Jump to content




Photo

Malware Thread


  • Please log in to reply
176 replies to this topic

#61 Real Deal

Real Deal

    Legend

  • 14,860 posts
  • Joined: Jun 29, 2008
  • Location:Kansas
  • Name:Brandon
  • Fav. Laker:Kobe

Posted June 12, 2011 - 02:15 PM

Click to download HijackThis: http://www.trendmicr.../HijackThis.exe

Once you get it, install the program, run it, and post the results here.

#62 Windu

Windu

    Shatterpoint

  • 43,004 posts
  • Joined: Apr 24, 2009
  • Name:Will
  • Fan Since:1999
  • Fav. Laker:Kobe

Posted June 12, 2011 - 03:26 PM

Was it one of those windows 7 restore/windows recovery viruses?


yep

Pau Gasol is GONE


#63 Windu

Windu

    Shatterpoint

  • 43,004 posts
  • Joined: Apr 24, 2009
  • Name:Will
  • Fan Since:1999
  • Fav. Laker:Kobe

Posted June 12, 2011 - 03:33 PM

Click to download HijackThis: http://www.trendmicr.../HijackThis.exe

Once you get it, install the program, run it, and post the results here.



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:16:24 PM, on 6/12/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\ramerah\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - (no file)
R3 - URLSearchHook: (no name) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - (no file)
R3 - URLSearchHook: (no name) - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - (no file)
R3 - URLSearchHook: (no name) - {ef90bfd2-e4f2-438a-91fe-c452d6e8264e} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [xVWrsqSWuxYVn] C:\ProgramData\xVWrsqSWuxYVn.exe
O4 - HKCU\..\Run: [usoRDPRVVkvyke] C:\ProgramData\usoRDPRVVkvyke.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebo...oUploader55.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace....ceUploader2.cab
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicr...osoft/wrc32.ocx
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\SPLASH.SYS\config\DVMExportService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13785 bytes


Pau Gasol is GONE


#64 Windu

Windu

    Shatterpoint

  • 43,004 posts
  • Joined: Apr 24, 2009
  • Name:Will
  • Fan Since:1999
  • Fav. Laker:Kobe

Posted June 13, 2011 - 04:12 PM

anyone here have Comcast?

Pau Gasol is GONE


#65 Windu

Windu

    Shatterpoint

  • 43,004 posts
  • Joined: Apr 24, 2009
  • Name:Will
  • Fan Since:1999
  • Fav. Laker:Kobe

Posted June 13, 2011 - 05:13 PM

I'm installing Comast's Constant Guard Protection Suite which comes with Norton. It sounds good; remains to be seen how well it works. Gonna put Avira and Malwarebytes on my flash drive.

Pau Gasol is GONE


#66 Draztik

Draztik

    Illmatic

  • 8,165 posts
  • Joined: Jul 08, 2009
  • Fan Since:1986 - Birth!
  • Fav. Laker:Kobe, Gasol, Artest

Posted June 13, 2011 - 05:37 PM

anyone here have Comcast?


I do love it


21lsbya.jpg
Peep my music at my youtube page here: MUSIC!


#67 Windu

Windu

    Shatterpoint

  • 43,004 posts
  • Joined: Apr 24, 2009
  • Name:Will
  • Fan Since:1999
  • Fav. Laker:Kobe

Posted June 13, 2011 - 05:43 PM

I do love it


do you have the triple play package?

what do you think about constant guard?

Pau Gasol is GONE


#68 Draztik

Draztik

    Illmatic

  • 8,165 posts
  • Joined: Jul 08, 2009
  • Fan Since:1986 - Birth!
  • Fav. Laker:Kobe, Gasol, Artest

Posted June 13, 2011 - 05:49 PM

do you have the triple play package?

what do you think about constant guard?


Nah i use my cell phone as my main phone, but I don't use the included security programs with their internet, just Microsoft Security Essentials.


21lsbya.jpg
Peep my music at my youtube page here: MUSIC!


#69 Notorious Arab

Notorious Arab

    Starter

  • 4,853 posts
  • Joined: Feb 06, 2009
  • Location:OC
  • Fan Since:When I came to the USA
  • Fav. Laker:Kobe Bryant

Posted June 13, 2011 - 06:03 PM

do you have the triple play package?

what do you think about constant guard?

I dont recommend using the package they give u. They usually suck.

Posted Image


#70 Windu

Windu

    Shatterpoint

  • 43,004 posts
  • Joined: Apr 24, 2009
  • Name:Will
  • Fan Since:1999
  • Fav. Laker:Kobe

Posted June 13, 2011 - 06:14 PM

I dont recommend using the package they give u. They usually suck.


it has good reviews across the internet. *shrugs*

I was going to put avira and malwarebytes on my flash drive just in case I don't like Norton. However, what do you think about me keeping either avira/malwarebytes and adding it along with Norton?

Pau Gasol is GONE


#71 Windu

Windu

    Shatterpoint

  • 43,004 posts
  • Joined: Apr 24, 2009
  • Name:Will
  • Fan Since:1999
  • Fav. Laker:Kobe

Posted June 13, 2011 - 06:25 PM

just did a quick scan with norton...took like a minute

looks good

Pau Gasol is GONE


#72 Draztik

Draztik

    Illmatic

  • 8,165 posts
  • Joined: Jul 08, 2009
  • Fan Since:1986 - Birth!
  • Fav. Laker:Kobe, Gasol, Artest

Posted June 13, 2011 - 07:11 PM

it has good reviews across the internet. *shrugs*

I was going to put avira and malwarebytes on my flash drive just in case I don't like Norton. However, what do you think about me keeping either avira/malwarebytes and adding it along with Norton?


If you are going to use norton just use it. You'll end up using up too much system resources with everything on there


21lsbya.jpg
Peep my music at my youtube page here: MUSIC!


#73 Windu

Windu

    Shatterpoint

  • 43,004 posts
  • Joined: Apr 24, 2009
  • Name:Will
  • Fan Since:1999
  • Fav. Laker:Kobe

Posted June 13, 2011 - 07:25 PM

If you are going to use norton just use it. You'll end up using up too much system resources with everything on there


yeh, but I share the computer with my girl and she wants either malwarebytes or avira alongside norton

Pau Gasol is GONE


#74 Windu

Windu

    Shatterpoint

  • 43,004 posts
  • Joined: Apr 24, 2009
  • Name:Will
  • Fan Since:1999
  • Fav. Laker:Kobe

Posted June 13, 2011 - 08:17 PM

ok

uninstalled avira and put it on my flash drive. gonna use norton and malwarebytes

Pau Gasol is GONE


#75 Real Deal

Real Deal

    Legend

  • 14,860 posts
  • Joined: Jun 29, 2008
  • Location:Kansas
  • Name:Brandon
  • Fav. Laker:Kobe

Posted June 13, 2011 - 09:07 PM

Will...

O4 - HKCU\..\Run: [xVWrsqSWuxYVn] C:\ProgramData\xVWrsqSWuxYVn.exe
O4 - HKCU\..\Run: [usoRDPRVVkvyke] C:\ProgramData\usoRDPRVVkvyke.exe

First, go to msconfig and edit the start-up items. If you don't know how to do this...

http://www.optimizingpc.com/windows7/windows_7_msconfig.html

Figured it would be easier to read if I didn't type up my own explanation.

At start-up, disable those two I put in quotes above, and anything else you see suspicious.

Then, go to C:\ProgramData and find those two files, and delete them. If you can't delete them, CTRL+ALT+DEL and first remove them from running processes.

If that doesn't work, you can always use the msconfig to start your computer up in safe mode...and from there, you can delete files.

After that's completed, you COULD go ahead and start your computer up in safe mode (no networking), then do a scan with Malwarebytes. Be sure it's all updated first, though, before starting your comp in safe mode (using msconfig, go to the Boot tab and select the Safe Boot, Minimal options...just be sure to change it back later).

The scan should pick up everything after that, especially when your computer is in safe mode.

#76 Notorious Arab

Notorious Arab

    Starter

  • 4,853 posts
  • Joined: Feb 06, 2009
  • Location:OC
  • Fan Since:When I came to the USA
  • Fav. Laker:Kobe Bryant

Posted June 13, 2011 - 09:13 PM

I think RD just got rid of all the malware. HiJackThis is perfect for this and ur system looks clean.

Posted Image


#77 Windu

Windu

    Shatterpoint

  • 43,004 posts
  • Joined: Apr 24, 2009
  • Name:Will
  • Fan Since:1999
  • Fav. Laker:Kobe

Posted June 14, 2011 - 04:57 AM

Alright, I'm going to give it a try later. Stay tuned...

Pau Gasol is GONE


#78 Instigator

Instigator

    Hall Of Fame

  • 9,003 posts
  • Joined: Feb 08, 2010
  • Location:Lincoln, Nebraska
  • Fav. Laker:Kobe Bryant

Posted June 14, 2011 - 05:00 AM

Thats how I delete those viruses, always check ProgramData folder and find any of those random number and letter .exe files and delete them right away.

#79 Windu

Windu

    Shatterpoint

  • 43,004 posts
  • Joined: Apr 24, 2009
  • Name:Will
  • Fan Since:1999
  • Fav. Laker:Kobe

Posted June 14, 2011 - 07:07 AM

I unchecked the boxes next to O4 - HKCU\..\Run: [xVWrsqSWuxYVn] C:\ProgramData\xVWrsqSWuxYVn.exe
O4 - HKCU\..\Run: [usoRDPRVVkvyke] C:\ProgramData\usoRDPRVVkvyke.exe

but I don't see them when I go to c:/programdata. :eh:

And I keep getting this pop up on my desktop: "Quicktime failed to initialize. Error #0. Please make sure Quicktime is properly installed on this computer."

Pau Gasol is GONE


#80 Windu

Windu

    Shatterpoint

  • 43,004 posts
  • Joined: Apr 24, 2009
  • Name:Will
  • Fan Since:1999
  • Fav. Laker:Kobe

Posted June 14, 2011 - 08:08 AM

Ok, so it looks like xVWrsqSWuxYVn.exe and usoRDPRVVkvyke.exe are disabled as of 9:38 am CST.

kPrmtXlWDpgPMUD.exe was disabled on 6/10/11; Um, I don't think I did that. :mellow:

Pau Gasol is GONE





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users