also @ TechSpot: Nvidia GeForce GTX 780 Review

TechSpot

TechSpot News Products Downloads Forums

About
Sign in

Welcome to TechSpot

Why should I register?

Sign up for a new account or log in here:

Forgot your password?

Couldn't sign you in, please try again.

[Not curable - Virut] Need serious help

Discussion in 'Virus and Malware Removal' started by domino23, Jun 25, 2010.

Page 1 of 3

domino23 Newcomer, in training Posts: 68

I used this thread . . . http://www.techspot.com/vb/topic58138.html to try by myself but keep running into constant problems.

Long story short, I knew I was infected when the speed of my comp slowed down so I found this and started at step one. I even skipped around a little cause I started without the internet working correctly so I ran Malwarebytes and AVG. Found many infections and disinfected them.

So I come back and I get to step 3... My computer will not let me update for ****. Autoupdates ... I tried that and It wont respond. I went and downloaded SP3 because I never got it and my regedit wont work anymore so I figured that would help... but when I tried THAT it stops midway and says its missing "VBC.EXE".

Please help, I dont know what else to do!

domino23, Jun 25, 2010

#1
Broni Malware Annihilator Posts: 39,397 +177

Please, complete all steps you can and post all logs you can.
Don't worry about SP3 for now.

Broni, Jun 25, 2010

#2
domino23 Newcomer, in training Posts: 68

Oh I thought that was a major thing needed... Ok, thanks

domino23, Jun 25, 2010

#3
Broni Malware Annihilator Posts: 39,397 +177

Yes, but major updates like service packs should be installed only on clean computers.
We clean your computer first, then you'll be free to install SP3.

Broni, Jun 25, 2010

#4
domino23 Newcomer, in training Posts: 68

Ok man, I skipped down to step 5 (GMER), downloaded the program and then when i click it i get the message "windows cannot access the specified device, path or file." so no log for that... moving on to the next step.

domino23, Jun 26, 2010

#5

Broni Malware Annihilator Posts: 39,397 +177

OK........

Broni, Jun 26, 2010

#6

domino23 Newcomer, in training Posts: 68

The reason I skipped the malware bytes step again is cause I already did that before all of this and it takes a long *** time to scan... do you think i you think I should do it again for the log?

domino23, Jun 26, 2010

#7
domino23 Newcomer, in training Posts: 68

and here' the DDS scan

DDS (Ver_10-03-17.01) - NTFSx86
Run by D at 16:34:08.32 on Sun 12/05/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_20
AV: AVG Internet Security *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

============== Pseudo HJT Report ===============

mDefault_Search_URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=%s
uURLSearchHooks: DefaultSearchHook Class: {c94e154b-1459-4a47-966b-4b843befc7db} - c:\program files\asksearch\bin\DefaultSearch.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
mRun: [M-Audio Taskbar Icon] c:\windows\system32\DeltaIITray.exe
mRun: [DeltaIITaskbarApp] c:\windows\system32\DeltaIITray.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\d\startm~1\programs\startup\limewi~1.lnk - d:\program files\limewire\LimeWire.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1291610191595
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\d\applic~1\mozilla\firefox\profiles\dsb3wgv5.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\windows\system32\c2mp\npdivx32.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================

2010-12-06 04:37:14 80 -c--a-w- c:\windows\system32\asr_otqtja
2010-12-06 04:35:28 0 dc-h--w- C:\$AVG
2010-12-06 04:34:09 81 -c--a-w- c:\windows\system32\asr_baxcjb
2010-12-06 04:30:19 0 dc----w- c:\program files\AVG
2010-12-06 04:30:10 0 dc----w- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2010-12-06 04:29:33 0 dc----w- c:\docume~1\alluse~1.win\applic~1\avg9
2010-12-06 04:28:31 15880 -c--a-w- c:\windows\system32\lsdelete.exe
2010-12-06 04:27:52 64288 -c--a-w- c:\windows\system32\drivers\Lbd.sys
2010-12-06 04:27:44 95024 -c--a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-12-06 04:22:41 425984 -c--a-w- c:\windows\system32\AscConTest.dll
2010-12-06 04:22:41 36864 -c--a-w- c:\windows\system32\ascbalon.dll
2010-12-06 04:22:41 307200 -c--a-w- c:\windows\system32\AscSQLite.dll
2010-12-06 04:21:34 0 dc----w- c:\program files\Ascentive
2010-12-06 04:15:21 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-06 04:15:11 80 -c--a-w- c:\windows\system32\asr_buxqwk
2010-12-06 04:15:04 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys
2010-12-06 04:12:41 73728 -c--a-w- c:\windows\system32\javacpl.cpl
2010-12-06 04:12:38 411368 -c--a-w- c:\windows\system32\deployJava1.dll
2010-12-06 04:12:04 0 dc----w- c:\program files\CCleaner
2010-12-06 04:07:28 0 dc-h--w- c:\docume~1\alluse~1.win\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-12-06 04:04:34 12464 -c--a-w- c:\windows\system32\avgrsstx.dll
2010-12-06 04:04:33 25608 -c--a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-12-06 04:04:32 161800 -c--a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-12-06 04:04:31 360584 -c--a-w- c:\windows\system32\drivers\avgtdix.sys
2010-12-06 04:04:22 0 dc----w- c:\docume~1\d\applic~1\Sammsoft
2010-12-06 04:03:44 333192 -c--a-w- c:\windows\system32\drivers\avgldx86.sys
2010-12-06 04:02:57 0 dc----w- c:\windows\system32\drivers\Avg
2010-12-06 04:01:21 50968 -c--a-w- c:\windows\system32\avgfwdx.dll
2010-12-06 04:01:21 30104 -c--a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-12-06 04:00:36 81 -c--a-w- c:\windows\system32\asr_hqqcbu
2010-12-06 03:55:37 0 dc----w- c:\docume~1\d\applic~1\Malwarebytes
2010-12-06 03:51:05 0 dc----w- c:\docume~1\d\applic~1\BitTorrent
2010-12-06 03:42:53 21728 -c--a-w- c:\windows\system32\wucltui.dll.mui
2010-12-06 03:42:50 17632 -c--a-w- c:\windows\system32\wuaueng.dll.mui
2010-12-06 03:42:45 15072 -c--a-w- c:\windows\system32\wuaucpl.cpl.mui
2010-12-06 03:42:42 15064 -c--a-w- c:\windows\system32\wuapi.dll.mui
2010-12-06 00:24:32 0 dc----w- c:\windows\system32\CatRoot_bak
2010-12-06 00:23:50 80 -c--a-w- c:\windows\system32\asr_wkxmyu
2010-12-05 20:56:07 80 -c--a-w- c:\windows\system32\asr_zpxrab
2010-12-05 20:45:24 80 -c--a-w- c:\windows\system32\asr_zirrbj
2010-12-05 20:32:34 80 -c--a-w- c:\windows\system32\asr_itmwql
2010-12-05 20:18:18 80 -c--a-w- c:\windows\system32\asr_kfrrnz
2010-12-05 20:16:36 80 -c--a-w- c:\windows\system32\asr_ahgczv
2010-12-05 20:14:28 80 -c--a-w- c:\windows\system32\asr_gqpwbr
2010-12-05 20:09:34 80 -c--a-w- c:\windows\system32\asr_cezcsa
2010-12-05 20:07:11 80 -c--a-w- c:\windows\system32\asr_gmdytr

==================== Find3M ====================

2010-12-06 00:58:54 60416 -c--a-w- C:\gendel32.exe
2010-12-06 00:20:58 24064 -c--a-w- c:\windows\system32\upnpcont.exe
2010-12-06 00:19:59 84480 -c--a-w- c:\windows\system32\rtcshare.exe
2010-12-06 00:18:59 15360 -c--a-w- c:\windows\system32\lpr.exe
2010-12-06 00:08:47 528384 -c--a-w- c:\windows\system32\DivXsm.exe
2010-12-06 00:07:58 153600 -c--a-w- c:\windows\regedit.exe
2010-12-06 00:07:48 76288 -c--a-w- c:\windows\NOTEPAD.EXE
2010-12-06 00:07:34 306688 -c--a-w- c:\windows\IsUninst.exe
2010-12-06 00:07:28 17920 -c--a-w- c:\windows\hh.exe
2010-12-06 00:07:26 155648 -c--a-w- C:\UNWISE.EXE
2010-12-06 00:07:18 708608 -c--a-w- C:\StubInstaller.exe

============= FINISH: 16:38:14.87 ===============

domino23, Jun 26, 2010

#8
Broni Malware Annihilator Posts: 39,397 +177

You should run "Quick Scan" only and it doesn't take that long. I need it and both DDS logs.

Broni, Jun 26, 2010

#9
domino23 Newcomer, in training Posts: 68

attatch.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

==== Disk Partitions =========================

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Adobe Reader 9.3
Advertising Center
ASIO4ALL
Ask Toolbar
AVG 9.0
AVS Audio Converter version 6.1
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.3
BitTorrent
CCleaner
CD - DVD Publishing Service
Delta
DolbyFiles
Express Burn
FL Studio 9
FLV to MP3 Converter 1.5
Freez FLV to MP3 Converter
FriendBlasterPro
IL Download Manager
ImagXpress
Java Auto Updater
Java(TM) 6 Update 20
LimeWire 5.4.6
Malwarebytes' Anti-Malware
Media Player Codec Pack 3.9.0
Menu Templates - Starter Kit
Microsoft .NET Framework 2.0
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Microsoft Visual C++ 2005 Redistributable
Movie Templates - Starter Kit
Mozilla Firefox (3.5.8)
MySpace Views Increaser
Nero 9
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero DiscSpeed
Nero DriveSpeed
Nero InfoTool
Nero Installer
Nero Live
Nero PhotoSnap
Nero Recode
Nero Rescue Agent
Nero ShowTime
Nero StartSmart
Nero Vision
Nero WaveEditor
NeroBurningROM
NeroExpress
NeroLiveGadget
neroxml
PoiZone
Sawer
Sony ACID Pro 6.0
Sony Media Manager 2.2
Sony Noise Reduction Plug-In 2.0h
Sony Sound Forge 9.0
SoundTrax
Syncrosoft's License Control
SyncroSoft Emu (Remove only)
Toxic Biohazard
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Winamp
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
WinRAR archiver

==== End Of File ===========================

domino23, Jun 26, 2010

#10
domino23 Newcomer, in training Posts: 68

alright, will do. running right now.

domino23, Jun 26, 2010

#11
Broni Malware Annihilator Posts: 39,397 +177

OK........

Broni, Jun 26, 2010

#12
domino23 Newcomer, in training Posts: 68

Still waiting... haha....

domino23, Jun 26, 2010

#13
domino23 Newcomer, in training Posts: 68

AVG keeps finding random infections though.

domino23, Jun 26, 2010

#14
Broni Malware Annihilator Posts: 39,397 +177

Keep going...

Broni, Jun 26, 2010

#15
domino23 Newcomer, in training Posts: 68

still waiting... scanned 10,000+ nothing yet....

domino23, Jun 26, 2010

#16
domino23 Newcomer, in training Posts: 68

...nevermind...

domino23, Jun 26, 2010

#17
domino23 Newcomer, in training Posts: 68

Malwarebytes Log....

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

12/5/2010 4:01:25 PM
mbam-log-2010-12-05 (16-01-25).txt

Scan type: Quick scan
Objects scanned: 172702
Time elapsed: 1 hour(s), 2 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 6
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_Windows_HOSTS_CONTROLLER (Worm.Kolab) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Windows Hosts Controller (Trojan.Agent) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\intime (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\reup (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\waittokillservicet (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\unwise_.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\unwise_.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\c:\windows\fonts\unwise_.exe (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

domino23, Jun 26, 2010

#18
Broni Malware Annihilator Posts: 39,397 +177

Your log says "No action taken" after each line.
You either posted a log from before fixes, or you didn't apply any fixes.
Please correct it.

Broni, Jun 26, 2010

#19
domino23 Newcomer, in training Posts: 68

new log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

12/5/2010 4:10:41 PM
mbam-log-2010-12-05 (16-10-41).txt

Scan type: Quick scan
Objects scanned: 172702
Time elapsed: 1 hour(s), 2 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 6
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_Windows_HOSTS_CONTROLLER (Worm.Kolab) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Windows Hosts Controller (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\intime (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\reup (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\waittokillservicet (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\unwise_.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\unwise_.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\c:\windows\fonts\unwise_.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

domino23, Jun 26, 2010

#20

Page 1 of 3

Topic Status:: Not open for further replies.

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.