Computing.Net > Forums > Security and Virus > Help with Virus'es

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Help with Virus'es

Reply to Message Icon

Name: ArcticWolf
Date: February 25, 2008 at 09:31:02 Pacific
OS: Win XP SP1
CPU/Ram: AMD Duron 750/384 megs pc
Product: Elitegroup/SIS 930
Comment:

I know I have viruses on my computer because my modem is trying to send info out onto the net the blue lights never stop. Anyhow... I know I have Virtumonde which I can't get rid of and who knows what else. Can anyone tell me where to download Hijackthis and how to run it and what to post to you guys so I clean clean this machine up.

Thanks



Sponsored Link
Ads by Google

Response Number 1
Name: ArcticWolf
Date: February 25, 2008 at 09:39:31 Pacific
Reply:

Ok I found a link to Hijackthis from another post on here and everyone says to post the logfile... I even had hijackthis get errors on running twice... but here is the log, hopefully someone can help me out. Also I have combofix and when i ran it... it said "clcms.exe" could not be found ...and when i checked the windows directory it is not there :S.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:39, on 2008-02-25
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\TrayIcon.exe
F:\program files\powerstrip\pstrip.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\Program Files\SpeedswitchXP\SpeedswitchXP.exe
C:\WINDOWS\clmcs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ttlms.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\17PHolmes1148.exe
C:\Documents and Settings\Brian\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 61.28.1.91:8080
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\clmcs.exe
O2 - BHO: TW_BrowserHook - {1E1B2879-88FF-11D2-8D96-FFFFAC95951F} - C:\Program Files\Perfect Keyboard AS\mtwbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_14\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [DisplayTrayIcon] C:\WINDOWS\System32\TrayIcon.exe
O4 - HKLM\..\Run: [PowerStrip] f:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.exe C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1148.exe 61A847B5BBF72813339F30466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKCU\..\Run: [SpeedswitchXP] C:\Program Files\SpeedswitchXP\SpeedswitchXP.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_14\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_14\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.exe
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {50BD5CDA-4BA8-4048-8FAA-763F222E41D8} - ms-its:mhtml:file://c:\\nores.mht!http://adxrnet.net/code/chm/xpre.chm::/xpreload.ocx
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/re...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://gameadvisor.futuremark.com/g...
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://www.phreik.com/controls/msnc...
O17 - HKLM\System\CCS\Services\Tcpip\..\{FF81D0E5-5389-431B-A46A-F524D08A1317}: NameServer = 206.248.154.22 69.28.199.126
O20 - AppInit_DLLs: f:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - Unknown owner - C:\WINDOWS\System32\bgsvcgen.exe (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: gearsec - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Management Consultants (CLMCs) - Unknown owner - C:\WINDOWS\clmcs.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\System32\windows (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Track Learning Management System (TTLMS) - Unknown owner - C:\WINDOWS\System32\ttlms.exe

--
End of file - 5594 bytes


0

Response Number 2
Name: ArcticWolf
Date: February 25, 2008 at 15:19:17 Pacific
Reply:

So can anyone help me out?? Please


0

Response Number 3
Name: ArcticWolf
Date: February 25, 2008 at 19:17:01 Pacific
Reply:

OMG, 7 hrs and no response, so I fixed it myself... <says in a sarcastic voice> "Thanks a bunch". People do use computers other then just to surf the net... like myself which owns a business online and can't wait around for days to come up with a fix.


0

Response Number 4
Name: XpUser4Real
Date: February 26, 2008 at 19:20:54 Pacific
Reply:

The reason no-one probably answered was because you posted a log without having it requested. Obviously you didn't see the warning before you posted??????

Some HELP in posting on Cnet plus free progs and instructions Glad to Help!


0

Sponsored Link
Ads by Google
Reply to Message Icon

Related Posts

See More







Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.


Go to Security and Virus Forum Home


Sponsored links

Ads by Google


Results for: Help with Virus'es

help with virus PSW.Agent.H www.computing.net/answers/security/help-with-virus-pswagenth/11371.html

HIJACKTHIS-Help with adware/viruses www.computing.net/answers/security/hijackthishelp-with-adwareviruses/13715.html

Help with W32.Bugbear@mm virus www.computing.net/answers/security/help-with-w32bugbearmm-virus/10010.html