Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Very Troublesome Virus[RESOLVED]


  • This topic is locked This topic is locked

#1
markedmanner

markedmanner

    Member

  • Member
  • PipPip
  • 87 posts
Ok where do I start. I have cleaned all of the temp files off the computer all the cookies etc. I noticed I couldnt get AVG to install or Adaware because there was a virus or something running killing the process of the install file. So I totally pulled the Hard drive from the machine hooked it up to another machine that was clean and had AVG and Adaware etc. on it. I booted up with the clean machine and put the infected hard drive as the slave. I ran a AVG scan it found about 200 viruses got them removed I have rescanned the hard drive it found nothing. Then I ran adaware while I had the Hard drive hooked up as slave. and it found somethings it removed those. Next I decided to Rehook up the Hard drive to the computer it came out of and boot it up. So I did. Still cant install AVG or adaware or Spybot. I got a program called Counterspy to install and ran a scan found a few more malware things. I removed those. I was able to install a program called winpatrol on the machine that shows running processes startup programs etc... Zonealarm installed but the process is killed. Spybot,adaware,Avg,Avast will not install at all! You click the install file and it will not run. I have noticed this virus likes to rename itself. At one point it was named EXPLORE.exe trying to make it look like EXPLORER.exe in the task manager. I have ran Killbox to try to delete these files and everytime I restart to delete the file it just comes back and is renamed something else. And you cannot kill the process in the task manager. I have also ran mcafee stinger on the machine. If someone can help me figure this one out Big kudos to you! Because I remove spyware and viruses from machines all the time but I cant figure this out! :tazz:

This is a log showing what the machine looks like when I do a Diagnostic startup from msconfig. The virus or whatever it is is still there I can not install any anti-virus or anti-spyware tools.

Logfile of HijackThis v1.99.1
Scan saved at 11:03:17 AM, on 05/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
C:\Documents and Settings\Nicki\Desktop\New Folder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\Nicki\Application Data\Mozilla\Profiles\default\d04kirt2.slt\prefs.js)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Task Manager] c:\windows\system32\taskmg.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [sunasDtServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.insightbb.com
O16 - DPF: {1C203F13-95AD-11D0-A84B-00A0247B735B} (Sheridan ActiveTreeView Control) - https://www.ext.ch2m...rols/sstree.cab
O16 - DPF: {2F5B39C5-C6F5-447A-A946-48B382C53985} - http://www.pacimedia...ll/pcs_0025.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {35020238-5912-11D1-9A00-00C04FD8DC2E} (DameWare DTP Control Class) - https://www.ext.ch2m...ntrols/ddtp.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4855C21B-E452-4661-A702-ED3493CE74DF} - http://sp.ask.com/do...askbar-inst.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....23/cpbrkpie.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...ta/SymAData.dll
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll


=====================================================

Here is what the machine looks like after I do a normal startup





Logfile of HijackThis v1.99.1
Scan saved at 11:34:35 AM, on 05/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDTServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\System32\igfxtray.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\interMute\PopSubtract\PopSub.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Documents and Settings\Nicki\Desktop\New Folder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\Nicki\Application Data\Mozilla\Profiles\default\d04kirt2.slt\prefs.js)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: FlashEnhancer Extnder - {A749B4BC-7621-4a80-9220-D0A283367DD5} - c:\Program Files\Fln\fln.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [sunasDtServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDTServ.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
O4 - HKLM\..\Run: [SAClient] "C:\Program Files\Insight\BBClient\Programs\RegCon.exe" /admincheck
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [FlnCPY] "C:\Program Files\Common Files\Java\flncpy.exe"
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PopSubtract.lnk = C:\Program Files\interMute\PopSubtract\PopSub.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.insightbb.com
O16 - DPF: {1C203F13-95AD-11D0-A84B-00A0247B735B} (Sheridan ActiveTreeView Control) - https://www.ext.ch2m...rols/sstree.cab
O16 - DPF: {2F5B39C5-C6F5-447A-A946-48B382C53985} - http://www.pacimedia...ll/pcs_0025.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {35020238-5912-11D1-9A00-00C04FD8DC2E} (DameWare DTP Control Class) - https://www.ext.ch2m...ntrols/ddtp.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4855C21B-E452-4661-A702-ED3493CE74DF} - http://sp.ask.com/do...askbar-inst.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....23/cpbrkpie.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...ta/SymAData.dll
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Loading Outpost Connections (KDE) - Unknown owner - C:\WINDOWS\system32\cmdtel.exe (file missing)
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Debug oupost relations (LAGOS) - Unknown owner - C:\WINDOWS\system32\ahtun.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (file missing)
  • 0

Advertisements


#2
markedmanner

markedmanner

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
UPDATE!!

Ok I Rehooked up the Drive as a slave drive on the Clean computer again and ran an online virus scan from panda. It found the stuff I have post below. I went in and deleted all the files. Then I rehooked up the Hard drive to the machine and started it up. I was able to get AVG,Spybot,adaware installed on the computer! But I started to run an Adaware scan and AVG started picking up things in the C: SYSTEM VOLUME INFORMATION FOLDER I had system restore disabled and if you go in and try to browse to the SYSTEM VOLUME INFORMATION folder it is not even there! but yet AVG is detecting a Trojan there! Well so I closed adaware decided to run an AVG scan on the computer. So I started an AVG scan had to leave for about 15 min. I left and I came back and the computer was in sleep mode when I came back. and i moved the mouse and it restarted all by itself! Next thing I know the Virus is back Avg etc is still installed but none of them will run! I have it booted into safe mode right now running an adaware scan. All the programs will run in safe mode but not in regular mode because that stupid virus keeps poping up! Looks like everyone else is stumped on this one as much as I am!!! :tazz:

HERE IS THE LOG FROM THE PANDA SCAN:

Incident Status Location

Adware:Adware/DelFinMedia No disinfected F:\Documents and Settings\All Users\Application Data\wsxs\patchme.exe
Spyware:Spyware/Media-motor No disinfected F:\Documents and Settings\Nicki\Desktop\New Folder\backups\backup-20050510-161343-435.inf
Adware:Adware/PurityScan No disinfected F:\Documents and Settings\Nicki\Desktop\New Folder\backups\backup-20050510-170637-248.dll
Adware:Adware/PurityScan No disinfected F:\Documents and Settings\Nicki\Desktop\New Folder\backups\backup-20050510-170637-269.dll
Adware:Adware/Midaddle No disinfected F:\Documents and Settings\Nicki\Local Settings\Temp\bNX.exe
Adware:Adware/Midaddle No disinfected F:\Documents and Settings\Nicki\Local Settings\Temp\mOJhW.exe
Adware:Adware/Transponder No disinfected F:\Documents and Settings\Nicki\Local Settings\Temporary Internet Files\Content.IE5\6FAN4Z81\DrPMon[1].dll
Adware:Adware/Transponder No disinfected F:\Documents and Settings\Nicki\Local Settings\Temporary Internet Files\Content.IE5\KXCVA5AN\svcproc[1].exe
Adware:Adware/Transponder No disinfected F:\Documents and Settings\Nicki\Local Settings\Temporary Internet Files\Content.IE5\O1Q34N2B\Nail[1].exe
Adware:Adware/Transponder No disinfected F:\Documents and Settings\Nicki\Local Settings\Temporary Internet Files\Content.IE5\O1Q34N2B\Poller[1].exe
Adware:Adware/PurityScan No disinfected F:\Documents and Settings\Owner\Application Data\wtta.exe
Adware:Adware/BroadcastPC No disinfected F:\Program Files\Common Files\Java\bpt.cfg
Adware:Adware/FlashTrack No disinfected F:\Program Files\Common Files\Java\Xcpy1.cfg
Adware:Adware/DelFinMedia No disinfected F:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe
Spyware:Spyware/BetterInet No disinfected F:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\14D1BD31-C89D-4578-9877-E56AEB\0CE5DFA0-C52E-435E-BD42-2D884F
Spyware:Spyware/Media-motor No disinfected F:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\1B154E71-CA07-4346-9051-5E44F6\5FD74420-41C2-413E-980A-741F6B
Virus:Trj/Notifier.AA Disinfected F:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\1B154E71-CA07-4346-9051-5E44F6\621D573F-D6A3-482B-B501-B02975
Adware:Adware/Sqwire No disinfected F:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\1B29476C-F73C-43C9-92B4-99C533\7C819A60-9707-4026-883A-A56503
Spyware:Spyware/Media-motor No disinfected F:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\224B446D-5FCA-4E24-B632-93D737\8A06BB9A-261F-4930-A478-93133D
Adware:Adware/TopSpyware No disinfected F:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\24D46A9F-56D8-4039-AC19-DE9AAA\A253CE59-8729-4EB8-9F03-2B311B
Virus:Trj/Idly.A Disinfected F:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\281845F4-0C96-4FDA-B668-9DD932\DA92CC21-B284-443C-835A-745374
Adware:Adware/BroadcastPC No disinfected F:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\2A960050-1A51-479E-9BF3-C7C802\7BC3B6E3-AFAA-42E5-AECB-75781C
Adware:Adware/BroadcastPC No disinfected F:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\2A960050-1A51-479E-9BF3-C7C802\867E9A6D-7F3E-475F-B67B-832683
Adware:Adware/BroadcastPC No disinfected F:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\38ED7AB2-A338-4FF3-A523-88AA3D\72FC95BD-2E17-41A8-9EB2-0886BE
Adware:Adware/Twain-Tech No disinfected F:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\3F64A42C-ABBA-4953-82E0-AD4C8D\64CD3856-EE79-48F5-91BF-1484F0
Adware:Adware/FlashTrack No disinfected F:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\42FA539C-87CE-475D-AB3D-5B7117\E482419C-223D-418E-81F6-9BA018
Adware:Adware/FlashTrack No disinfected F:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\42FA539C-87CE-475D-AB3D-5B7117\E788245E-D61A-4EDD-98B8-E71F65
Virus:Trj/Downloader.CKQ Disinfected F:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\44EB7497-4F37-4FA5-B1F4-F40CA0\2E4A51F4-1E41-4E0D-A20E-013C34
Adware:Adware/TopSpyware No disinfected F:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\44EB7497-4F37-4FA5-B1F4-F40CA0\8D18769A-693D-4C4B-A12E-B7BB21
Virus:Trj/Downloader.CKQ Disinfected F:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\44EB7497-4F37-4FA5-B1F4-F40CA0\AD846435-757E-44A2-BF52-D15FBB
Adware:Adware/KeenValue No disinfected F:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\46DC875A-E0B1-48EC-B768-CE2CCE\ED035809-428F-4EA0-B25D-C4C676
Spyware:Spyware/MarketScore No disinfected F:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\4C7BCCA0-F4A3-447F-80F1-2980A4\04FBBDFD-7C55-412D-B445-FA52A7
Spyware:Spyware/MarketScore No disinfected F:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\4C7BCCA0-F4A3-447F-80F1-2980A4\C7EDD84E-E451-449E-9789-60360D
Virus:Trj/Clicker.AD Disinfected F:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\63D57226-68FC-4C29-864C-32D0C2\5A578C69-F223-4B27-9316-DFEB0B
Adware:Adware/Transponder No disinfected F:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\87045C99-F4A0-44BC-9EDB-919BC7\B6BC4A26-D903-4D0D-92DD-CC1925
Adware:Adware/DelFinMedia No disinfected F:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\89C9A9F5-BA7B-4297-BD6D-6CBA6F\DC89A51F-1FF6-49C9-A2DF-681355
Adware:Adware/DelFinMedia No disinfected F:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\89C9A9F5-BA7B-4297-BD6D-6CBA6F\E03E9B78-B8CC-490B-8F45-69636A
Adware:Adware/KeenValue No disinfected F:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\8B5191DF-5DB9-4F03-B563-9DE078\B7B650F9-0C7C-426C-9070-2ED4A0
Adware:Adware/IEPlugin No disinfected F:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\9121719D-2B55-4773-99DC-09FDA5\CF9709D2-81CF-4979-AA20-71544A
Adware:Adware/IEPlugin No disinfected F:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\9121719D-2B55-4773-99DC-09FDA5\F3E9F281-C078-4C49-B511-FC2EAE
Spyware:Spyware/Wast No disinfected F:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\9123A2F6-4881-48CE-ACE2-020F27\3D24AFA8-E433-47F8-97D5-ECE4B5
Adware:Adware/Twain-Tech No disinfected F:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\9123A2F6-4881-48CE-ACE2-020F27\D4A5E0EC-A2A0-4976-AC6E-2A4D9F
Adware:Adware/IPInsight No disinfected F:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\9123A2F6-4881-48CE-ACE2-020F27\FADE546C-1492-493F-8937-05C211
Spyware:Spyware/BargainBuddy No disinfected F:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\A1C42C4D-776D-41E9-BE00-2ABDC0\1129D46A-EF62-4D28-9D91-DD7E78
Spyware:Spyware/BargainBuddy No disinfected F:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\A1C42C4D-776D-41E9-BE00-2ABDC0\3D61FA6E-13A1-434C-8B3A-56D9B4
Spyware:Spyware/BargainBuddy No disinfected F:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\A1C42C4D-776D-41E9-BE00-2ABDC0\6F6DC273-C49F-40D8-9EBE-ED910D
Virus:Trj/Agent.QW Disinfected F:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\B9E684E5-9116-4DFB-89DA-56368B\C9A72EF3-1500-4601-B41D-B8AEF1
Adware:Adware/PortalScan No disinfected F:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\CB08D3F6-808B-4692-97F5-ABB68F\9DE7D085-D016-4669-A82E-7693B5
Adware:Adware/PurityScan No disinfected F:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\D01BE892-A7C5-4277-8182-E48AB4\2B82B024-028F-493A-946D-35F4C6
Spyware:Spyware/BetterInet No disinfected F:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\E7F5DDEE-20CC-431F-9E85-244DF9\19B06F4A-560C-4B5E-939E-CAFAE1
Spyware:Spyware/BetterInet No disinfected F:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\E7F5DDEE-20CC-431F-9E85-244DF9\7BC2AFBF-2C09-4E87-BC7C-D146A3
Adware:Adware/WebHancer No disinfected F:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\EB1A51FA-6057-49C7-BFD2-1251C1\0194D884-BC6D-4627-9917-1F8BE8
Adware:Adware/WebHancer No disinfected F:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\EB1A51FA-6057-49C7-BFD2-1251C1\0194D884-BC6D-4627-9917-1F8BE8[whInstaller.ini]
Adware:Adware/WebHancer No disinfected F:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\EB1A51FA-6057-49C7-BFD2-1251C1\0194D884-BC6D-4627-9917-1F8BE8[whAgent.inf]
Adware:Adware/WebHancer No disinfected F:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\EB1A51FA-6057-49C7-BFD2-1251C1\0194D884-BC6D-4627-9917-1F8BE8[WhAgent.exe]
Adware:Adware/WebHancer No disinfected F:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\EB1A51FA-6057-49C7-BFD2-1251C1\0194D884-BC6D-4627-9917-1F8BE8[whInstaller.exe]
Adware:Adware/WebHancer No disinfected F:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\EB1A51FA-6057-49C7-BFD2-1251C1\0194D884-BC6D-4627-9917-1F8BE8[WhSurvey.exe]
Adware:Adware/WebHancer No disinfected F:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\EB1A51FA-6057-49C7-BFD2-1251C1\0194D884-BC6D-4627-9917-1F8BE8[Webhdll.dll]
Adware:Adware/WebHancer No disinfected F:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\EB1A51FA-6057-49C7-BFD2-1251C1\0194D884-BC6D-4627-9917-1F8BE8[whiehlpr.dll]
Adware:Adware/WebHancer No disinfected F:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\EB1A51FA-6057-49C7-BFD2-1251C1\14F05126-FFA3-4DE1-A3F2-D1EA9A
Adware:Adware/WebHancer No disinfected F:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\EB1A51FA-6057-49C7-BFD2-1251C1\1656D3C2-E561-4217-B8ED-26ABF0
Adware:Adware/WebHancer No disinfected F:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\EB1A51FA-6057-49C7-BFD2-1251C1\5C4DC3F6-1126-458A-9978-16D769
Adware:Adware/WebHancer No disinfected F:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\EB1A51FA-6057-49C7-BFD2-1251C1\9AAFC9E2-BA3A-4978-9F52-4E2152
Adware:Adware/WebHancer No disinfected F:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\EB1A51FA-6057-49C7-BFD2-1251C1\C275D4BD-37A9-4677-9152-94E16E
Adware:Adware/WebHancer No disinfected F:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\EB1A51FA-6057-49C7-BFD2-1251C1\C5D56BFB-FDF0-41EC-967B-9BD7FA
Adware:Adware/WebHancer No disinfected F:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\EB1A51FA-6057-49C7-BFD2-1251C1\E355E1B6-290B-4C8E-91E5-BB8301
Adware:Adware/SAHAgent No disinfected F:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\FEBC66C3-9C88-4F40-8319-73C45B\393BD360-59BF-425C-8238-FA6B10
Adware:Adware/SAHAgent No disinfected F:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\FEBC66C3-9C88-4F40-8319-73C45B\430E4C70-7AEB-4AC7-8547-F96FDF
Adware:Adware/SAHAgent No disinfected F:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\FEBC66C3-9C88-4F40-8319-73C45B\94F6AF40-0C32-4F99-8F16-5F0716
Adware:Adware/SAHAgent No disinfected F:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\FEBC66C3-9C88-4F40-8319-73C45B\A7A7551E-260E-4E21-869E-DDCDD0
Adware:Adware/SAHAgent No disinfected F:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\FEBC66C3-9C88-4F40-8319-73C45B\B1306C50-EE0C-4852-94C8-9B02B0
Adware:Adware/SAHAgent No disinfected F:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\FEBC66C3-9C88-4F40-8319-73C45B\B4F8F77E-1230-4514-BE7D-85C8AE
Adware:Adware/SAHAgent No disinfected F:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\FEBC66C3-9C88-4F40-8319-73C45B\CD3FFB7F-9059-4431-82CC-79F1ED
Adware:Adware/SAHAgent No disinfected F:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\FEBC66C3-9C88-4F40-8319-73C45B\DBAA16CF-6A7A-47BE-B789-783F98
Adware:Adware/nCase No disinfected F:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\FF80430A-2BB5-4275-AC61-F50355\21BBA4B9-CF22-4616-9170-9DF9BD
Adware:Adware/nCase No disinfected F:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\FF80430A-2BB5-4275-AC61-F50355\52FBD542-84B5-4DE1-9E92-E7E287
Virus:Trj/Hpt.C Disinfected F:\RECYCLER\S-1-5-21-3113207943-3856378107-2071102810-1008\Dc1.exe
Adware:Adware/KeenValue No disinfected F:\updaterInstall_108.exe
Spyware:Spyware/Wast No disinfected F:\WINDOWS\ast_4_mm.exe
Virus:Trj/Casicon.A Disinfected F:\WINDOWS\casicon.exe
Adware:Adware/Coupons No disinfected F:\WINDOWS\cpbrkpie.ocx
Spyware:Spyware/Media-motor No disinfected F:\WINDOWS\Downloaded Program Files\mm63.INF
Adware:Adware/BHO No disinfected F:\WINDOWS\ei25.exe
Adware:Adware/SAHAgent No disinfected F:\WINDOWS\inf\bi2.inf
Spyware:Spyware/BetterInet No disinfected F:\WINDOWS\inf\ceres.inf
Spyware:Spyware/AdClicker No disinfected F:\WINDOWS\loads.exe
Adware:Adware/nCase No disinfected F:\WINDOWS\msbbhook.dll
Adware:Adware/PortalScan No disinfected F:\WINDOWS\mwsvm.bin
Virus:Trj/Downloader.CA Disinfected F:\WINDOWS\nhiqirsgt.exe
Adware:Adware/SAHAgent No disinfected F:\WINDOWS\sahagent-mediamotor1001.exe
Adware:Adware/SAHAgent No disinfected F:\WINDOWS\sahagent-mediamotor1002.exe
Adware:Adware/SAHAgent No disinfected F:\WINDOWS\sahagent-mediamotor1003.exe
Adware:Adware/SAHAgent No disinfected F:\WINDOWS\SAHUninstall.exe
Adware:Adware/Twain-Tech No disinfected F:\WINDOWS\SET5A.tmp
Adware:Adware/MyDailyHoroscopeNo disinfected F:\WINDOWS\setup_silent_17253.exe
Adware:Adware/MyDailyHoroscopeNo disinfected F:\WINDOWS\setup_silent_17304.exe
Adware:Adware/Transponder No disinfected F:\WINDOWS\system32\bvvggv.exe
Possible Virus. No disinfected F:\WINDOWS\system32\c14b2s.dll
Adware:Adware/BrowserAid No disinfected F:\WINDOWS\system32\D0CE0C16B1.DLL
Adware:Adware/PurityScan No disinfected F:\WINDOWS\system32\devabu.dll
Adware:Adware/CWS.Flsmngr No disinfected F:\WINDOWS\system32\flsmngr.dll
Virus:Trj/Lowzones.CL Disinfected F:\WINDOWS\system32\glopjcey.exe
Adware:Adware/Twain-Tech No disinfected F:\WINDOWS\system32\hueeqq.exe
Virus:Trj/Casicon.A Disinfected F:\WINDOWS\system32\icon\icon.exe
Virus:W32/Bagz.M.worm Disinfected F:\WINDOWS\system32\mbvfhaaa.exe
Adware:Adware/nCase No disinfected F:\WINDOWS\system32\msbb321.dll
Adware:Adware/DelFinMedia No disinfected F:\WINDOWS\system32\nsvsvc\nsv.ocx
Possible Virus. No disinfected F:\WINDOWS\system32\qmgrmm32.exe
Adware:Adware/SAHAgent No disinfected F:\WINDOWS\system32\sahagent1014.exe
Virus:Trj/Prutec.L Disinfected F:\WINDOWS\system32\winsmx.exe
Adware:Adware/SAHAgent No disinfected F:\WINDOWS\system32\xmlparse.dll
Adware:Adware/SAHAgent No disinfected F:\WINDOWS\system32\xmltok.dll
Adware:Adware/PurityScan No disinfected F:\WINDOWS\system32\XPLORE~1.EXE
Spyware:Spyware/Media-motor No disinfected F:\WINDOWS\unstall.exe
Virus:Trj/Downloader.CA Disinfected F:\WINDOWS\ypopoqzbk.exe
  • 0

#3
markedmanner

markedmanner

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
Ok heres an Update on whats going on. Here is a new Log file.

http://www.hijackthi...9cbdcb719a.html

I ran Avg,adaware,spybot,counterspy in safe mode
I have one big problem with that log above.
I have a problem with this running process

C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe

I didnt even open internet explorer. I didnt do anything I restarted the computer and just ran hijack this. So my guess is this isnt IE! So I clicked on it in winpatrol and clicked delete this file on Reboot then I restarted and this is the log I got after I deleted iexplore.exe

http://www.hijackthi...cd754841b8.html

I also cleared up many of the nastys that it was reporting or any unknowns. Still the same results! still cant run AVG adaware etc...
One thing I did notice is that a random file name utilaux.exe showed up in the windows task manager but it did not show up in the hijack this log or in winpatrol. After I clicked kill task in windows task manager and refreshed winpatrol and ran another hijack this log it showed up! but it had been running the whole time! but I had to kill it and then it restarted and then it showed up?? This thing is crazy!
  • 0

#4
markedmanner

markedmanner

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
Guess you could say this is solved I did a format and reinstall but I would still like to know what this virus was and why nothing would pick it up! :tazz:
  • 0

#5
Guest_thatman_*

Guest_thatman_*
  • Guest
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP