Member Avatar for fiyasuppliya
fiyasuppliya 0 Newbie Poster
Re: I need help can,t rid of this virus

Malwarebytes' Anti-Malware 1.28
Database version: 1190
Windows 5.1.2600 Service Pack 2

2008-09-22 08:38:34
mbam-log-2008-09-22 (08-38-34).txt

Scan type: Full Scan (D:\|E:\|)
Objects scanned: 158442
Time elapsed: 1 hour(s), 4 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:40, on 2008-09-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
D:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
D:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Microsoft ActiveSync\wcescomm.exe
D:\Program Files\MOTU\Audio\MFWAKeys.exe
D:\PROGRA~1\MICROS~2\rapimgr.exe
D:\PROGRA~1\AVG\AVG8\avgrsx.exe
D:\PROGRA~1\AVG\AVG8\avgemc.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Trend Micro\HijackThis\hjtscan.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

Information Security windows-virus
Member Avatar for fiyasuppliya
fiyasuppliya 0 Newbie Poster
Re: I need help can,t rid of this virus

ComboFix 08-09-20.05 - fiya 2008-09-21 19:20:50.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.271 [GMT -4:00]
Running from: D:\Documents and Settings\fiya\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\WINDOWS\system32\cbJSBcdd.ini
D:\WINDOWS\system32\ijlmlnmp.ini
D:\WINDOWS\system32\otwsgvii.ini
D:\WINDOWS\system32\qjuippmi.ini
D:\WINDOWS\system32\qliixnhy.ini
D:\WINDOWS\system32\qyselwad.ini
D:\WINDOWS\system32\rgemagfl.ini
D:\WINDOWS\system32\vwHhQXbc.ini
.
---- Previous Run -------
.
D:\WINDOWS\system32\msvcsv60.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SYSREST.SYS
-------\Service_sysrest.sys


((((((((((((((((((((((((( Files Created from 2008-08-21 to 2008-09-21 )))))))))))))))))))))))))))))))
.

2008-09-20 15:01 . 2008-09-20 15:01 <DIR> d-------- D:\Program Files\CCleaner
2008-09-20 15:01 . 2008-09-20 15:01 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-09-20 11:19 . 2008-09-21 12:02 <DIR> d--h----- D:\$AVG8.VAULT$
2008-09-20 08:29 . 2008-09-20 08:29 <DIR> d-------- D:\Program Files\Trend Micro
2008-09-19 23:26 . 2008-09-20 10:56 <DIR> d-------- D:\WINDOWS\system32\drivers\Avg
2008-09-19 23:26 . 2008-09-19 23:28 <DIR> d-------- D:\Documents and Settings\fiya\Application Data\AVGTOOLBAR
2008-09-19 23:26 . 2008-09-19 23:26 97,928 --a------ D:\WINDOWS\system32\drivers\avgldx86.sys
2008-09-19 23:26 . 2008-09-19 23:26 76,040 --a------ D:\WINDOWS\system32\drivers\avgtdix.sys
2008-09-19 23:26 . 2008-09-19 23:26 10,520 --a------ D:\WINDOWS\system32\avgrsstx.dll
2008-09-19 14:16 . 2008-09-19 14:18 <DIR> d-------- D:\Documents and Settings\fiya\Application Data\vlc
2008-09-19 14:14 . 2008-09-19 14:14 <DIR> d-------- D:\Program Files\VideoLAN
2008-09-19 13:40 . 2008-09-19 13:40 <DIR> d-------- D:\Documents and Settings\fiya\Application Data\Malwarebytes
2008-09-19 13:37 . 2008-09-19 13:37 2,189,864 --a------ D:\mbam-setup.exe
2008-09-19 13:32 . 2008-09-19 13:32 <DIR> d-------- D:\Program Files\Malwarebytes' Anti-Malware
2008-09-19 13:32 . 2008-09-19 13:32 <DIR> d-------- D:\Documents …

Information Security windows-virus
Member Avatar for fiyasuppliya
fiyasuppliya 0 Newbie Poster
Re: I need help can,t rid of this virus

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:01:07 PM, on 9/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
D:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Microsoft ActiveSync\wcescomm.exe
D:\Program Files\MOTU\Audio\MFWAKeys.exe
D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
D:\PROGRA~1\MICROS~2\rapimgr.exe
D:\PROGRA~1\AVG\AVG8\avgrsx.exe
D:\PROGRA~1\AVG\AVG8\avgemc.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Trend Micro\HijackThis\hjtscan.exe.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [H2O] D:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PhilipsDM] D:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe OS_STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKLM\..\Policies\Explorer\Run: [xmFkTNnrfH] D:\Documents and Settings\All Users\Application Data\mxgzsdyr\wzqpwryz.exe
O4 - HKUS\S-1-5-18\..\Run: [Antivirus] D:\Program Files\VAV\vav.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Antivirus] D:\Program Files\VAV\vav.exe (User 'Default user')
O4 - Global Startup: MOTU Pedal Handler.lnk = D:\Program Files\MOTU\Audio\MFWAKeys.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no …

Information Security windows-virus
Member Avatar for fiyasuppliya
fiyasuppliya 0 Newbie Poster
Re: I need help can,t rid of this virus

Malwarebytes' Anti-Malware 1.28
Database version: 1184
Windows 5.1.2600 Service Pack 2

9/21/2008 8:42:34 AM
mbam-log-2008-09-21 (08-42-34).txt

Scan type: Full Scan (D:\|E:\|)
Objects scanned: 164745
Time elapsed: 49 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Information Security windows-virus
Member Avatar for fiyasuppliya
fiyasuppliya 0 Newbie Poster
Re: I need help can,t rid of this virus

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:58:44 PM, on 9/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Safe mode with network support

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\BitTorrent\bittorrent.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [H2O] D:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PhilipsDM] D:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe OS_STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKLM\..\Policies\Explorer\Run: [xmFkTNnrfH] D:\Documents and Settings\All Users\Application Data\mxgzsdyr\wzqpwryz.exe
O4 - HKUS\S-1-5-18\..\Run: [Antivirus] D:\Program Files\VAV\vav.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Antivirus] D:\Program Files\VAV\vav.exe (User 'Default user')
O4 - Global Startup: MOTU Pedal Handler.lnk = D:\Program Files\MOTU\Audio\MFWAKeys.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra …

Information Security windows-virus
Member Avatar for fiyasuppliya
fiyasuppliya 0 Newbie Poster
Re: go.google.com

how did u solve it

Information Security windows-virus
Member Avatar for fiyasuppliya
fiyasuppliya 0 Newbie Poster
I need help can,t rid of this virus

The virus infects my computer by not letting me go to antivirus websites, not letting me update my antivirus programs, avg, malwarebytes, etc. And every 30 minutes or so i get a internet explorer opens automatically to adultfriend finder. I might get a blue screen if im doing to much when i restart my desktop is changed in the center it says restore active deskstop. Now i can just change my desktop back to normal but i know it will happen again. I dont know whats infecting my computer but its driving me crazy. I dont want to reinstall that takes about a day. THAT MY LAST RESORT can someone help me? i used hijack this and here 's my log file. also tried safe mode with networking and it still blocks the antivirus sites

D:\WINDOWS\system32\notepad.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [H2O] D:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PhilipsDM] D:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe OS_STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKLM\..\Policies\Explorer\Run: [xmFkTNnrfH] D:\Documents and …

Information Security windows-virus