Solve : Have Virus or trojan need help.?

1.	Solve : Have Virus or trojan need help.?
Answer» I have spent the last several days trying to fix this and have even reinstalled windows but the problem is recurring. It originally was the windows police pro virus but it seems to be worse. Can anybody please help. I will paste my LOGS below. Also, when I first got the virus there were three porntube and nudetube icons that would appear on the desktop. SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 10/06/2009 at 03:16 PM Application Version : 4.26.1004 Core Rules Database Version : 3910 Trace Rules Database Version: 1854 Scan type : Custom Scan Total Scan Time : 02:00:54 Memory items scanned : 490 Memory threats detected : 0 Registry items scanned : 5553 Registry threats detected : 0 File items scanned : 262144 File threats detected : 81 Adware.Tracking Cookie C:\Documents and Settings\Tim\Cookies\[email protected][1].txt C:\Documents and Settings\Tim\Cookies\[email protected][2].txt C:\Documents and Settings\Tim\Cookies\[email protected][2].txt C:\Documents and Settings\Tim\Cookies\[email protected][2].txt C:\Documents and Settings\Tim\Cookies\[email protected][2].txt C:\Documents and Settings\Tim\Cookies\[email protected][2].txt C:\Documents and Settings\Tim\Cookies\[email protected][1].txt C:\Documents and Settings\Tim\Cookies\[email protected][1].txt C:\Documents and Settings\Tim\Cookies\[email protected][1].txt C:\Documents and Settings\Tim\Cookies\[email protected][1].txt C:\Documents and Settings\Tim\Cookies\[email protected][1].txt C:\Documents and Settings\Tim Brooks\Cookies\tim [email protected][2].txt C:\Documents and Settings\Tim Brooks\Cookies\tim [email protected][2].txt C:\Program Files\Documents and Settings\Tim Brooks\Cookies\[email protected][2].txt C:\Program Files\Documents and Settings\Tim Brooks\Cookies\[email protected][1].txt C:\Program Files\Documents and Settings\Tim Brooks\Cookies\[email protected][1].txt C:\Program Files\Documents and Settings\Tim Brooks\Cookies\[email protected][2].txt C:\Program Files\Documents and Settings\Tim Brooks\Cookies\[email protected][3].txt C:\Program Files\Documents and Settings\Tim Brooks\Cookies\[email protected][1].txt C:\Program Files\Documents and Settings\Tim Brooks\Cookies\[email protected][1].txt C:\Program Files\Documents and Settings\Tim Brooks\Cookies\[email protected][2].txt C:\Program Files\Documents and Settings\Tim Brooks\Cookies\[email protected][3].txt C:\Program Files\Documents and Settings\Tim Brooks\Cookies\[email protected][4].txt C:\Program Files\Documents and Settings\Tim Brooks\Cookies\[email protected][2].txt C:\Program Files\Documents and Settings\Tim Brooks\Cookies\[email protected][3].txt C:\Program Files\Documents and Settings\Tim Brooks\Cookies\[email protected][2].txt C:\Program Files\Documents and Settings\Tim Brooks\Cookies\[email protected][2].txt C:\Program Files\Documents and Settings\Tim Brooks\Cookies\[email protected][2].txt C:\Program Files\Documents and Settings\Tim Brooks\Cookies\[email protected][3].txt C:\Program Files\Documents and Settings\Tim Brooks\Cookies\[email protected][2].txt C:\Program Files\Documents and Settings\Tim Brooks\Cookies\[email protected][2].txt C:\Program Files\Documents and Settings\Tim Brooks\Cookies\[email protected][4].txt C:\Program Files\Documents and Settings\Tim Brooks\Cookies\[email protected][1].txt C:\Program Files\Documents and Settings\Tim Brooks\Cookies\[email protected][1].txt C:\Program Files\Documents and Settings\Tim Brooks\Cookies\[email protected][2].txt C:\Program Files\Documents and Settings\Tim Brooks\Cookies\[email protected][1].txt C:\Program Files\Documents and Settings\Tim Brooks\Cookies\[email protected][2].txt C:\Program Files\Documents and Settings\Tim Brooks\Cookies\[email protected][1].txt C:\Program Files\Documents and Settings\Tim Brooks\Cookies\[email protected][1].txt C:\Program Files\Documents and Settings\Tim Brooks\Cookies\[email protected][8].txt C:\Program Files\Documents and Settings\Tim Brooks\Cookies\[email protected][9].txt C:\Program Files\Tim windows stuff\Tim Brooks\Cookies\[email protected][1].txt C:\Program Files\Tim windows stuff\Tim Brooks\Cookies\[email protected][1].txt C:\Program Files\Tim windows stuff\Tim Brooks\Cookies\[email protected][2].txt C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][2].txt C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][2].txt C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][2].txt C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][3].txt C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][2].txt C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][2].txt C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][2].txt C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][2].txt C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][2].txt C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt Unclassified.Unknown Origin C:\DOCUMENTS AND SETTINGS\TIM\MY DOCUMENTS\TORRENT DOWNLOADS\CUCUSOFT MPEG MOV RM VB DIV XAVI TO DVD VCD SVCD CONVERTER PRO 7.07\KEYGEN.NFO Trojan.Dropper/Gen C:\PROGRAM FILES\DOCUMENTS AND SETTINGS\TIM BROOKS\LOCAL SETTINGS\TEMP\~.EXE Trojan.Dropper/SVCHost-Fake C:\PROGRAM FILES\TIM WINDOWS STUFF\TIM BROOKS\LOCAL SETTINGS\TEMP\SVCHOST.EXE Trojan.Agent/Gen-NumTemp C:\WINDOWS\SYSTEM32\9.TMP Malwarebytes' Anti-Malware 1.41 Database version: 2910 Windows 5.1.2600 Service Pack 2 10/6/2009 4:19:13 PM mbam-log-2009-10-06 (16-19-13).txt Scan type: Quick Scan Objects scanned: 162852 Time ELAPSED: 4 minute(s), 36 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 6 Registry Values Infected: 6 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 11 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: c:\WINDOWS\system32\BtwSrv32.dll (Backdoor.Bot) -> Delete on reboot. Registry Keys Infected: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BtwSrv (Trojan.Agent) -> QUARANTINED and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_BTWSRV (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NetLogin (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\isasdk (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\btwsrv (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\btwsrv (Backdoor.Bot) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\BuildW (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Ulrn (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Update (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udfa (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mfa (Backdoor.Bot) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\9.tmp (Trojan.Banker) -> Quarantined and deleted successfully. C:\WINDOWS\system32\isasdk.sys (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Temporary Internet Files\Content.IE5\BRC50AH0\w[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Temporary Internet Files\Content.IE5\E00BW7U3\w[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\Tim\Local Settings\Temporary Internet Files\Content.IE5\772GOXBO\ssv[1].txt (Trojan.Banker) -> Quarantined and deleted successfully. C:\WINDOWS\sv3.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\isvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\7.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\8.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\BtwSrv32.dll (Backdoor.Bot) -> Delete on reboot. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:33:28 PM, on 10/6/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\FastNetSrv.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\iolo\common\lib\ioloServiceManager.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\PowerISO\PWRISOVM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\tcpsvcs.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\SMC\SMCWUSB-G 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Trend Micro\HijackThis\Sniper.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Microsoft Office\Office12\WINWORD.EXE C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wpabaln.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe" O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: SMCWUSB-G 802.11g Wireless USB Utility.lnk = C:\Program Files\SMC\SMCWUSB-G 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&END to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: fastnetsrv Service (fastnetsrv) - Sigma Designs In - C:\WINDOWS\system32\FastNetSrv.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Net Login (NetLogin) - Unknown owner - C:\WINDOWS\svchost.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe -- End of file - 6496 bytes what anti-virus have you got Super Anti Spyware, malware bytes, Spyware Dr. they are not anti-virus do you have any of the one's below avast avira avg comodo mcafee norton panda kasperky if you do not have , d/load one from below and run http://www.free-av.com/ , avira is free http://www.avast.com/ , avast is free ============================================= also remove spyware dr , you have the best with Super Anti Spyware , you do not need 2 I am afraid you might have a virus called virut, virut is a very bad virus that modifies everything running. you might have to reformat your pc. I am going to contact evil for confirmation. http://www.threatexpert.com/report.aspx?md5=36629ac4a97cf577fb4bb8f7a3c8d8ea Quote from: cat-bomb on October 07, 2009, 02:49:46 PM I am afraid you might have a virus called virut, virut is a very bad virus that modifies everything running. you might have to reformat your pc. I am going to contact evil for confirmation. http://www.threatexpert.com/report.aspx?md5=36629ac4a97cf577fb4bb8f7a3c8d8ea please tell me what makes you think thatO23 - Service: Net Login (NetLogin) - Unknown owner - C:\WINDOWS\svchost.exe http://www.systemlookup.com/O23/2068-svchost_exe_k_NetLogon.htmli have been looking for a site like that , thank you , do you know any more

Answer»

I have spent the last several days trying to fix this and have even reinstalled windows but the problem is recurring. It originally was the windows police pro virus but it seems to be worse. Can anybody please help. I will paste my LOGS below.

Also, when I first got the virus there were three porntube and nudetube icons that would appear on the desktop.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/06/2009 at 03:16 PM

Application Version : 4.26.1004

Core Rules Database Version : 3910
Trace Rules Database Version: 1854

Scan type : Custom Scan
Total Scan Time : 02:00:54

Memory items scanned : 490
Memory threats detected : 0
Registry items scanned : 5553
Registry threats detected : 0
File items scanned : 262144
File threats detected : 81

Adware.Tracking Cookie
   C:\Documents and Settings\Tim\Cookies\[email protected][1].txt
   C:\Documents and Settings\Tim\Cookies\[email protected][2].txt
   C:\Documents and Settings\Tim\Cookies\[email protected][2].txt
   C:\Documents and Settings\Tim\Cookies\[email protected][2].txt
   C:\Documents and Settings\Tim\Cookies\[email protected][2].txt
   C:\Documents and Settings\Tim\Cookies\[email protected][2].txt
   C:\Documents and Settings\Tim\Cookies\[email protected][1].txt
   C:\Documents and Settings\Tim\Cookies\[email protected][1].txt
   C:\Documents and Settings\Tim\Cookies\[email protected][1].txt
   C:\Documents and Settings\Tim\Cookies\[email protected][1].txt
   C:\Documents and Settings\Tim\Cookies\[email protected][1].txt
   C:\Documents and Settings\Tim Brooks\Cookies\tim [email protected][2].txt
   C:\Documents and Settings\Tim Brooks\Cookies\tim [email protected][2].txt
   C:\Program Files\Documents and Settings\Tim Brooks\Cookies\[email protected][2].txt
   C:\Program Files\Documents and Settings\Tim Brooks\Cookies\[email protected][1].txt
   C:\Program Files\Documents and Settings\Tim Brooks\Cookies\[email protected][1].txt
   C:\Program Files\Documents and Settings\Tim Brooks\Cookies\[email protected][2].txt
   C:\Program Files\Documents and Settings\Tim Brooks\Cookies\[email protected][3].txt
   C:\Program Files\Documents and Settings\Tim Brooks\Cookies\[email protected][1].txt
   C:\Program Files\Documents and Settings\Tim Brooks\Cookies\[email protected][1].txt
   C:\Program Files\Documents and Settings\Tim Brooks\Cookies\[email protected][2].txt
   C:\Program Files\Documents and Settings\Tim Brooks\Cookies\[email protected][3].txt
   C:\Program Files\Documents and Settings\Tim Brooks\Cookies\[email protected][4].txt
   C:\Program Files\Documents and Settings\Tim Brooks\Cookies\[email protected][2].txt
   C:\Program Files\Documents and Settings\Tim Brooks\Cookies\[email protected][3].txt
   C:\Program Files\Documents and Settings\Tim Brooks\Cookies\[email protected][2].txt
   C:\Program Files\Documents and Settings\Tim Brooks\Cookies\[email protected][2].txt
   C:\Program Files\Documents and Settings\Tim Brooks\Cookies\[email protected][2].txt
   C:\Program Files\Documents and Settings\Tim Brooks\Cookies\[email protected][3].txt
   C:\Program Files\Documents and Settings\Tim Brooks\Cookies\[email protected][2].txt
   C:\Program Files\Documents and Settings\Tim Brooks\Cookies\[email protected][2].txt
   C:\Program Files\Documents and Settings\Tim Brooks\Cookies\[email protected][4].txt
   C:\Program Files\Documents and Settings\Tim Brooks\Cookies\[email protected][1].txt
   C:\Program Files\Documents and Settings\Tim Brooks\Cookies\[email protected][1].txt
   C:\Program Files\Documents and Settings\Tim Brooks\Cookies\[email protected][2].txt
   C:\Program Files\Documents and Settings\Tim Brooks\Cookies\[email protected][1].txt
   C:\Program Files\Documents and Settings\Tim Brooks\Cookies\[email protected][2].txt
   C:\Program Files\Documents and Settings\Tim Brooks\Cookies\[email protected][1].txt
   C:\Program Files\Documents and Settings\Tim Brooks\Cookies\[email protected][1].txt
   C:\Program Files\Documents and Settings\Tim Brooks\Cookies\[email protected][8].txt
   C:\Program Files\Documents and Settings\Tim Brooks\Cookies\[email protected][9].txt
   C:\Program Files\Tim windows stuff\Tim Brooks\Cookies\[email protected][1].txt
   C:\Program Files\Tim windows stuff\Tim Brooks\Cookies\[email protected][1].txt
   C:\Program Files\Tim windows stuff\Tim Brooks\Cookies\[email protected][2].txt
   C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt
   C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][2].txt
   C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt
   C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt
   C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][2].txt
   C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt
   C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt
   C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt
   C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt
   C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt
   C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt
   C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt
   C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][2].txt
   C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][3].txt
   C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt
   C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt
   C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt
   C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt
   C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt
   C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt
   C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt
   C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt
   C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][2].txt
   C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][2].txt
   C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt
   C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][2].txt
   C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][2].txt
   C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][2].txt
   C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt
   C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt
   C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt
   C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt
   C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt

Unclassified.Unknown Origin
   C:\DOCUMENTS AND SETTINGS\TIM\MY DOCUMENTS\TORRENT DOWNLOADS\CUCUSOFT MPEG MOV RM VB DIV XAVI TO DVD VCD SVCD CONVERTER PRO 7.07\KEYGEN.NFO

Trojan.Dropper/Gen
   C:\PROGRAM FILES\DOCUMENTS AND SETTINGS\TIM BROOKS\LOCAL SETTINGS\TEMP\~.EXE

Trojan.Dropper/SVCHost-Fake
   C:\PROGRAM FILES\TIM WINDOWS STUFF\TIM BROOKS\LOCAL SETTINGS\TEMP\SVCHOST.EXE

Trojan.Agent/Gen-NumTemp
   C:\WINDOWS\SYSTEM32\9.TMP

Malwarebytes' Anti-Malware 1.41
Database version: 2910
Windows 5.1.2600 Service Pack 2

10/6/2009 4:19:13 PM
mbam-log-2009-10-06 (16-19-13).txt

Scan type: Quick Scan
Objects scanned: 162852
Time ELAPSED: 4 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 6
Registry Values Infected: 6
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\system32\BtwSrv32.dll (Backdoor.Bot) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BtwSrv (Trojan.Agent) -> QUARANTINED and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_BTWSRV (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NetLogin (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\isasdk (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\btwsrv (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\btwsrv (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\BuildW (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Ulrn (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Update (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udfa (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mfa (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\9.tmp (Trojan.Banker) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\isasdk.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Temporary Internet Files\Content.IE5\BRC50AH0\w[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Temporary Internet Files\Content.IE5\E00BW7U3\w[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tim\Local Settings\Temporary Internet Files\Content.IE5\772GOXBO\ssv[1].txt (Trojan.Banker) -> Quarantined and deleted successfully.
C:\WINDOWS\sv3.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\isvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\BtwSrv32.dll (Backdoor.Bot) -> Delete on reboot.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:33:28 PM, on 10/6/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\FastNetSrv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SMC\SMCWUSB-G 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Trend Micro\HijackThis\Sniper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wpabaln.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SMCWUSB-G 802.11g Wireless USB Utility.lnk = C:\Program Files\SMC\SMCWUSB-G 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&END to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: fastnetsrv Service (fastnetsrv) - Sigma Designs In - C:\WINDOWS\system32\FastNetSrv.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Net Login (NetLogin) - Unknown owner - C:\WINDOWS\svchost.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe

--
End of file - 6496 bytes
what anti-virus have you got Super Anti Spyware, malware bytes, Spyware Dr. they are not anti-virus do you have any of the one's below

avast
avira
avg
comodo
mcafee
norton
panda
kasperky

if you do not have , d/load one from below and run

http://www.free-av.com/ , avira is free

http://www.avast.com/ , avast is free

=============================================

also remove spyware dr , you have the best with Super Anti Spyware , you do not need 2

I am afraid you might have a virus called virut, virut is a very bad virus that modifies everything running. you might have to reformat your pc. I am going to contact evil for confirmation. http://www.threatexpert.com/report.aspx?md5=36629ac4a97cf577fb4bb8f7a3c8d8ea Quote from: cat-bomb on October 07, 2009, 02:49:46 PM

I am afraid you might have a virus called virut, virut is a very bad virus that modifies everything running. you might have to reformat your pc. I am going to contact evil for confirmation. http://www.threatexpert.com/report.aspx?md5=36629ac4a97cf577fb4bb8f7a3c8d8ea

please tell me what makes you think thatO23 - Service: Net Login (NetLogin) - Unknown owner - C:\WINDOWS\svchost.exe
http://www.systemlookup.com/O23/2068-svchost_exe_k_NetLogon.htmli have been looking for a site like that , thank you , do you know any more

Solve : Have Virus or trojan need help.?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment