Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

unresolved malware problem

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

unresolved malware problem

Unread postby ADIMEN » August 27th, 2008, 7:13 pm

hi i had another post but it was closed due to inactivity (viewtopic.php?f=11&t=33827) cuz i lost my internet for a few days and i still have some issues. please look at my old post and help me finish cleaning my laptop(disregard the overheating issue) i have run malwarebytes and nothing comes up but kapersky shows over a hundred infected files!! all logs posted below also i see all my media files ave been infected and i would realy like to save them if possible(i didnt post the whole kapersky scan because of privacy issues but these are the first and last entries and i only left out more media files that have the same trojan downloader){its alot of porn i know} THANK YOU in advance for looking at my logs

KAPERSKY


Wednesday, August 27, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, August 27, 2008 20:39:08
Records in database: 1151980
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases no
Scan area My Computer
C:\
D:\
E:\
Scan statistics
Files scanned 73340
Threat name 5
Infected objects 178
Suspicious objects 0
Duration of the scan 01:14:49

File name Threat name Threats count
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma Infected: Trojan-Downloader.WMA.GetCodec.d 1
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\New Stories (Highway Blues).wma Infected: Trojan-Downloader.WMA.GetCodec.d 1
C:\Documents and Settings\Gorge\Local Settings\Temp\Rar$EX03.295\keygen.exe Infected: Trojan-Downloader.Win32.Injecter.aju 1
C:\Documents and Settings\Gorge\Local Settings\Temp\Setup.exe Infected: Trojan-Downloader.Win32.Agent.adle 1
C:\Documents and Settings\Gorge\Local Settings\Temp\Warcraft 3-Reign of Chaos Original Key BattleNet .rar Infected: Trojan-Downloader.Win32.Injecter.aju 1
C:\Documents and Settings\Gorge\Local Settings\Temp\Warcraft 3-Reign of Chaos Original Key BattleNet .rar Infected: Trojan-Downloader.Win32.FraudLoad.vbbm 1
C:\Documents and Settings\Gorge\Local Settings\Temp\Warcraft 3_ The Frozen Throne 1.0.7 and up.rar Infected: Trojan-Downloader.Win32.Injecter.aju 1
C:\Documents and Settings\Gorge\Local Settings\Temp\Warcraft 3_ The Frozen Throne 1.0.7 and up.rar Infected: Trojan-Downloader.Win32.FraudLoad.vbbm 1
C:\Documents and Settings\Gorge\Local Settings\Temp\win1F0.exe Infected: Trojan-Downloader.Win32.FraudLoad.cup 1
C:\Documents and Settings\Gorge\My Documents\Downloads\nod32_32bit_cracked.exe Infected: Trojan-Downloader.Win32.Agent.adle 1
C:\Documents and Settings\Gorge\My Documents\LimeWire\Incomplete\TIM4TFAKFMO44436EKAH4QUURMN3LPGE\Preview-sarahvandella-wmvFullHigh-1.wmv Infected: Trojan-Downloader.WMA.GetCodec.d 1
C:\Documents and Settings\Gorge\My Documents\LimeWire\Incomplete\TIM4TFAKFMO44436EKAH4QUURMN3LPGE\sarahvandella-wmvFullHigh-1.wmv Infected: Trojan-Downloader.WMA.GetCodec.d 1
C:\Documents and Settings\Gorge\My Documents\My Videos\Whale_Tail_1_Scene_1_b.wmv Infected: Trojan-Downloader.WMA.GetCodec.d 1
C:\Documents and Settings\Gorge\My Documents\My Videos\Whale_Tail_1_Scene_4_b.wmv Infected: Trojan-Downloader.WMA.GetCodec.d 1
C:\Documents and Settings\Gorge\My Documents\My Videos\White_Dicks_in_Black_Chicks_1_Scene_6_b.wmv Infected: Trojan-Downloader.WMA.GetCodec.d 1
C:\Documents and Settings\Gorge\My Documents\My Videos\Whore_Of_The_Rings_1_Scene_1_b.wmv Infected: Trojan-Downloader.WMA.GetCodec.d 1
C:\Documents and Settings\Gorge\My Documents\My Videos\Young_Bitches_Scene_2.wmv Infected: Trojan-Downloader.WMA.GetCodec.d 1
C:\Documents and Settings\Gorge\My Documents\My Videos\Young_Bitches_Scene_3.wmv Infected: Trojan-Downloader.WMA.GetCodec.d 1
C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Video\copycd.wmv Infected: Trojan-Downloader.WMA.GetCodec.d 1
C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Video\mdlib.wmv Infected: Trojan-Downloader.WMA.GetCodec.d 1
C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Video\nuskin.wmv Infected: Trojan-Downloader.WMA.GetCodec.d 1
C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Video\rtuner.wmv Infected: Trojan-Downloader.WMA.GetCodec.d 1
C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Video\viz.wmv Infected: Trojan-Downloader.WMA.GetCodec.d 1
C:\WINDOWS\system32\dllcache\copycd.wmv Infected: Trojan-Downloader.WMA.GetCodec.d 1
C:\WINDOWS\system32\dllcache\mdlib.wmv Infected: Trojan-Downloader.WMA.GetCodec.d 1
C:\WINDOWS\system32\dllcache\nuskin.wmv Infected: Trojan-Downloader.WMA.GetCodec.d 1
C:\WINDOWS\system32\dllcache\rtuner.wmv Infected: Trojan-Downloader.WMA.GetCodec.d 1
C:\WINDOWS\system32\dllcache\viz.wmv Infected: Trojan-Downloader.WMA.GetCodec.d 1
C:\WINDOWS\system32\oobe\images\title.wma Infected: Trojan-Downloader.WMA.GetCodec.d 1
The selected area was scanned.

HIJACK THIS



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:05:53 PM, on 8/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Documents and Settings\Gorge\Desktop\procexp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Gorge\Desktop\virus stuff\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8056544164
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL ... 586-jc.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: nvopmv.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

--
End of file - 7944 bytes

P.S can i delete the R1 stuff as i dont even like yahoo?
ADIMEN
Regular Member
 
Posts: 18
Joined: April 12th, 2007, 11:15 pm
Advertisement
Register to Remove

Re: unresolved malware problem

Unread postby LDTate » September 3rd, 2008, 9:54 pm

Any time the helper detects that you may have illegal software on your machine, that helper may stop assisting you immediately until you can demonstrate that you have rectified the situation. We will not support fixing machines with pirated or otherwise illegal software.C:\Documents and Settings\Gorge\My Documents\Downloads\nod32_32bit_cracked.exe Infected: Trojan-Downloader.Win32.Agent.adle 1
C:\Documents and Settings\Gorge\Local Settings\Temp\Rar$EX03.295\keygen.exe Infected: Trojan-Downloader.Win32.Injecter.aju 1

You're wasting our helpers time and we don't beleive you'll stop doing what you're doing after you have a clean pc.

You need to uninstall illegal software and Porn you have on your pc.
Then come back with a legit clean computer and we'll see what we can do.
User avatar
LDTate
WTT Teacher
WTT Teacher
 
Posts: 3920
Joined: February 18th, 2005, 8:38 pm
Location: Missouri, USA


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 69 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware