmatek Thor's Hammer MSI P45 Neo2-fr 6gig 1066 Corsair Dominator XFX Radeon HD 4890 PC Power&Cooling 750W Seagate Barracuda 500Gb Antec 900 Vista 64bit |
|
|
|
|
DST4ME
DS ELITE
Joined: 14 Apr 2008 Online Status: Offline Posts: 36758 |
Quote Reply
Posted: 16 Nov 2008 at 10:58pm |
|
wow man what you been doing, lol
|
|
|
|
|
PatrickB
DS Veteran
Joined: 19 Oct 2008 Online Status: Offline Posts: 544 |
Quote Reply
Posted: 16 Nov 2008 at 11:40pm |
|
How can i get rid of them??? That free scan can't get rid of them.
Edited by PatrickB - 16 Nov 2008 at 11:48pm |
|
|
Q9550 @ 3.4Ghz for now
Xigmatek Thor's Hammer MSI P45 Neo2-fr 6gig 1066 Corsair Dominator XFX Radeon HD 4890 PC Power&Cooling 750W Seagate Barracuda 500Gb Antec 900 Vista 64bit |
|
|
|
|
DST4ME
DS ELITE
Joined: 14 Apr 2008 Online Status: Offline Posts: 36758 |
Quote Reply
Posted: 16 Nov 2008 at 11:55pm |
|
Well you can purchase it or we can try differetnt freeware to try and remove them, we might have to go thru a few.
let me know either way and we will take it from there |
|
|
|
|
PatrickB
DS Veteran
Joined: 19 Oct 2008 Online Status: Offline Posts: 544 |
Quote Reply
Posted: 16 Nov 2008 at 11:56pm |
|
I need freee...my new debit card isn't here yet and i cant stand this!!
|
|
|
Q9550 @ 3.4Ghz for now
Xigmatek Thor's Hammer MSI P45 Neo2-fr 6gig 1066 Corsair Dominator XFX Radeon HD 4890 PC Power&Cooling 750W Seagate Barracuda 500Gb Antec 900 Vista 64bit |
|
|
|
|
DST4ME
DS ELITE
Joined: 14 Apr 2008 Online Status: Offline Posts: 36758 |
Quote Reply
Posted: 16 Nov 2008 at 11:58pm |
|
SUPER AntiSpyware SUPER AntiSpyware
SAS Settings 
download SUPER AntiSpyware and set the settings like I have and then scan and clean and lets see what happens. before you go, please disable system restore if you have any questions let me know |
|
|
|
|
PatrickB
DS Veteran
Joined: 19 Oct 2008 Online Status: Offline Posts: 544 |
Quote Reply
Posted: 17 Nov 2008 at 12:06am |
|
Im scanning now. Ill either post the results later or tomorrow morning.
|
|
|
Q9550 @ 3.4Ghz for now
Xigmatek Thor's Hammer MSI P45 Neo2-fr 6gig 1066 Corsair Dominator XFX Radeon HD 4890 PC Power&Cooling 750W Seagate Barracuda 500Gb Antec 900 Vista 64bit |
|
|
|
|
stilkster
Senior Member
Joined: 20 Oct 2008 Online Status: Offline Posts: 244 |
Quote Reply
Posted: 17 Nov 2008 at 12:07am |
 boy!!! I've only had three viruses in 20 years!! (computer wise; not physically  )Penicillin working?? All cleaned up yet?
|
|
|
950Si 1000W PSU QX9650 4.0GHz 790i 8GB 1600MHz Dominator DHX 2x GTX 280
LC Dual Loop CPU/Dual Card |
|
|
|
|
PatrickB
DS Veteran
Joined: 19 Oct 2008 Online Status: Offline Posts: 544 |
Quote Reply
Posted: 17 Nov 2008 at 12:09am |
|
Not yet. But this second one he posted is finding much more than the first one!
Its already found 273 threats compared to a full scan of 63!! Edited by PatrickB - 17 Nov 2008 at 12:10am |
|
|
Q9550 @ 3.4Ghz for now
Xigmatek Thor's Hammer MSI P45 Neo2-fr 6gig 1066 Corsair Dominator XFX Radeon HD 4890 PC Power&Cooling 750W Seagate Barracuda 500Gb Antec 900 Vista 64bit |
|
|
|
|
jtspectra2
Senior Member
Joined: 07 Oct 2008 Online Status: Offline Posts: 840 |
Quote Reply
Posted: 17 Nov 2008 at 12:17am |
|
i use AVG , and so far , thats kept me virus free.
|
|
|
Q9650 @ 4.2Ghz( Liquid Cooled), 4GB 1600Mhz DDR3, GTX280 SLI, VRaptor,HAF 932
|
|
|
|
|
DST4ME
DS ELITE
Joined: 14 Apr 2008 Online Status: Offline Posts: 36758 |
Quote Reply
Posted: 17 Nov 2008 at 12:35am |
well sas has some false positives that SS does not, but it just harmless stuff |
|
|
|
|
stilkster
Senior Member
Joined: 20 Oct 2008 Online Status: Offline Posts: 244 |
Quote Reply
Posted: 17 Nov 2008 at 2:15am |
|
Hope you cure what you got! GL,man!
|
|
|
950Si 1000W PSU QX9650 4.0GHz 790i 8GB 1600MHz Dominator DHX 2x GTX 280
LC Dual Loop CPU/Dual Card |
|
|
|
|
DST4ME
DS ELITE
Joined: 14 Apr 2008 Online Status: Offline Posts: 36758 |
Quote Reply
Posted: 17 Nov 2008 at 5:18am |
|
LOL you are not seriously telling anybody to trash their HDD because of a virus are you? cause that is totally unnecessary, a proper format will wipe anything off the HDD
|
|
|
|
|
bradesco
Groupie 
Joined: 28 Oct 2008 Online Status: Offline Posts: 191 |
Quote Reply
Posted: 17 Nov 2008 at 5:28am |
|
Wow. From what I hear thats what happened to my computer back home. Well looks like Im buying a new HDD. I guess it wont even start up any more. Dang brother clicked the "OMG save me from the virus" button.
Edit: Or I could keep it and do a proper format like DST4ME said. Ive already formated it a time or 2 though. Is it bad to reformat a HDD more than... lets say twice? Edited by bradesco - 17 Nov 2008 at 5:31am |
|
|
|
|
bradesco
Groupie
Joined: 28 Oct 2008 Online Status: Offline Posts: 191 |
Quote Reply
Posted: 17 Nov 2008 at 5:32am |
|
Yeah my fam said it wont boot any more. I guess I wont know until I get home. Ill worry about it then..
|
|
|
|
|
DST4ME
DS ELITE
Joined: 14 Apr 2008 Online Status: Offline Posts: 36758 |
Quote Reply
Posted: 17 Nov 2008 at 6:26am |
|
if its a rootkit (in the boot sectors), then you need to zero out all the sectors with something like part-pe, but nod32 and spysweeper both can remove rootkits also.
Edited by DST4ME - 17 Nov 2008 at 6:26am |
|
|
|
|
PatrickB
DS Veteran
Joined: 19 Oct 2008 Online Status: Offline Posts: 544 |
Quote Reply
Posted: 17 Nov 2008 at 8:08am |
|
Superanti got rid of it! Thanks a lot guys!
|
|
|
Q9550 @ 3.4Ghz for now
Xigmatek Thor's Hammer MSI P45 Neo2-fr 6gig 1066 Corsair Dominator XFX Radeon HD 4890 PC Power&Cooling 750W Seagate Barracuda 500Gb Antec 900 Vista 64bit |
|
|
|
|
stilkster
Senior Member
Joined: 20 Oct 2008 Online Status: Offline Posts: 244 |
Quote Reply
Posted: 17 Nov 2008 at 11:05am |
|
Glad to hear you got cured! BTW, what av program were you using when you got infected?
|
|
|
950Si 1000W PSU QX9650 4.0GHz 790i 8GB 1600MHz Dominator DHX 2x GTX 280
LC Dual Loop CPU/Dual Card |
|
|
|
|
DST4ME
DS ELITE
Joined: 14 Apr 2008 Online Status: Offline Posts: 36758 |
Quote Reply
Posted: 17 Nov 2008 at 3:12pm |
great, can you please download and run Hijackthis Trendmicro version and then post your results from it here please. we need to make sure everything is gone  Edited by DST4ME - 17 Nov 2008 at 3:12pm |
|
|
|
|
cntydiver03
Newbie 
Joined: 12 Oct 2008 Online Status: Offline Posts: 7 |
Quote Reply
Posted: 17 Nov 2008 at 7:14pm |
|
dst my work has been fighting off a trojan horse. i think i have it killed from my jumpdrive. however i ran your hijackthis and got the following log:
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:11:17 PM, on 11/17/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Digital Media Reader\shwiconem.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\AOL\1131383480\ee\AOLSoftware.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\America Online 9.0a\waol.exe C:\Program Files\Common Files\AOL\1131383480\EE\aolsoftware.exe C:\Program Files\America Online 9.0a\shellmon.exe C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5409EC3D-6378-418B-944D-2F5250EAF37E} - C:\WINDOWS\system32\yaywx.dll (file missing) O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1131383480\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1131383480\ee\AOLSoftware.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [AIMPro] "C:\Program Files\AIM\AIM Pro\aimpro.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\RunOnce: [OOBEDDDemise] cmd /x /c erase C:\WINDOWS\System32\oobe\msoobe.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [IMC] C:\Program Files\FriendFinder\FriendFinder Messenger 40\imc.exe O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.mpix.com/Customer/Uploading/activex/ImageUploader3.cab O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/popinsaniquarium/popcaploader_v10.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: ddcaxvw - ddcaxvw.dll (file missing) O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: AOL Antivirus Update Service (aolavupd) - Unknown owner - C:\Program Files\Common Files\AOL\1131383480\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee McShield (McShield) - Unknown owner - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe (file missing) O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\Program Files\mcafee.com\personal firewall\MPFService.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 13680 bytes |
|
|
|
|
cntydiver03
Newbie
Joined: 12 Oct 2008 Online Status: Offline Posts: 7 |
Quote Reply
Posted: 17 Nov 2008 at 7:15pm |
|
so my question is did i kill it or do i still have a virus?
|
|
|
|
|
DST4ME
DS ELITE
Joined: 14 Apr 2008 Online Status: Offline Posts: 36758 |
Quote Reply
Posted: 17 Nov 2008 at 7:44pm |
|
please check and fix these entries:
O2 - BHO: (no name) - {5409EC3D-6378-418B-944D-2F5250EAF37E} - C:\WINDOWS\system32\yaywx.dll (file missing) O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O20 - Winlogon Notify: ddcaxvw - ddcaxvw.dll (file missing) |
|
|
|
|
Post Reply
|
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
About Digital Storm
Contact Information
Facility Tour
Financing
Buy Now, Pay Later
Downloads
GSA Schedule
Terms & Conditions
Privacy Policy
Request Help
Call: 1-866-817-8676
(Hours 9AM-5PM PST)
Topic Options