WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

[Resolved] b.exe virus

Started by eqbound , Sep 23 2009 10:23 AM

This topic is locked

22 replies to this topic

#16 extremeboy

Retired WTT Malware Disintegrator Teacher

Authentic Member
1,433 posts

Posted 29 September 2009 - 02:36 PM

Hello.

The first 3 were quarantined items from Combofix, so no need to worry about that. The last one was a Java cache what ESET detected as malicious and removed it.

Take a new DDS run afterward and post back with both the DDS and Attach logs in your next reply. Also, let me know how your computer is running and if you have any more problems, issues or symptoms left.

Thanks.

With Regards,
Extremeboy

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

The help you receive here is free. If you wish to show your appreciation, you may wish to

Advertisements

Register to Remove

#17 eqbound

New Member

Authentic Member
14 posts

Posted 29 September 2009 - 03:24 PM

I think the computer is running fine, but I admit I'm not the best judge on whether a computer is virus free. I can open my programs. Here's the log. DDS (Ver_09-06-26.01) - NTFSx86 Run by Clarissa at 14:21:18.75 on Tue 09/29/2009 Internet Explorer: 8.0.6001.18813 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.893.125 [GMT -7:00] SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\Ati2evxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\agrsmsvc.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Toshiba\IVP\ISM\pinger.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc c:\Toshiba\IVP\swupdate\swupdtmr.exe C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe C:\Windows\system32\TODDSrv.exe C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskeng.exe C:\Toshiba\IVP\ISM\ivpsvmgr.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Toshiba\Power Saver\TPwrMain.exe C:\Program Files\Toshiba\SmoothView\SmoothView.exe C:\Program Files\Toshiba\FlashCards\TCrdMain.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Program Files\Toshiba\ConfigFree\NDSTray.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Windows\ehome\ehmsas.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Synaptics\SynTP\SynToshiba.exe C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Sun\SDK\jdk\bin\java.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe C:\Windows\system32\taskeng.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Clarissa\Desktop\dds.scr C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.toshibadirect.com/dpdstart BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe uRun: [AdobeUpdater] c:\program files\common files\adobe\updater5\AdobeUpdater.exe uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe mRun: [NDSTray.exe] NDSTray.exe mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe mRun: [Skytel] Skytel.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript StartupFolder: c:\users\clarissa\appdata\roaming\micros~1\windows\startm~1\programs\startup\sdktra~1.lnk - c:\sun\sdk\jdk\bin\javaw.exe mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL Trusted Zone: topproducer8i.com\www DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.costcophotocenter.com/CostcoActivia.cab DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab AppInit_DLLs: c:\progra~1\google\google~1\GoogleDesktopNetwork3.dll ============= SERVICES / DRIVERS =============== R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2007-8-22 7168] R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187B.sys [2007-9-18 252416] =============== Created Last 30 ================ 2009-09-28 15:06 <DIR> --d----- c:\program files\ESET 2009-09-27 21:14 24,724 a------- c:\windows\system32\productregistry 2009-09-27 21:11 <DIR> --d----- C:\Sun 2009-09-25 13:19 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-25 13:19 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-09-25 13:19 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-09-24 18:24 <DIR> --d----- c:\program files\iPod 2009-09-24 18:24 <DIR> --d----- c:\program files\iTunes 2009-09-24 17:45 <DIR> --dsh--- C:\$RECYCLE.BIN 2009-09-24 17:23 229,888 a------- c:\windows\PEV.exe 2009-09-24 17:23 161,792 a------- c:\windows\SWREG.exe 2009-09-24 17:23 98,816 a------- c:\windows\sed.exe 2009-09-23 15:12 <DIR> --d----- c:\program files\Trend Micro 2009-09-22 20:32 55,656 a------- c:\windows\system32\drivers\avgntflt.sys 2009-09-22 20:31 <DIR> --d----- c:\programdata\Avira 2009-09-22 20:31 <DIR> --d----- c:\program files\Avira 2009-09-22 20:31 <DIR> --d----- c:\progra~2\Avira 2009-09-22 19:21 <DIR> --d----- c:\users\clarissa\appdata\roaming\Malwarebytes 2009-09-22 19:20 <DIR> --d----- c:\programdata\Malwarebytes 2009-09-22 19:20 <DIR> --d----- c:\progra~2\Malwarebytes 2009-09-22 15:58 <DIR> --d----- c:\program files\AVG 2009-09-22 15:58 <DIR> --d----- c:\programdata\avg8 2009-09-22 15:58 <DIR> --d----- c:\progra~2\avg8 2009-09-22 15:43 <DIR> --d----- c:\users\clarissa\appdata\roaming\AVG8 2009-09-17 10:03 1,686,272 a------- c:\users\clarissa\MoveMediaPlayerWin_071503000010.exe 2009-09-10 22:09 107,368 a------- c:\windows\system32\GEARAspi.dll 2009-09-10 22:09 26,600 a------- c:\windows\system32\drivers\GEARAspiWDM.sys 2009-09-10 22:06 <DIR> --d----- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-09-10 22:06 <DIR> --d----- c:\progra~2\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-09-05 01:54 94,208 a------- c:\windows\system32\QuickTimeVR.qtx 2009-09-05 01:54 69,632 a------- c:\windows\system32\QuickTime.qts ==================== Find3M ==================== 2009-09-10 21:58 143,360 a------- c:\windows\inf\infstrng.dat 2009-09-10 21:58 86,016 a------- c:\windows\inf\infstor.dat 2009-09-10 21:58 51,200 a------- c:\windows\inf\infpub.dat 2009-08-03 15:07 403,816 a------- c:\windows\system32\OGACheckControl.dll 2009-08-03 15:07 322,928 a------- c:\windows\system32\OGAAddin.dll 2009-08-03 15:07 230,768 a------- c:\windows\system32\OGAEXEC.exe 2009-07-21 14:52 915,456 a------- c:\windows\system32\wininet.dll 2009-07-21 14:47 109,056 a------- c:\windows\system32\iesysprep.dll 2009-07-21 14:47 71,680 a------- c:\windows\system32\iesetup.dll 2009-07-21 13:13 133,632 a------- c:\windows\system32\ieUnatt.exe 2009-06-01 17:09 726,008 a------- c:\users\clarissa\gotomypc_438.exe 2008-09-18 09:44 174 a--sh--- c:\program files\desktop.ini 2008-09-18 09:27 665,600 a------- c:\windows\inf\drvindex.dat 2008-09-17 23:13 20,653,064 a------- c:\users\clarissa\RhapsodyVcast.exe 2008-09-17 22:30 1,471,400 a------- c:\users\clarissa\LGUSBModemDriver_WHQL_Eng_Ver_4.8.1.exe 2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat 2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat 2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat 2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat 2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat 2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat 2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat 2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat ============= FINISH: 14:22:32.63 ===============

Attached Files

Attach.txt 7.07KB 337 downloads

#18 extremeboy

Retired WTT Malware Disintegrator Teacher

Authentic Member
1,433 posts

Posted 29 September 2009 - 04:13 PM

Well, the logs look clean and no indications of active infections.

Let's cleanup then. Update your Windows to Service Pack 2 via Windows Updates when the update is available. Instructions on Windows Update and using it can be found in the prevention speech below.

Uninstall ComboFix

Remove Combofix now that we're done with it.

Click on your Start Menu, then Run....
Now type combofix /u in the runbox and click OK. Notice the space between the "x" and "/".
You will then recieve a message letting you know that Combofix was uninstalled Successfully.

This will remove files/folders assoicated with combofix and uninstall it.

Download and Run OTC

We will now remove the tools we used during this fix using OTC.

Download OTC by OldTimer and save it to your desktop.
Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
Then Click the big button.
You will get a prompt saying "Being Cleanup Process". Please select Yes.
Restart your computer when prompted.

System A bit Slow? Try StartupLight

You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.

If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

Congratulations! You now appear clean!

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Preventing Infections in the Future

Please also have a look at the following links, giving some advice and Tips to protect yourself against malware and reduce the potential for re-infection:

Avoid gaming sites, underground web pages, pirated software sites, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.

Vist the WindowsUpdate Site Regularly

I recommend you regularly visit the Windows Update Site!

Lots of Hacking/Trojans use the methods found (plugged by the updates) that have not been stopped by people not updating.
Update ALL Critical updates and any other Windows updates for services/programs that you use.
If you wish to turn on automatic updates then you will find here is a nice little article about turning on automatic updates.
Note that it will download them for you, but you still have to actually click install.

Update Non-Microsoft Programs

It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Update all programs regularly - Make sure you update all the programs you have installed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

If you have no more questions, comments or problems please tell us, so we can close off the topic.

Thanks

With Regards,
Extremeboy

#19 eqbound

New Member

Authentic Member
14 posts

Posted 30 September 2009 - 10:01 PM

I'm having problems uninstalling Combofix. I have Windows Vista as my operating system and right clicked ComboFix (clicking on Run As Administrator) but then it started a whole new scan. I then tried to go to control panel and uninstall it from there but it didn't show up. What should I do about RootRepeal and ERUNT? Do I need to uninstall them as well? Do I go ahead and download and run the other program (on your last reply) before uninstalling Combofix? Sorry, I'm not the best at this...thank you for all your help and time.

#20 extremeboy

Retired WTT Malware Disintegrator Teacher

Authentic Member
1,433 posts

Posted 01 October 2009 - 04:29 PM

Hello.

No. You're not suppose to right-click on Combofix to uninstall it.

Try this..

Press your Windows Key and R on your keyboard together.
This will bring up the Run box.

In that box type in Combofix /u (Make sure Combofix.exe is on your desktop and named Combofix.exe and nothing else) and press Ok.

Follow the prompts to uninstall it. Let me know.

ERUNT, you can uninstall it if you wish.
RootRepeal and the others will be removed once you uninstall Combofix AND run the Cleanup Tool (OTC).

~Extremeboy

#21 eqbound

New Member

Authentic Member
14 posts

Posted 01 October 2009 - 09:37 PM

Okay, I've uninstalled Combofix and ran the clean up tool. I think I'm good to go now? If so, thank you so much for all your help!!!

#22 extremeboy

Retired WTT Malware Disintegrator Teacher

Authentic Member
1,433 posts

Posted 02 October 2009 - 04:38 PM

Yup. Good to go. Take care and happy surfing in the future. Make sure you read some of those prevention tips I mentioned. I'll close this topic shortly. With Regards, Extremeboy

#23 extremeboy

Retired WTT Malware Disintegrator Teacher

Authentic Member
1,433 posts

Posted 02 October 2009 - 04:39 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

Body Background

skin color theme