|
Registered User
Join Date: Jun 2009
Posts: 1
OS: WinXP ServicePack2
|
PC & Flashdrive: Virus Help Needed
Hi, I'm a first time poster, but I've looked at this forum before for tips on PC safety before. I recently lent my laptop to my father who managed to get it ridiculously infected with viruses.
My laptop now runs very slowly, and has a lot of Internet Explorer problems, which mainly lead to the browser shutting down by itself after displaying some strange C++ Visual Runtime Environment blabla kind of message twice. Othertimes, a page doesn't load due to some strange error, but it loads fine once I click the back button.
I downloaded Malwarebytes Anti-Malware program and ran it. Upon finding the first infection, an error code appears asking me to report it to the Malwarebytes' Anti-Malware support team: 731 (0, 6). I click OK, then after it finishes scanning: 51 infections detected. At this point, I plugged in my flashdrive and copied all the important files into it. I clicked Remove. It asked to restart the computer, so I did.
Upon restarting, the computer was still very slow. I ran Malwarebytes again, and the same error popped up. 5 infections found. The results call it "Spyware.OnlineGames". Categories include: File, Memory Module, Registry Key, Registry Value, and <blank> in Windows\system32 and HKEY_CLASSES_ROOT\CLSID and HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion...
I opened Run>msconfig, and under Startup, I unchecked huwesa, uret463, INTLCFG, and CINTLCFG. It asked to restart so I did. Upon restarting, I checked it again, and uret463 and huwesa had duplicated themselves and were checked.
I opened taskmanager, and noticed AhnRpta.exe to be running, which I googled and found to be a virus. That's the only one I googled to look up, so don't know anything about the other running processes.
My antivirus is PC-Cillin 2002, and is extremely extremely out of date.
That's all the Info I have, really. And now, I'm wondering if I managed to get the virus on my USB drive as well having plugged it into my infected computer to backup my files.
I appreciate any help I can get.
-----------------------------------------------------
DDS log:
DDS (Ver_09-05-14.01) - FAT32x86
Run by user at 17:21:29.19 on 2009/06/17 星期三
Internet Explorer: 6.0.2900.2180
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.asus.com.tw/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.asus.com.tw
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [AuditMode] c:\sysprep\factory.exe -logon
mRun: [Hcontrol] c:\windows\Hcontrol.exe
mRun: [SiS Tray] c:\windows\system32\sistray.EXE
mRun: [SiS KHooker] c:\windows\system32\khooker.exe
mRun: [SiSUSBRG] c:\windows\sisUSBrg.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Power_Gear] c:\program files\asus\power4 gear\BatteryLife.exe 1
mRun: [ASUS Probe] c:\program files\asus\asus probe\AsusProb.exe
mRun: [pccguide.exe] "c:\program files\trend micro\pc-cillin 2002\pccguide.exe"
mRun: [PCCClient.exe] "c:\program files\trend micro\pc-cillin 2002\PCCClient.exe"
mRun: [Pop3trap.exe] "c:\program files\trend micro\pc-cillin 2002\Pop3trap.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
dRun: [ctfmon.exe] c:\windows\system32\CTFMON.EXE
IE: 匯出至 Microsoft Office Excel(&X) - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {F6E2054E-6FE7-4B25-9372-C0C3E2A9A33B} = 168.95.192.1 168.95.1.1
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: hook dll rising: {bb4c402f-882a-4526-8c08-51278ea437c1} - c:\windows\system32\e8main0.dll
============= SERVICES / DRIVERS ===============
=============== Created Last 30 ================
2009-06-17 08:05 <DIR> --d----- c:\windows\pss
2009-06-16 18:16 100,985 ---shr-- C:\r.com
2009-06-16 10:08 <DIR> --dsh--- C:\FOUND.006
2009-06-15 20:50 127,488 ---shr-- c:\windows\system32\lhgjyit1.dll
2009-06-15 20:50 105,117 ---shr-- c:\windows\system32\huwesa.exe
2009-06-15 20:50 81,408 ---shr-- c:\windows\system32\843wee0.dll
2009-06-15 20:49 127,488 ---shr-- c:\windows\system32\lhgjyit0.dll
2009-06-15 20:49 100,985 ---shr-- c:\windows\system32\uret463.exe
2009-06-15 20:33 66,560 a------- c:\windows\AhnRpta.exe
2009-06-15 19:15 <DIR> --d----- c:\docume~1\user\applic~1\Malwarebytes
2009-06-15 19:15 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-15 19:15 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-15 19:15 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-15 19:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-15 17:00 102,653 ---shr-- C:\g0.cmd
2009-06-15 16:52 104,226 ---shr-- C:\hn.cmd
2009-05-30 15:25 99,908 ---shr-- C:\v0f8rqc.cmd
==================== Find3M ====================
2009-05-13 19:41 1,300 a------- c:\documents and settings\user\history.dat
2009-05-13 19:41 8 a------- c:\documents and settings\user\ad.dat
2009-05-06 09:51 105,838 ---shr-- C:\iu.bat
2009-05-04 21:35 105,010 ---shr-- C:\fsqxr.com
2009-04-20 10:19 105,395 ---shr-- C:\6hg.exe
2009-04-18 13:40 107,467 ---shr-- C:\nmje9v6d.bat
2009-04-04 10:44 106,268 ---shr-- C:\8m08ty.com
2009-04-02 23:09 106,787 ---shr-- C:\0ix8gcdt.cmd
2009-03-26 06:46 107,432 ---shr-- C:\jatxgwcj.bat
2008-07-23 09:01 133,690 ---shr-- c:\windows\system32\jvvo.exe
2008-07-29 19:31 166,400 ---shr-- c:\windows\system32\jvvo0.dll
============= FINISH: 17:21:56.36 ===============
Much Thanks!
|