|
| ||
| Really bad virus 2 Attachment(s) Hi all! This is my first time posting on this forum. Very new to forums altogether really, but recently my second PC got a horrible virus. The background was changed to "WARNING viruses and spyware have been found on your computer. please run a spyware check", my CD rom drive does not work, the internet does not work and the computer is running amazingly slow. Normally I wouldn't mind just popping in the windows CD, wiping my whole hard drive and reinstalling the OS on a fresh new partition, but since the CD-rom drive isn't reading the CD's, i can't boot the computer from a CD and therefore I don't really know what else to do. Note: My CD-ROM drive was working before I got this virus. I checked the cables inside of the computer, switched out to another CD-ROM drive, but still no help. I ran malware bytes, and i'm including the log as an attachment. I also managed to download hijackthis and have also included the log. I'm also going to post both of the logs in case the attachment doesn't work: Hijack this: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:20:24 PM, on 3/29/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\setup\avast.setup C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe E:\itunes\iTunesHelper.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\wuauclt.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywaybiz R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "E:\itunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: The Poker Community - {23ce1f91-bc56-49f9-be01-bddf4ef76305} - C:\Documents and Settings\Zeke\Start Menu\Programs\The Poker Community\The Poker Community.lnk (HKCU) O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb...LStreaming.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: pushow82.dll C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O20 - Winlogon Notify: dcdbfadaddbdefe - C:\WINDOWS\system32\dcdbfadaddbdefe.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- End of file - 9548 bytes Malware-Bytes: Malwarebytes' Anti-Malware 1.35 Database version: 1904 Windows 5.1.2600 Service Pack 3 3/29/2009 7:08:24 PM mbam-log-2009-03-29 (19-08-24).txt Scan type: Full Scan (C:\|E:\|) Objects scanned: 163658 Time elapsed: 4 hour(s), 22 minute(s), 35 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 10 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 9 Files Infected: 108 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\seekmo (Adware.Seekmo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\seekmo (Adware.Seekmo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\seekmo (Adware.Seekmo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Ares Gold (Adware.WhenUSave) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: C:\Program Files\Seekmo (Adware.180Solutions) -> Quarantined and deleted successfully. C:\Program Files\MyWaySA (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWaySA\SrchAsDe (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWaySA\SrchAsDe\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Data (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Downloads (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Downloads\Meta (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Partials (Adware.WhenUSave) -> Quarantined and deleted successfully. Files Infected: C:\Documents and Settings\Zeke\Local Settings\Temp\358.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Zeke\Local Settings\Temporary Internet Files\Content.IE5\4Z9JYMRP\xdmane[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully. C:\Documents and Settings\Zeke\Local Settings\Temporary Internet Files\Content.IE5\6423SELR\u879[1].int (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Zeke\Local Settings\Temporary Internet Files\Content.IE5\67ST2PSV\g335[1].msg (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Zeke\Local Settings\Temporary Internet Files\Content.IE5\67ST2PSV\aasuper2[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Zeke\Local Settings\Temporary Internet Files\Content.IE5\67ST2PSV\aasuper2[2].htm (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Zeke\Local Settings\Temporary Internet Files\Content.IE5\9VRVXDGA\xdmane[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully. C:\Documents and Settings\Zeke\Local Settings\Temporary Internet Files\Content.IE5\C52X8FYZ\lebcppdde[1].htm (Trojan.Crypt) -> Quarantined and deleted successfully. C:\Documents and Settings\Zeke\Local Settings\Temporary Internet Files\Content.IE5\CB05KPOV\ntpqqn[1].htm (Trojan.Hiloti) -> Quarantined and deleted successfully. C:\Documents and Settings\Zeke\Local Settings\Temporary Internet Files\Content.IE5\CB05KPOV\ntpqqn[2].htm (Trojan.Hiloti) -> Quarantined and deleted successfully. C:\Documents and Settings\Zeke\Local Settings\Temporary Internet Files\Content.IE5\CB05KPOV\pqz[1].exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Zeke\Local Settings\Temporary Internet Files\Content.IE5\CB05KPOV\lebcppdde[1].htm (Trojan.Crypt) -> Quarantined and deleted successfully. C:\Documents and Settings\Zeke\Local Settings\Temporary Internet Files\Content.IE5\KLAV0TIJ\MalwareDefender2009[1].exe (Rogue.MalwareDefender) -> Quarantined and deleted successfully. C:\Documents and Settings\Zeke\Local Settings\Temporary Internet Files\Content.IE5\KLAV0TIJ\cmjjtkllmv[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully. C:\Documents and Settings\Zeke\Local Settings\Temporary Internet Files\Content.IE5\KLAV0TIJ\cmjjtkllmv[2].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully. C:\Documents and Settings\Zeke\Local Settings\Temporary Internet Files\Content.IE5\QXCTWT2F\MalwareDefender2009[1].exe (Rogue.MalwareDefender) -> Quarantined and deleted successfully. C:\Documents and Settings\Zeke\Local Settings\Temporary Internet Files\Content.IE5\YBDD5JWR\lebcppdde[1].htm (Trojan.Crypt) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0064888.exe (Trojan.Crypt) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0064889.exe (Trojan.Hiloti) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0064899.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0064901.sys (Rootkit.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0064907.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0064908.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0064916.exe (Trojan.Crypt) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0064917.exe (Trojan.Hiloti) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Data\cache.net (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Data\MyMedia.edb (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Data\searchkeys.dat (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Data\ultracache.net (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Data\webcache.net (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Downloads\(Unverified) 100 Greatest Guitar Solos - 71 - George Clinton & Parliament Funkadelic- Maggot Brain.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Downloads\(Unverified) 50 cent ft mobb deep - outta control (remix).mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Downloads\(Unverified) Beatnuts - Look Around feat Dead Prez.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Downloads\(Unverified) Dead Prez - Hip Hop.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Downloads\02 Pain In My Heart.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Downloads\05 Hard as steel.wma (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Downloads\06 Lonesome Fiddle Blues.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Downloads\11-112-the_way_(feat_jermaine_dupri)-h8me.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Downloads\50 Cent - The Massacre - 02 - In My Hood.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Downloads\Baby ft Lil Wayne - Neck Of The Woods (dirty).mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Downloads\Bow Wow ft.Omarion-Let Me Hold You.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Downloads\Dead Prez - Animal In Man.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Downloads\dead prez - Ghetto Youths.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Downloads\Dead Prez - Its still bigger_than Hip Hop.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Downloads\Dead Prez - Mind Sex.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Downloads\dead prez - propaganda.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Downloads\Dead Prez - Psychology.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Downloads\dead prez - sellin d o p e.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Downloads\Dead Prez - The Game Of Life.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Downloads\Dead Prez I Have A Dream Too.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Downloads\Dead Prez Slick Rick KRS ONE Nas- Money, Power.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Downloads\Dead Prezidents & Talib Kweli - Sharp Shooters.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Downloads\Dead prezz-They Schools.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Downloads\Dolly Parton - I Will Always Love You.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Downloads\G-Unit - 50 Cent ft Mobb Deep - Out Of Control.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Downloads\George Clinton - Atomic Dog.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Downloads\George Clinton - Bow wow wow.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Downloads\Greatful Dead - Wild Horses.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Downloads\Jerry Garcia & David Grisman - Old And In The Way.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Downloads\Jodeci, Raekwon & Ghostface - Freakin' You (Remix).mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Downloads\JoJo Feat. Bow Wow - Baby Its You (Remix).mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Downloads\K Ci Hailey of Jodeci - If You Think Your Lonely Now.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Downloads\KC & The Sunshine Band - That's The Way I Like It.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Downloads\Lionel Ritchie and the Commodores - Easy like Sunday morning.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Downloads\martin (tv show).jpg (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Downloads\MIDNITE - Pagan Pay Gone.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Downloads\Mobb Deep - Quiet Storm.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Downloads\Mobb Deep - Shook Ones Part II.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Downloads\Mobb Deep - Thug Life Is Mine (featuring Nas).mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Downloads\Mobb Deep feat. Nas & Raekwon - Eye For an Eye.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Downloads\Mos Def ft. Pharoahe Monche - Dead Prez & Last Emperor.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Downloads\Nas, Mobb Deep, Jay Z & DMX - Oochie wally wally.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Downloads\old & in the way - Catfish John.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Downloads\old and in the way - Hazel Dickens.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Downloads\Raphael Saadiq (f. D'Angelo) - You Should Be Here.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Downloads\Ray-J - One Wish.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Downloads\Static-X and Dead Prez - (It's Bigger Than) Hip Hop 1.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Downloads\The Ramones - I Wanna Be Sedated.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Downloads\Tony Yayo ft. 50 Cent - So Seductive (dirty).mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Downloads\Tweet ft 50 Cent & Missy Elliot - Turn Da Lights Off (Remix).MP3 (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Downloads\Waylon Jennings & Willie Nelson - Mamas Don't Let Your Babies Grow Up To Be Cowboys.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Downloads\Willie Nelson - You Were Always On My Mind.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Downloads\Wu-Tang - Killarmy - The Cookout.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Downloads\Zach de la Rocha - Mumia 911 (w. Chuck D & Dead Prez).mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Downloads\Meta\(Unverified) 100 Greatest Guitar Solos - 71 - George Clinton & Parliament Funkadelic- Maggot Brain.mp3.xml (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Downloads\Meta\(Unverified) 50 cent ft mobb deep - outta control (remix).mp3.xml (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Downloads\Meta\(Unverified) Beatnuts - Look Around feat Dead Prez.mp3.xml (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Downloads\Meta\(Unverified) Civilization III crack 1.exe.xml (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Downloads\Meta\(Unverified) Civilization III crack.exe.xml (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Downloads\Meta\(Unverified) Dead Prez - Hip Hop.mp3.xml (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Partials\aesop rock - the substance.mp3.info (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Partials\Aesop Rock vs. Slug - Freestyle Battle.mp3.info (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Partials\aesoprock - Rock Water.mp3.info (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Partials\aesoprock - Rock Water.partial.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Partials\Atmosphere feat. I self Divine, Musab & Aesop Rock - Flesh Remix.mp3.info (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Partials\D'Angelo ft. The Roots & Erykah Badu - Shining Star.partial.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Partials\dj krush - 09 - kill switch (feat. aesop rock).mp3.info (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Partials\Highschool Homemade Porn Webcam - Cutie - Hidden camera of college couple sex full.partial.mpg (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Partials\Midnite - Bushman.partial.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Partials\MIDNITE - Rasta Man Stand.partial.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Partials\Old And In The Way - Kissimmee Kid.partial.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Partials\Old and In the Way - Midnight Moonlight3.partial.mp3 (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Documents and Settings\Zeke\Local Settings\Temp\mousehook.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\yedejava.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\warning.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\ahtn.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Zeke\Local Settings\Temp\ntdll64.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\win32hlp.cnf (Trojan.Agent) -> Quarantined and deleted successfully. Thanks again! Sorry if I did anything wrong. I'm still new to fixing this sort of thing.... |
| ||
| Re: Really bad virus Hello, Well it seems there are a few things that need to be done. Malwarebytes did do a lot of deletions.... so that is a good sign. Can you please do the following: Please download ATF cleaner Make sure that all browser windows are closed.
Also, a question, after running Malwarebytes, how is the computer going now? any changes? Thanks, Cohen |
| ||
| Re: Really bad virus The computer is still running kind of slow. The CD-ROM drive still doesn't work, and i'm not sure if i have complete control over the computer. The taskbar keeps hiding itself no matter if I lock it or not. After running malware-bytes and using windows restore to restore it to an earlier point in the month, I managed to get my internet up and working again. My background has also changed back, but as I said before the CD-ROM drive does not work (big problem..) and my taskbar is still a bit loopy. Any other suggestions? |
| ||
| Re: Really bad virus Quote:
|
| ||
| Re: Really bad virus Maybe you could try terminating processes? It's possible that there is unwanted threads injected to your processes. Sometimes if many programs/threads are trying to connect to somewhere at same time, it would distract or disable your network. so check your network ports with currports: http://www.nirsoft.net/utils/cports.html and netstat ( run > cmd > netstat /a ) Then you may check for injectors/applications that are trying to inject every time when Windows starts. run > regedit Navigate to HKCU\Software\Microsoft\Windows\CurrentVersion\Run and HKLM\Software\Microsoft\Windows\CurrentVersion\Run and check for values that should not be there (programs with paths like %appdata% and %temp% or randomly named application) Very basic and simply virus checking routine. |
| ||
| Re: Really bad virus Quote:
I went into the device manager and there is an (!) next to a list of network drivers. I reinstalled the network drivers that I got from the dell website and it didn't seem to change anything. My CD-ROM drive shows up on the device manager as well with no (!), but it wont read any CD's I put in. Could this be the virus also? |
| ||
| Re: Really bad virus I don't think that your virus - if there is one - can be so smart that it keeps removing your drivers. First of all you should get network driver working. Before you tried to reinstall that, did you make sure that there are no remains of the original network driver in the list of installed programs. If yes, uninstall them all and then try to install the new driver. And newest isn't always the best, I noticed that long time ago. If you're using laptop, you can get bit older driver from http://www.laptopbeep.com/ And maybe you can try to install several times (3-5), if last time didn't act. It worked me when I had irritating problems with my graphic driver. good luck |
| ||
| Re: Really bad virus I completely uninstalled the network driver and reinstalled it, but the (!) is still on the icon and the internet is still not working. It says the driver might be corrupt or missing. The strange thing is, the list of network drivers is a bit long. There are 8 different driver names, and they all have (!)'s next to them. (!) Direct Parallel (!) Intel(R) PRO/100 VE Network Connection (this is the only one i could find on the website) (!) Intel(R) PRO/100 VE Network Connection - Packet Scheduler Miniport (!) WAN Miniport (IP) (!) WAN Miniport (IP) - Packet Scheduler Miniport (!) WAN Miniport (L2TP) (!) WAN Miniport (PPPOE) (!) WAN Miniport (PPTP) Any ideas? I also tried to find a driver for my CD-ROM drive but it seems there is none, just firmware that did nothing. |
| All times are GMT -4. The time now is 2:52 pm. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC