Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Media2 Virus...(I think)

  • Please log in to reply
1 reply to this topic

#1 soldiersbane


  • Members
  • 2 posts
  • Local time:01:50 AM

Posted 23 September 2009 - 09:35 PM

I have a whole lot of problems with my computer. Everytime I refresh my browser or move on to a new
page I get a variety of pop-ups. I will copy and paste the address of those sites..(not sure if that helps any..). Occasionally
whenever I start my browser it will also just freeze while it's connecting to my homepage and the only thing I can do to fix
it is by shutting off the computer and restarting it. Sometimes whenever I try to go into my C: drive I get the warning:
Windows cannot find 'RECYCLER\S-3-7-68-100000563-100017975-100026263-5497.com'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search.

I hope I have given you enough info and any and all advice you have would be welcome. Thank you very much! Now Here is a list of the sites that pop up while on my browser and after that is the DDS Log:




DDS (Ver_09-07-30.01) - NTFSx86
Run by Alicia at 21:40:16.48 on Wed 09/23/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.591 [GMT -4:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Linksys\WUSB100\WUSB100.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Alicia\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mWinlogon: Shell=explorer.exe "c:\program files\common files\system\Microsoft_Software_XStart.exe"
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {17DF7D60-3575-497F-8D11-F8882E3E1CE9} - No File
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: UberButton Class: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {5ED7D3DE-6DBE-4516-8712-01B1B64B7057} - No File
BHO: YahooTaggedBM Class: {65d886a2-7ca7-479b-bb95-14d1efb7946a} - c:\program files\yahoo!\common\YIeTagBm.dll
BHO: {6B3E26A3-C1E2-4125-8C8F-F1303F748C3A} - No File
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: {88463260-0985-00e7-7467-99ca3230262a} - c:\docume~1\alicia\locals~1\temp\z iis.dll
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - No File
BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1303.0\msneshellx.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB: {07AA283A-43D7-4CBE-A064-32A21112D94D} - No File
TB: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: 100% Free Spades Toolbar: {02f7a7eb-89f8-47ff-a75c-52c1060ec144} - c:\program files\100% free spades toolbar\v3.3.0.1\100%_Free_Spades_Toolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [A00F3A0B6.exe] c:\docume~1\alicia\locals~1\temp\_A00F3A0B6.exe
uRun: [A00F1BDD7B.exe] c:\docume~1\alicia\locals~1\temp\_A00F1BDD7B.exe
uRun: [A00F1BCB6A.exe] c:\docume~1\alicia\locals~1\temp\_A00F1BCB6A.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\linksys\wusb100\WUSB100.exe
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-system: DisableRegistryTools = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83}
DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6}
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8}
DPF: {48DD0448-9209-4F81-9F6D-D83562940134}
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0}
DPF: {5D6F45B3-9043-443D-A792-115447494D24}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C}
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592}
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553512000}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553550000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E}
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937}
TCP: NameServer =,
TCP: {3649BB8B-61B4-4A8B-A47C-1BB12C2D9131} =,
Notify: ce1c93d670 - c:\windows\system32\console32.dll
Notify: __c00AF2D1 - c:\windows\system32\__c00AF2D1.dat
AppInit_DLLs: c:\windows\system32\console32.dll

============= SERVICES / DRIVERS ===============

R3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2007-7-28 517632]
S3 CCCP106;CIF USB Camera (2110A);c:\windows\system32\drivers\cccp106.sys --> c:\windows\system32\drivers\cccp106.sys [?]
S3 XDva224;XDva224;\??\c:\windows\system32\xdva224.sys --> c:\windows\system32\XDva224.sys [?]

=============== Created Last 30 ================

2009-09-23 14:09 27,648 a------- c:\windows\system32\gyuok.dat
2009-09-22 12:03 <DIR> -cd----- C:\!Default_XP_Home_SP3_Start_v300
2009-09-22 12:00 918 ac------ C:\!Default_XP_Home_SP3_Start_v300.zip
2009-09-22 11:49 <DIR> --d----- c:\program files\CCleaner
2009-09-22 03:06 <DIR> --d----- c:\program files\Trend Micro
2009-09-22 02:53 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-09-22 02:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-09-22 00:59 157 ac------ C:\xcrashdump.dat
2009-09-21 23:19 104 a------- c:\windows\system32\NvApps.xml
2009-09-21 23:15 23,392 a------- c:\windows\system32\nscompat.tlb
2009-09-21 23:15 16,832 a------- c:\windows\system32\amcompat.tlb
2009-09-21 23:15 13,588 a------- c:\windows\system32\wpa.dbl
2009-09-21 22:23 <DIR> --d-h--- c:\windows\PIF
2009-09-21 09:00 162,320 a------- c:\windows\40E535599E30D8EEE148BEE56D33C877.exe
2009-09-19 21:04 27,648 -------- c:\windows\system32\__c00AF2D1.dat
2009-09-19 20:12 17,851 a------- c:\windows\GnuHashes.ini
2009-09-19 20:05 1,512 a--sh--- c:\windows\system32\GroupPolicy000.dat
2009-09-19 20:05 <DIR> --dsh--- c:\windows\system32\LocalService
2009-09-19 20:05 523,264 a--sh--- c:\windows\system32\25.tmp
2009-09-19 20:05 122,880 a------- c:\windows\system32\console32.dll
2009-09-12 06:55 <DIR> -cdsh--- c:\documents and settings\alicia\IECompatCache
2009-09-12 01:48 <DIR> -cdsh--- c:\documents and settings\alicia\PrivacIE
2009-09-12 01:48 <DIR> -cdsh--- c:\documents and settings\alicia\IETldCache
2009-09-12 01:35 78,336 a------- c:\windows\system32\ieencode.dll
2009-09-12 01:35 78,336 a------- c:\windows\system32\dllcache\ieencode.dll
2009-09-02 23:59 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-09-02 23:54 <DIR> --d----- c:\program files\Zemi Interactive
2009-09-02 23:22 <DIR> --d----- c:\program files\Neffy
2009-08-31 12:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Trymedia
2009-08-28 01:44 235,920 a------- c:\windows\100%_Free_Spades_Toolbar_Uninstaller_328.exe
2009-08-28 01:44 <DIR> --d----- c:\program files\100% Free Spades Toolbar
2009-08-28 01:44 <DIR> --d----- c:\program files\DreamQuest

==================== Find3M ====================

2007-10-08 22:07 374 ac------ c:\docume~1\alicia\applic~1\internaldb6334.dat
2007-10-08 22:06 18,432 ac------ c:\docume~1\alicia\applic~1\internaldb41.dat
2007-10-08 22:06 555 ac------ c:\docume~1\alicia\applic~1\internaldb8467.dat
2007-08-29 22:46 110 ac------ c:\docume~1\alluse~1\applic~1\MostFunGameId.bin
2006-10-16 17:38 273 ac--h--- c:\program files\hpothb07.dat
2006-10-16 17:38 0 ac--h--- c:\program files\hpothb07.tif
2006-04-09 00:56 36,465,208 ac------ c:\program files\iTunesSetup.exe
2008-11-29 01:12 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008112920081130\index.dat

============= FINISH: 21:44:12.96 ===============

Attached Files

Edited by Orange Blossom, 23 September 2009 - 09:41 PM.
Deactivate links. ~ OB

BC AdBot (Login to Remove)


#2 kahdah


  • Security Colleague
  • 11,138 posts
  • Gender:Male
  • Location:Florida
  • Local time:01:50 AM

Posted 10 October 2009 - 10:31 AM

Hello soldiersbane

Welcome to Welcome to BleepingComputer :(
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
Download This file. Note its name and save it to your root folder, such as C:\.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users