Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

slow pc, virtmonde & others found

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

slow pc, virtmonde & others found

Unread postby xander223 » August 21st, 2008, 6:20 am

hi! i have a problem with my pc.. i scanned it with avira antivir and found varieties of virtumonde and vundo not found by vundofix (located at sytem volume info or somewhat like that and at some hjt log backups) ,i quarantined the dangerous malwares.. but i was not satisfied with what it found so i used a-squared free and it found another trojan dropper.. the malwares are somewhat replicating.. any help would be much appreciated.. thanks..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:15:30 PM, on 8/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
E:\Other Softwares\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
E:\Other Softwares\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\SnoopFreeSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\LClock\LClock.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SnoopFreeUI.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
E:\Other Softwares\Advanced WindowsCare V2\MemCleaner.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
E:\Other Softwares\Spybot - Search & Destroy\TeaTimer.exe
E:\Other Softwares\MRU-Blaster\scheduler.exe
E:\Other Softwares\SpywareGuard\sgmain.exe
C:\WINDOWS\system32\msiexec.exe
E:\Other Softwares\SpywareGuard\sgbhp.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avwsc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = %3clocal%3e:80
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - E:\Other Softwares\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\OTHERS~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [SnoopFreeUI] SnoopFreeUI.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SmartRAM] E:\Other Softwares\Advanced WindowsCare V2\MemCleaner.exe /m
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Other Softwares\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: MRU-Blaster Scheduler.lnk = E:\Other Softwares\MRU-Blaster\scheduler.exe
O4 - Startup: SpywareGuard.lnk = E:\Other Softwares\SpywareGuard\sgmain.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\OTHERS~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\OTHERS~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - http://www.crucial.com/controls/cpcScanner.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - E:\Other Softwares\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - E:\Other Softwares\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Unknown owner - E:\Other Softwares\Sunbelt Software\CounterSpy\SBCSSvc.exe (file missing)
O23 - Service: Snoop Free Service (SnoopFreeSvc) - Unknown owner - C:\WINDOWS\System32\SnoopFreeSvc.exe

--
End of file - 7067 bytes


ComboFix 08-08-19.06 - pc 2008-08-21 17:56:11.1 - NTFSx86
Running from: C:\Documents and Settings\pc\My Documents\Softwares\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\lyn\Application Data\macromedia\Flash Player\#SharedObjects\HCWE2MS4\static.youku.com
C:\Documents and Settings\lyn\Application Data\macromedia\Flash Player\#SharedObjects\HCWE2MS4\static.youku.com\v1.0.0298\v\swf\qplayer.swf\qplayer.sol
C:\Documents and Settings\lyn\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com
C:\Documents and Settings\lyn\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com\settings.sol
C:\Documents and Settings\pc\Application Data\macromedia\Flash Player\#SharedObjects\8HT6BGMS\static.youku.com
C:\Documents and Settings\pc\Application Data\macromedia\Flash Player\#SharedObjects\8HT6BGMS\static.youku.com\v1.0.0301\v\swf\qplayer.swf\qplayer.sol
C:\Documents and Settings\pc\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com
C:\Documents and Settings\pc\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com\settings.sol
C:\Documents and Settings\pc\Local Settings\Temporary Internet Files\CSC2.5U-EN-865-F.sbr.sgn
C:\Documents and Settings\rhaisa\Application Data\macromedia\Flash Player\#SharedObjects\W7WMAHW9\static.youku.com
C:\Documents and Settings\rhaisa\Application Data\macromedia\Flash Player\#SharedObjects\W7WMAHW9\static.youku.com\v1.0.0230\v\swf\qplayer.swf\youku.sol
C:\Documents and Settings\rhaisa\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com
C:\Documents and Settings\rhaisa\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com\settings.sol
C:\WINDOWS\system32\actskn43.ocx
C:\WINDOWS\system32\DLmmmnnn.ini

.
((((((((((((((((((((((((( Files Created from 2008-07-21 to 2008-08-21 )))))))))))))))))))))))))))))))
.

2008-08-20 19:09 . 2008-08-20 19:10 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-08-20 13:32 . 2008-08-20 13:32 5,392,480 --a------ C:\WINDOWS\system32\SBSP.dat
2008-08-20 13:31 . 2008-08-20 13:32 153 --a------ C:\WINDOWS\system32\SBFC.dat
2008-08-20 13:28 . 2008-08-20 13:28 15,544 --a------ C:\WINDOWS\system32\drivers\sbhr.sys
2008-08-20 13:25 . 2008-08-20 13:25 <DIR> d-------- C:\Documents and Settings\pc\Application Data\Sunbelt Software
2008-08-20 13:21 . 2008-08-20 13:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2008-08-20 11:36 . 2008-08-20 11:36 <DIR> d-------- C:\Program Files\Avira
2008-08-20 11:36 . 2008-08-20 11:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-08-16 11:51 . 2008-08-16 11:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2008-08-16 11:43 . 2008-08-16 11:43 <DIR> d-------- C:\Program Files\Autodesk
2008-08-15 16:49 . 2008-05-01 22:30 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-15 16:43 . 2008-04-12 02:50 683,520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-10 15:23 . 2008-08-10 15:23 <DIR> d-------- C:\Documents and Settings\rhaisa\Application Data\IObit
2008-08-09 22:53 . 2008-08-09 22:53 <DIR> d-------- C:\Documents and Settings\lyn\Application Data\IObit
2008-08-09 17:24 . 2008-08-09 17:24 <DIR> d-------- C:\Documents and Settings\pc\Application Data\IObit
2008-07-21 20:11 . 2008-07-21 20:11 24,392 --a------ C:\WINDOWS\system32\drivers\ElbyCDIO.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-21 02:26 --------- d-----w C:\Program Files\Vista Sidebar
2008-08-21 02:26 --------- d-----w C:\Program Files\Blaero Start Orb
2008-08-20 11:09 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-19 10:32 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-18 03:10 --------- d-----w C:\Documents and Settings\pc\Application Data\LimeWire
2008-08-08 11:05 --------- d-----w C:\Documents and Settings\lyn\Application Data\WinPatrol
2008-08-03 09:41 --------- d-----w C:\Program Files\Common Files\DVDVideoSoft
2008-07-29 02:39 --------- d-----w C:\Documents and Settings\lyn\Application Data\LimeWire
2008-07-28 04:25 3,437,568 ----a-w C:\WINDOWS\system32\logonuiX.exe
2008-07-17 00:12 28,672 ----a-w C:\WINDOWS\system32\drivers\VClone.sys
2008-07-14 16:52 80,840 ----a-w C:\WINDOWS\system32\ElbyVCD.dll
2008-07-11 06:34 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-07-09 12:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-09 04:26 --------- d-----w C:\Program Files\Java
2008-07-09 04:08 --------- d-----w C:\Program Files\Sun
2008-07-09 02:12 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-26 11:06 93,128 ----a-w C:\WINDOWS\system32\ElbyCDIO.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-22 08:34 --------- d-----w C:\Program Files\Debugging Tools for Windows (x86)
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-04 02:03 1,392,304 ----a-w C:\WINDOWS\system32\AutoPartNt.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:07 15360]
"SpybotSD TeaTimer"="E:\Other Softwares\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LClock"="C:\Program Files\LClock\LClock.exe" [2004-09-20 01:27 65536]
"LogonStudio"="C:\Program Files\LogonStudio\logonstudio.exe" [2002-09-03 18:38 987187]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2008-01-27 13:38 316728]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"SmartRAM"="E:\Other Softwares\Advanced WindowsCare V2\MemCleaner.exe" [2007-10-29 16:43 662016]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]
"VTTimer"="VTTimer.exe" [2006-09-21 08:36 53248 C:\WINDOWS\system32\VTTimer.exe]
"SnoopFreeUI"="SnoopFreeUI.exe" [2007-09-23 00:14 221184 C:\WINDOWS\SnoopFreeUI.exe]

C:\Documents and Settings\pc\Start Menu\Programs\Startup\
MRU-Blaster Scheduler.lnk - E:\Other Softwares\MRU-Blaster\scheduler.exe [2003-07-19 16:48:42 118784]
SpywareGuard.lnk - E:\Other Softwares\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)
"NoLogoff"= 0 (0x0)
"MaxRecentDocs"= 0
"NoInstrumentation"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= E:\OTHERS~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AAWTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Performance Center
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
-ra------ 2006-09-15 06:04 540672 C:\Program Files\VIAudioi\SBADeck\ADeck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Styler]
--a------ 2006-05-03 10:48 307200 C:\Program Files\Styler\Styler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTooltip]
--a------ 2006-10-06 09:21 942080 C:\Program Files\VisualTooltip\VisualToolTip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aawservice"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"E:\\Other Softwares\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"E:\\Other Softwares\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"E:\\Other Softwares\\Azureus\\Azureus.exe"=
"E:\\Games\\Counter-Strike\\cstrike.exe"=
"E:\\Other Softwares\\SopCast\\SopCast.exe"=
"E:\\Other Softwares\\SopCast\\adv\\SopAdver.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=

R0 DeepFrz;DeepFrz;C:\WINDOWS\system32\drivers\DeepFrz.sys [2007-10-25 20:52]
R0 SBHR;SBHR;C:\WINDOWS\system32\drivers\sbhr.sys [2008-08-20 13:28]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-09-15 06:04]
S0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-09-15 06:04]
S3 Bcfilter;Jetico Personal Firewall Network Monitor;C:\WINDOWS\system32\DRIVERS\bcfilter.sys []
S3 BcfilterMP;BcfilterMP;C:\WINDOWS\system32\DRIVERS\bcfilter.sys []
S3 SBAPIFS;SBAPIFS;C:\WINDOWS\system32\drivers\sbapifs.sys []
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
MSConfigStartUp-Blaero Start Orb - C:\Program Files\Blaero Start Orb\Blaero Start Orb.exe
MSConfigStartUp-SBCSTray - E:\Other Softwares\Sunbelt Software\CounterSpy\SBCSTray.exe
MSConfigStartUp-Vista Sidebar - C:\Program Files\Vista Sidebar\sidebar.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\pc\Application Data\Mozilla\Firefox\Profiles\04c6jbp5.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.com/
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-21 18:02:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

C:\WINDOWS\explorer.exe [1960] 0xFF0484D0

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\SnoopFreeDll.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
E:\Other Softwares\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
E:\Other Softwares\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\SnoopFreeSvc.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\msiexec.exe
E:\Other Softwares\SpywareGuard\sgbhp.exe
.
**************************************************************************
.
Completion time: 2008-08-21 18:12:15 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-21 10:12:05

Pre-Run: 11,937,738,752 bytes free
Post-Run: 11,839,053,824 bytes free

180 --- E O F --- 2008-08-20 11:10:26
xander223
Active Member
 
Posts: 5
Joined: April 20th, 2008, 12:01 am
Advertisement
Register to Remove

Re: slow pc, virtmonde & others found

Unread postby askey127 » August 28th, 2008, 10:06 am

Hi xander223,
Sorry for the delay in answering your request.
We have had more logs than we could handle in a timely manner.
If you still need help and are not receiving it elsewhere, please proceed as follows:

Please Note Our Policy on the Use of P2P (Person to Person / Peer to Peer) file sharing programs
It is posted here: http://malwareremoval.com/forum/viewtopic.php?f=11&t=33112
You have the following P-2-P program(s) installed: Azureus and Limewire .
This is how you uninstall it/them:
  • Click Start
  • Go to Control Panel
  • Go to Add/Remove Programs
  • Find and click Remove for the following (if present):
    Azureus
    Limewire
NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.
-----------------------------------------------------------
Disable SpywareGuard
- Right Click the running icon of Spywareguard to open the program.
- Then go to Menu, File, Exit.
- Confirm the program is closed.
-----------------------------------------------------------
Disable WinPatrol
- Right Click the 'Scotty Dog' icon in the system tray
- Click Options
- At the bottom of the options page, Uncheck Automatically Run WinPatrol When Computer Starts
-Click the X to end program.
- Right Click the 'Scotty Dog' icon in the system tray again
- Click Exit Program
WinPatrol is now disabled and will not start at bootup.
-------------------------------------------------------------------
Disable Spybot's TeaTimer. This is a two step process.
First step:
  • Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
  • If you have the older version 1.4, Click on Exit Spybot S&D Resident
  • If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
Second step, For Either Version :
  • Open Spybot S&D
  • Click Mode, choose Advanced Mode
  • Go To the bottom of the Vertical Panel on the Left, Click Tools
  • then, also in left panel, click Resident (shows a red/white shield).
  • If your firewall raises a question, say OK
  • In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
  • OK any prompts.
  • Use File, Exit to terminate Spybot
  • Reboot your machine for the changes to take effect.
-----------------------------------------------------------
Retrieve the List of Installed programs Using HJT
Open HijackThis, click Open The Misc Tools Section. Then scroll down the list if you need to, click Open Uninstall Manager and Save List...
The List of installed programs will automatically be saved as uninstall_list.txt in your HiJackThis folder. In addition, the list opens in Notepad so you can also save as another name in another location if you wish. Please paste the contents into your next reply.
Click the "X" in the upper right corner of the HiJackThis window to close it.
-----------------------------------------------------------
Post a New HiJackThis Log
Start HijackThis
Click Do System Scan and Save a Log File.
When the Scan is complete, select the whole log (Ctrl-A), copy and paste the log contents in a reply, along with the Uninstall list from HiJackThis
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13904
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: slow pc, virtmonde & others found

Unread postby NonSuch » September 3rd, 2008, 4:39 am

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27302
Joined: February 23rd, 2005, 7:08 am
Location: California


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 21 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware