Tech Support Forum banner
Cancel
Create thread New Forums
Status
Not open for further replies.

I Have Various Virus's/Trojans

Jump to Latest
1.3K views 5 replies 2 participants last post by  chemist  
M
#1 · (Edited)
Firstly, i have read the " READ THIS BEFORE YOU POST " thread and downloaded dds.exe and gmer. However, dds wouldn't scan, well it opened, but didn't seem to scan as it just stayed still with the same information. Before i scan with gmer.exe, i need to disable my anti-virus software, which is Malwarebytes. I can't find anywhere how to disable it though so if something could tell me i'll run that scan and post the log.

Before i run the scans, i currently beleive i have several virus's/trogans active around my computer. Some stated below:

Google Re-Direct Virus - I had this virus around one month ago, and succesfully removed it using TDSSKiller, Malwarebytes and CCleaner. However it seems to have returned as im getting re-directed on the google search when using Firefox.

buim.exe - I was told in another thread this is a virus. Everytime i boot up, when my desktop loads up this pops up straight saying it encountered a problem and needed to close.

vyihek.exe - This pops up as soon as my desktop loads up just like buim.exe does saying it also encountered a problem and needed to close.

I also get the odd pop from something called Dr.Watson Debugger or something similar to that.

I've also had problems with my computers " Virtual Memory ". A pop up appears saying it low on virtual memory and windows is increasing paging files, however the pc theme changes to a grey skin, then a second later the bottom taskbar dissapears and the computer autamatically reboots. Since this i increased the initial and maximum sizes of paging files from 640mb to 1024mb. Since i changed that it seems to have been fine, however i haven't opened any big programmes since.

So as you can see, i have several problems at the moment that need fixing immediatly.

Help is appreciated.
 
#2 ·
Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

See if dds will run in Safe Mode:
  • Restart your computer.
  • After hearing your computer beep once during startup, but before the Windows icon appears, start pressing the F8 key.
  • In some systems, this may be the F5 key.
  • Instead of Windows loading as normal, a menu should appear.
  • Use the up arrow key to highlight Safe Mode and press 'Enter'.
  • Login on your usual account.
------------------------------------------------------

If dds still won't run...
  • Download RSIT by random/random and Save it to your Desktop.
  • Double-click RSIT.exe to run the tool.
  • Click Continue at the disclaimer screen.
  • When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
  • Please copy/paste the contents of log.txt in your next reply.
  • Please attach info.txt to your reply.
To attach a file to a reply, simply
  • Click the Manage Attachments button under Additional Options > Attach Files on the post composition page, and
  • Copy and Paste the following into the Upload File from your Computer box:
    C:\rsit\info.txt
  • Click Upload
------------------------------------------------------

Before i scan with gmer.exe, i need to disable my anti-virus software, which is Malwarebytes.
Click to expand...
MBAM is not an antivirus. Please run gmer and attach the gmer log to your next reply.

------------------------------------------------------
 
Save
Like Like
M
#3 ·
Thanks for replying.

Before i scan my computer, i need to inform you on something. Last night i downloaded/installed Avast to try and delete the virus's/trojans. I ran a boot-scan which seemed to have cleared up some of the virus's. However, since the scan,
Firefox gets stuck in a crash reporter loop
Internet Explorer won't open,
Itunes says its installing with Windows, even though its already installed
Photoshop has been removed, well when i click the icon it says searching for missing file.

So the scan seems to have damaged a majority of my programmes. Unless them programms had virus's, which is doubtful but they may have, i'm not sure. The scan seems to have deleted the buim.exe trojan though, well it doesn't pop up anymore so i'm assuming its fixed something. It also seems to have fixed the vyihek.exe pop up aswell. I can't check whether the scan has deleted the Google virus as Firefox nor IE will open. I would have waited for a reply in this thread but i needed the computer to be fixed as soon as possible so i tried fixing it myself.

Avast also keeps saying i need to perform a boot scan to complete the clean up process everytime i get on the desktop for the first time, even though i've just performed one after the same pop asked me to.
 
M
#5 ·
Before i performed the scans i unistalled Avast, therefore meaning my PC currently doesn't have an anti-virus protection program. My PC also won't connect to Firefox/Safari or IE even though it says its connected so the following documents have been uploaded from a memory stick of my Laptop.

Below are the documents from the dds scan and the gmer scan. I must state: Half way through the gmer scan a " Windows File Protection " pop up appeared a couple of times. I'm not sure whether this would have interupted the scan but i've posted the documents anyway.


DDS (Ver_10-12-12.02) - NTFSx86
Run by Chris & Martin at 11:57:13.15 on 23/01/2011
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.447.158 [GMT 0:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Chris & Martin\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
mDefault_Page_URL = hxxp://www.defaulthomepage.info
mWinlogon: Userinit=c:\windows\system32\userinit.exe,userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [{A620698E-E61F-65FB-6F76-57CB979C265B}] "c:\documents and settings\chris & martin\application data\suipa\daypq.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [rap] c:\program files\ert\oops1.exe
mRun: [SunJavaUpdateSched] c:\program files\java\jre6\bin\jusched.exe
mRunOnce: [WIAWizardMenu] RUNDLL32.EXE c:\windows\system32\sti_ci.dll,WiaCreateWizardMenu
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\documents and settings\chris & martin\start menu\programs\startup\mqwotdrd.exe
StartupFolder: c:\docume~1\chris&~1\startm~1\programs\startup\ubericon.lnk - c:\windows\bricopacks\vista inspirat 2\ubericon\UberIcon Manager.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1209142011468
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: Antiwpa - antiwpa.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\chris&~1\applic~1\mozilla\firefox\profiles\ompdzec6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2719324&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - MessengerPlusLive UK TB Customized Web Search
FF - prefs.js: browser.startup.homepage - Google
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - Ext: British English Dictionary: en-GB@dictionaries.addons.mozilla.org - %profile%\extensions\en-GB@dictionaries.addons.mozilla.org
FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false

============= SERVICES / DRIVERS ===============

R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336]
RUnknown aswFsBlk;aswFsBlk; [x]
RUnknown aswSP;aswSP; [x]
S2 gupdate1c9af0441b300f0;Google Update Service (gupdate1c9af0441b300f0);c:\program files\google\update\GoogleUpdate.exe [2009-3-27 133104]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\mcafee security scan\2.0.181\mcchsvc.exe" --> c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [?]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]

=============== Created Last 30 ================

2011-01-23 11:00:35 -------- d-----w- c:\program files\trend micro
2011-01-21 17:48:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2011-01-21 16:38:07 -------- d-----w- c:\docume~1\chris&~1\applic~1\Qaid
2011-01-21 16:38:07 -------- d-----w- c:\docume~1\chris&~1\applic~1\Owha
2011-01-21 16:35:02 -------- d-----w- c:\docume~1\chris&~1\applic~1\Zydo
2011-01-21 16:35:02 -------- d-----w- c:\docume~1\chris&~1\applic~1\Yrpez
2011-01-20 19:00:50 -------- d-----w- c:\docume~1\chris&~1\applic~1\Ocil
2011-01-20 19:00:50 -------- d-----w- c:\docume~1\chris&~1\applic~1\Beuply
2011-01-20 08:00:12 -------- d-----w- c:\docume~1\chris&~1\applic~1\Seoqze
2011-01-20 08:00:12 -------- d-----w- c:\docume~1\chris&~1\applic~1\Ivepl
2011-01-19 21:07:24 -------- d-----w- c:\docume~1\chris&~1\applic~1\Ryzu
2011-01-19 21:07:24 -------- d-----w- c:\docume~1\chris&~1\applic~1\Iwegh
2011-01-19 19:12:47 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2011-01-19 19:00:29 -------- d-----w- c:\docume~1\chris&~1\applic~1\Udvy
2011-01-19 19:00:29 -------- d-----w- c:\docume~1\chris&~1\applic~1\Axval
2011-01-19 18:20:23 -------- d-----w- c:\docume~1\chris&~1\applic~1\Miitn
2011-01-19 18:20:22 -------- d-----w- c:\docume~1\chris&~1\applic~1\Ipvi
2011-01-19 18:10:17 -------- d-----w- c:\docume~1\chris&~1\applic~1\Tiqa
2011-01-19 18:10:17 -------- d-----w- c:\docume~1\chris&~1\applic~1\Geege
2011-01-19 17:34:58 -------- d-----w- c:\docume~1\chris&~1\applic~1\Zayq
2011-01-19 17:34:57 -------- d-----w- c:\docume~1\chris&~1\applic~1\Suipa
2011-01-10 19:06:59 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-01-10 19:06:59 -------- d-----w- c:\windows\system32\wbem\Repository
2011-01-05 16:10:47 -------- d-----w- c:\docume~1\chris&~1\applic~1\Urygal
2011-01-05 16:10:47 -------- d-----w- c:\docume~1\chris&~1\applic~1\Lutyev
2011-01-05 15:47:03 -------- d-----w- c:\docume~1\chris&~1\applic~1\Ygxyow
2011-01-05 15:47:03 -------- d-----w- c:\docume~1\chris&~1\applic~1\Cyfaim
2011-01-05 06:38:41 -------- d-----w- c:\docume~1\chris&~1\applic~1\Zetue
2011-01-05 06:38:41 -------- d-----w- c:\docume~1\chris&~1\applic~1\Qeib
2011-01-04 21:09:44 -------- d-----w- c:\docume~1\chris&~1\applic~1\Vuosa
2011-01-04 21:09:44 -------- d-----w- c:\docume~1\chris&~1\applic~1\Huuguv
2011-01-04 21:03:36 -------- d-----w- c:\docume~1\chris&~1\applic~1\Ipehyp
2011-01-04 21:03:36 -------- d-----w- c:\docume~1\chris&~1\applic~1\Afbou
2011-01-04 20:28:07 -------- d-----w- c:\docume~1\chris&~1\applic~1\Suhu
2011-01-04 20:28:07 -------- d-----w- c:\docume~1\chris&~1\applic~1\Omde
2011-01-04 19:48:26 -------- d-----w- c:\docume~1\chris&~1\applic~1\Beyv
2011-01-04 19:48:25 -------- d-----w- c:\docume~1\chris&~1\applic~1\Upurih
2011-01-04 19:20:33 -------- d-----w- c:\program files\SopCast
2011-01-04 18:35:16 -------- d-----w- c:\docume~1\chris&~1\applic~1\Ublul
2011-01-04 18:35:16 -------- d-----w- c:\docume~1\chris&~1\applic~1\Qizyu
2011-01-04 18:31:37 -------- d-----w- c:\program files\dxucchsw
2011-01-04 15:22:55 -------- d-----w- c:\docume~1\chris&~1\applic~1\Epde
2011-01-04 15:22:55 -------- d-----w- c:\docume~1\chris&~1\applic~1\Dome
2011-01-04 06:39:10 -------- d-----w- c:\docume~1\chris&~1\applic~1\Xopegy
2011-01-04 06:39:10 -------- d-----w- c:\docume~1\chris&~1\applic~1\Woxou
2011-01-03 22:41:26 -------- d-----w- c:\docume~1\chris&~1\applic~1\Ogna
2011-01-03 22:41:26 -------- d-----w- c:\docume~1\chris&~1\applic~1\Erqoz
2011-01-03 18:15:19 -------- d-----w- c:\program files\ertw

==================== Find3M ====================

2011-01-19 17:32:55 502272 ----a-w- c:\windows\system32\winlogon.exe
2010-12-21 12:14:48 0 ----a-w- c:\windows\Hwumuve.bin
2010-12-17 11:08:20 256 ----a-w- c:\windows\system32\pool.bin

============= FINISH: 11:58:07.12 ===============
 

Attachments

#6 ·
You are running a pirated copy of Windows.

As you should have read in our pre-posting thread:

IMPORTANT - Read This Before Posting For Malware Removal Help

* It is also this forum's policy that we only address users with a legal copy of Windows. If during the course of a fix it is determined that the copy is not legal, we must stop the cleansing process.

This thread shall now be closed.

------------------------------------------------------
 
Save
Like Like
Status
Not open for further replies.
You have insufficient privileges to reply here.
Tech Support Forum
posts
4.8M
members
966K
Since
2002
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Hard Drive & SSD Support PC Gaming Support