PDA

View Full Version : Virus Remover 2009


Feather Duster
08-11-08, 23:00
Help me!!! This is the second time I got it!

Copy the following text and paste it to your report AS IS!!!

---------------------------------------------------------------
AutoRuns Diagnostics for TRF v 0.5 Developed by EscondeR
---------------------------------------------------------------



Program:
N/A
Publisher:
"(Verified) Lavasoft AB"
Entry path:
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
Entry name:
lsdelete
Program path & name:
"c:\windows\system32\lsdelete.exe"
Enabled: [V]


Program:
"Ad-Aware service"
Publisher:
"(Verified) Lavasoft AB"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
aawservice
Program path & name:
"c:\program files\lavasoft\ad-aware\aawservice.exe"
Enabled: [V]


Program:
"AVG E-Mail Scanner"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
avg8emc
Program path & name:
"c:\program files\avg\avg8\avgemc.exe"
Enabled: [V]


Program:
"AVG Watchdog Service"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
avg8wd
Program path & name:
"c:\program files\avg\avg8\avgwdsvc.exe"
Enabled: [V]


Program:
"HP Health Check Service"
Publisher:
"(Not verified) Hewlett-Packard"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
HP Health Check Service
Program path & name:
"c:\program files\hewlett-packard\hp health check\hphc_service.exe"
Enabled: [V]


Program:
"Used by the LightScribe software components to support 3rd party disc labeling applications using the LightScribe COM Application Programming Interface (LSCAPI). This service needs to run for LightScribe direct disc labeling to work."
Publisher:
"(Verified) Hewlett-Packard Company"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
LightScribeService
Program path & name:
"c:\program files\common files\lightscribe\lssrvc.exe"
Enabled: [V]


Program:
"AVG AVI Loader Driver"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
AvgLdx86
Program path & name:
"c:\windows\system32\drivers\avgldx86.sys"
Enabled: [V]


Program:
"AVG Firewall driver"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
AvgWfpX
Program path & name:
"c:\windows\system32\drivers\avgwfpx.sys"
Enabled: [V]


Program:
"IP in IP Tunnel Driver"
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
IpInIp
Program path & name:
File not found: system32\DRIVERS\ipinip.sys"
Enabled: [V]


Program:
"IPX Traffic Filter Driver"
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
NwlnkFlt
Program path & name:
File not found: system32\DRIVERS\nwlnkflt.sys"
Enabled: [V]


Program:
"IPX Traffic Forwarder Driver"
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
NwlnkFwd
Program path & name:
File not found: system32\DRIVERS\nwlnkfwd.sys"
Enabled: [V]


Program:
"Px Engine Device Driver for Windows 2000/XP"
Publisher:
"(Verified) Sonic Solutions"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
PxHelp20
Program path & name:
"c:\windows\system32\drivers\pxhelp20.sys"
Enabled: [V]


Program:
"AVG Resident Shield Starter"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
Entry name:
avgrsstx.dll
Program path & name:
"c:\windows\system32\avgrsstx.dll"
Enabled: [V]


Program:
"hpsysdrv"
Publisher:
"(Not verified) Hewlett-Packard Company"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
hpsysdrv
Program path & name:
"c:\hp\support\hpsysdrv.exe"
Enabled: [V]


Program:
"OsdMaestro main program"
Publisher:
"(Not verified) OsdMaestro"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
OsdMaestro
Program path & name:
"c:\program files\hewlett-packard\on-screen osd indicator\osd.exe"
Enabled: [V]


Program:
"HP Health Check Scheduler"
Publisher:
"(Verified) Hewlett-Packard"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
HP Health Check Scheduler
Program path & name:
"c:\program files\hewlett-packard\hp health check\hphc_scheduler.exe"
Enabled: [V]


Program:
"Adobe Acrobat SpeedLauncher"
Publisher:
"(Verified) Adobe Systems Incorporated"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Adobe Reader Speed Launcher
Program path & name:
"c:\program files\adobe\reader 8.0\reader\reader_sl.exe"
Enabled: [V]


Program:
"Java(TM) Platform SE binary"
Publisher:
"(Verified) Sun Microsystems Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
SunJavaUpdateReg
Program path & name:
"c:\windows\system32\jureg.exe"
Enabled: [V]


Program:
"Hewlett-Packard Product Assistant"
Publisher:
"(Not verified) Hewlett-Packard Co."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
HP Software Update
Program path & name:
"c:\program files\hp\hp software update\hpwuschd2.exe"
Enabled: [V]


Program:
"AVG Tray Monitor"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
AVG8_TRAY
Program path & name:
"c:\program files\avg\avg8\avgtray.exe"
Enabled: [V]


Program:
"Launcher"
Publisher:
"(Not verified) soft thinks"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Once
Entry name:
Launcher
Program path & name:
"c:\windows\sminst\launcher.exe"
Enabled: [V]


Program:
"Safe Search pluggable protocol"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
linkscanner
Program path & name:
"c:\program files\avg\avg8\avgpp.dll"
Enabled: [V]


Program:
"Microsoft® InfoTech Storage System Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
ms-itss
Program path & name:
"c:\program files\common files\microsoft shared\information retrieval\msitss.dll"
Enabled: [V]


Program:
"HP Advisor"
Publisher:
"(Verified) Hewlett-Packard Company"
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
HPAdvisor
Program path & name:
"c:\program files\hewlett-packard\hp advisor\hpadvisor.exe"
Enabled: [V]


Program:
"Yahoo! Toolbar"
Publisher:
"(Verified) Yahoo! Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
&Yahoo! Toolbar Helper
Program path & name:
"c:\program files\yahoo!\companion\installs\cpn\yt.dll"
Enabled: [V]


Program:
"Adobe PDF Helper for Internet Explorer"
Publisher:
"(Verified) Adobe Systems Incorporated"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Adobe PDF Reader Link Helper
Program path & name:
"c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll"
Enabled: [V]


Program:
"Safe Search for Internet Explorer"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
AVG Safe Search
Program path & name:
"c:\program files\avg\avg8\avgssie.dll"
Enabled: [V]


Program:
"Java(TM) Platform SE binary"
Publisher:
"(Verified) Sun Microsystems Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
SSVHelper Class
Program path & name:
"c:\program files\java\jre1.6.0_01\bin\ssv.dll"
Enabled: [V]


Program:
"ShellvRTF"
Publisher:
"(Not verified) XSS"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
ShellViewRTF
Program path & name:
"c:\windows\system32\shellvrtf.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
WinRAR shell extension
Program path & name:
c:\program files\winrar\rarext.dll"
Enabled: [V]


Program:
"AVG Shell Extension"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
AVG8 Shell Extension
Program path & name:
"c:\program files\avg\avg8\avgse.dll"
Enabled: [V]


Program:
"PDF Shell Extension"
Publisher:
"(Not verified) Adobe Systems Inc."
Entry path:
HKLM\Software\Classes\Folder\Shellex\ColumnHandler s
Entry name:
PDF Shell Extension
Program path & name:
"c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
Enabled: [V]


Program:
"Yahoo! Toolbar"
Publisher:
"(Verified) Yahoo! Inc."
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Toolbar
Entry name:
yt.dll
Program path & name:
"c:\program files\yahoo!\companion\installs\cpn\yt.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Extensions
Entry name:
ieSpell
Program path & name:
File not found: C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Extensions
Entry name:
ieSpell Options
Program path & name:
File not found: C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM"
Enabled: [V]



How the hell do I get rid of it and stop it from popping forver!!??

Edit: BTW, I get taken to it! Like if I click on yahoo.com, I get taken to VR2009 (only sometimes, and with any link)

EscondeR
08-11-08, 23:46
You can try booting from Vista Live CD or Linux distribution and remove the infected files.
I have no information about Yahoo itself, but it can be easily hacked, therefore stay away of Yahoo for a while on.

Feather Duster
09-11-08, 00:01
You can try booting from Vista Live CD or Linux distribution and remove the infected files.
I have no information about Yahoo itself, but it can be easily hacked, therefore stay away of Yahoo for a while on.

The yahoo thing was an example.

And, do i have a virus?

EscondeR
09-11-08, 00:09
There are no traces of infection in ARDiag report, BUT you can still have entries in browser cache...

Feather Duster
09-11-08, 00:57
There are no traces of infection in ARDiag report, BUT you can still have entries in browser cache...

Time to use ccleaner, eh? :p

Thanks!