Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Serious Virus Need A Bomb Squad


  • Please log in to reply
2 replies to this topic

#1 roninknife

roninknife

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:41 PM

Posted 08 September 2008 - 04:48 PM

Hello,

I've been battling this virus all morning and I am finally giving up! I need some help from the pros. I think it is called the Complexel Virus, at least thats what my windows virus software is calling it. I am running Vista, yeah I know. Home Premium addition. I noticed this odd file in one of my forlders and tried to delete it and everything went bonkers. Win Vistas anti virus program pops open and starts scanning, i'm getting messages that my computer is running slow, that i am infected, I keep getting these blank popups that take my prompt away from whatever I am typing or working on and it keeps adding shortcuts to porn sights on my desktop. I started out by booting in to safe mode and ran smitfraudfix, followed the usual protocal. Second, I tried to run panda but after ten attempts, each one freezing at 6% i stopped. Tried to run trend micro house call. That didn't work either. I ran adaware, and search and destroy, no luck. Ran a couple of other things and now I am running Malwarebytes and. . . actually. . . i'm not getting the popups anymore and all my bubble warnings have left. Well, let me post my logs anyways I am sure there is something that i have missed. Thanks for the help in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:41:24 PM, on 9/8/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Earnshaw Clan\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Earnshaw Clan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: bw+0 - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: offline-8876480 - {01E3EB9F-EB17-4923-9AF6-DC92D708B8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

--
End of file - 19060 bytes

SmitFraudFix v2.346

Scan done at 9:07:35.44, Mon 09/08/2008
Run from C:\Users\Earnshaw Clan\Desktop\Smitfraudfix\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

Killing process


hosts


127.0.0.1 localhost
::1 localhost

VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


Generic Renos Fix

GenericRenosFix by S!Ri


Deleting infected files

C:\Windows\system32\1.ico Deleted
C:\Users\EARNSH~1\Desktop\QUALITY PORN.url Deleted
C:\Program Files\PCHealthCenter\ Deleted

IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


AntiXPVSTFix



RK


DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{101BD947-76CC-4EBB-B84F-1B98A395E845}: DhcpNameServer=64.142.120.131 64.142.120.130
HKLM\SYSTEM\CS1\Services\Tcpip\..\{101BD947-76CC-4EBB-B84F-1B98A395E845}: DhcpNameServer=64.142.120.131 64.142.120.130
HKLM\SYSTEM\CS3\Services\Tcpip\..\{101BD947-76CC-4EBB-B84F-1B98A395E845}: DhcpNameServer=64.142.120.131 64.142.120.130
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=64.142.120.131 64.142.120.130
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=64.142.120.131 64.142.120.130
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=64.142.120.131 64.142.120.130


Deleting Temp Files


Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]


Registry Cleaning

Registry Cleaning done.

SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


End




Malwarebytes' Anti-Malware 1.27
Database version: 1130
Windows 6.0.6000

9/8/2008 2:32:08 PM
mbam-log-2008-09-08 (14-32-08).txt

Scan type: Quick Scan
Objects scanned: 47822
Time elapsed: 3 minute(s), 53 second(s)

Memory Processes Infected: 3
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 13

Memory Processes Infected:
C:\Windows\System32\YUR4B07.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\Windows\System32\YUR5112.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\Windows\System32\YUR5567.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur4b07.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur5112.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur5567.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur5567.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\YUR4B07.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\YUR5112.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\YUR5567.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\x (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\MSA\MSA.exe (Rogue.MSAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\MSA\msa0.dat (Rogue.MSAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\MSA\msa1.dat (Rogue.MSAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\MSA\MSA.cpl (Rogue.MSAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\MSA\MSA.ooo (Rogue.MSAntivirus) -> Quarantined and deleted successfully.
C:\Windows\System32\MSa.cpl (Rogue.MSAntivirus) -> Quarantined and deleted successfully.
C:\Users\Earnshaw Clan\Desktop\BEST ZOO PORN.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Users\Earnshaw Clan\Desktop\QUALITY PORN.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Users\Earnshaw Clan\Desktop\MS Antivirus.lnk (Rogue.Link) -> Quarantined and deleted successfully.

Okay. I also cleaned out my temporary files amd stuff.
Let me know if there is anything else I need to do.

Thanks

Kurts Turtle.

Edited by roninknife, 08 September 2008 - 04:50 PM.


BC AdBot (Login to Remove)

 


#2 roninknife

roninknife
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:41 PM

Posted 15 September 2008 - 04:18 PM

Did I do something wrong, How come I haven't gotten a responce?

:thumbsup:

#3 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:09:41 PM

Posted 23 September 2008 - 04:20 PM

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:

Preparation Guide For Use Before Posting A Hijackthis Log

Please also post the problems you are having.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users