Go Back   Computer Forums > General Computing > Hardware
Join Computer forums Today

Thread Tools Search this Thread Display Modes
Old 04-04-2008, 07:07 PM   #1
In Runtime
wee493's Avatar
Join Date: May 2007
Posts: 423
Send a message via AIM to wee493
Default Help with Removing a Virus i have

I'll Admit it right off the bat. This virus was my fault for downloading something i should not have.
Well with that said I have a virus on my computer. every now and then i will get a random pop up saying "your computer is infected with a virus come buy our software and it will fix it" u know, the common virus thing. But when i scan with windows defender and with AVG it finds nothing. Other symptoms are that my computer is running extreemly slow and when i try to open task manager it says, "Task manager has been disabled by your administrator."

Any ideas, I have inclosed a copy of my Hijack This Log. Also I have windows Vista.

Running processes:
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\VMware\VMware Workstation\hqtray.exe
C:\Users\Wee\AppData\Local\Google\Update\\ GoogleUpdate.exe
C:\Program Files\Launchy\Launchy.exe
C:\Users\Wee\Desktop\Media\Bux. To\Bux.to Autoclicker\Bux.to Autoclicker.exe
C:\Users\Wee\AppData\Local\YouTube\Uploader\youtub euploader.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\ManyCam 2.2\ManyCam.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 -HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 -HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 -Hosts: ::1 localhost
O4 -HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 -HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Workstation\hqtray.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\qoMeDTkh.dll,#1
O4 -HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 -HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 -HKLM\..\Run: [7F55477B16070A515C55] Rundll32.exe "C:\Windows\system32\rspyafdm.dll",s
O4 -HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 -HKCU\..\Run: [Chainsaw] C:\Program Files\Pmcc\Chainsaw\Chainsaw.exe -silent
O4 -HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 -HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Wee\AppData\Local\Google\Update\ \GoogleUpdate.exe" /lang en
O4 -HKCU\..\Run: [ManyCam] "C:\Program Files\ManyCam 2.2\ManyCam.exe"
O4 -HKCU\..\Run: [ydiodrlu] C:\Windows\system32\cpkjgnif.exe
O4 -Startup: Bux.to Autoclicker.lnk = ?
O4 -Startup: YouTube Uploader.lnk = C:\Users\Wee\AppData\Local\YouTube\Uploader\youtub euploader.exe
O4 -Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O8 -Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DL L
O21 - SSODL: sxfnewqb - {576F7F22-BCCC-4FB6-8262-99539452A9F1} - C:\Windows\sxfnewqb.dll
O21 - SSODL: fkdnrwsv - {C32D39F5-BF6B-46D0-98FD-1E6785E4C835} - C:\Windows\fkdnrwsv.dll
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30011 (AppHostSvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: VMware Agent Service (ufad-ws60) - Unknown owner - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe" -d "C:\Program Files\VMware\VMware Workstation\\" -s ufad-p2v.xml (file missing)
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30001 (WAS) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

Abit IP35-E Motherboard, 3Gig- corsair RAM
PNY 9800GTX+ 256MB DDR3 Video Card,
Core 2 Duo E4300 overclocked 2.2Ghz
SATA Western Digital 160Gig HD,
Windows 7, Dual 19" 1440x900 Monitors
wee493 is offline   Reply With Quote
Old 04-04-2008, 07:24 PM   #2
Omnipotent One
Atomic Rooster's Avatar
Join Date: Apr 2006
Location: USA
Posts: 11,161
Send a message via AIM to Atomic Rooster Send a message via Yahoo to Atomic Rooster
Default Re: Help with Removing a Virus i have

Download and run both Ad-Aware 2007 Free and Spybot - Search & Destroy. They will find and delete most any nasties hiding in your system.

Try sticking to one thread only per topic please.

Atomic Rooster is offline   Reply With Quote
Old 04-04-2008, 09:41 PM   #3
In Runtime
wee493's Avatar
Join Date: May 2007
Posts: 423
Send a message via AIM to wee493
Default Re: Help with Removing a Virus i have

Thank you It it is searching right now. And sorry i was unaware that i posted multiple threads!
Abit IP35-E Motherboard, 3Gig- corsair RAM
PNY 9800GTX+ 256MB DDR3 Video Card,
Core 2 Duo E4300 overclocked 2.2Ghz
SATA Western Digital 160Gig HD,
Windows 7, Dual 19" 1440x900 Monitors
wee493 is offline   Reply With Quote
Old 04-05-2008, 03:04 AM   #4
Golden Master
worshipme's Avatar
Join Date: Oct 2007
Posts: 5,603
Default Re: Help with Removing a Virus i have

It can't remove it because of a running process. Boot into safe mode by repeatedly tapping F8 before Windows loads and run an anti virus program.
AMD Phenom II X4 955 BE @ 4.0GHz + TU120E lapped - MSI 770-CD45 AM3 - 2x2GB OCZ DDR3 1333MHz - Sapphire HD 4870 - Samsung Spinpoint 500GB 7200RPM 16MB cache HDD - Tagan TG600-BZ Piperock - (Currently open test bed) - Windows Vista Home Premium 64bit.
worshipme is offline   Reply With Quote

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

All times are GMT -5. The time now is 07:36 AM.

Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2016, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0