I am running windows xp on an hp desktop. I had limewire installed until recently when I came across some info that said it was really bad. I removed it and just ran malwarebytes to remove the infections per a friend. I then came across your site. I am going to include the malwarebytes files (2 of them as 2 scans with separate results) as well as including the prework scans you request.
8:40 AM 11/4/2009~1\alluse~1\startm~1\programs\startup\kodaks~1 .lnk - c:\program files\kodak\kodak software updater\7288971\program\backWeb-7288971.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\log ite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger .exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\log ite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\upd ate~1.lnk - c:\program files\updates from hp\309731\program\Updates from HP.exe
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
LSA: Notification Packages = :\windows\syste
============= SERVICES / DRIVERS ===============
=============== Created Last 30 ================
2009-11-04 11:56:57 0 d-----w- c:\docume~1\hp_owner\applic~1\Malwarebytes
2009-11-04 11:56:53 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-04 11:56:51 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-04 11:56:51 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-04 11:56:51 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-04 11:45:36 0 d-----w- c:\program files\CCleaner
2009-11-04 11:31:44 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-11-04 11:31:44 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2009-11-04 11:31:31 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-11-04 11:31:31 14848 ----a-w- c:\windows\system32\dllcache\kbdhid.sys
2009-11-04 11:30:21 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-11-04 11:30:21 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2009-11-01 16:41:25 0 d-----w- c:\windows\system32\CatRoot_bak
==================== Find3M ====================
2009-10-31 13:26:50 5274 -c--a-w- c:\docume~1\hp_owner\applic~1\wklnhst.dat
2009-09-18 09:56:10 18432 ----a-w- c:\windows\system32\dllcache\iedw.exe
2009-09-16 14:22:48 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 14:22:48 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 14:22:48 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 14:22:48 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 14:22:14 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-11 14:33:52 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:33:52 133632 ----a-w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 20:45:26 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 20:45:26 58880 ----a-w- c:\windows\system32\dllcache\msasn1.dll
2009-08-26 08:16:37 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-26 08:16:37 247326 ----a-w- c:\windows\system32\dllcache\strmdll.dll
2009-08-21 09:46:35 450560 ----a-w- c:\windows\system32\dllcache\jscript.dll
============= FINISH: 8:33:28.50 ===============
Results of screen317's Security Check version 0.99.0
Windows XP Service Pack 2
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
McAfee SecurityCenter
``````````````````````````````
Anti-malware/Other Utilities Check:
CCleaner
Adobe Flash Player 10
Adobe Reader 9.1
``````````````````````````````
Process Check:
objlist.exe by Laurent
McAfee VIRUSS~1 mcshield.exe
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)
`````````End of Log```````````
 |
 |
 |
 |
|
|||||||
| [Fixed] Hijackthis! Logs - Infected with Alpha virus posted in the Security & Safety forums; I am running windows xp on an hp desktop. I had limewire installed until recently when I came across some info that said it was really bad. I removed it ... |
|
2 Weeks Ago
|
#1 |
|
Bronze Member
 Join Date: Nov 2009
Posts: 6 PC Experience: Experienced
|
Infected with Alpha virus
|
|
|
| Advertisement - Register to Remove | |
|
|
2 Weeks Ago
|
#2 |
|
Tech Support Team
 
Join Date: Nov 2006
Location: In the Slaughtered Lamb having a pint.
Posts: 4,484 PC Experience: Smarter than the average Bear
|
Re: Infected with Alpha virus
Hello Isabella
Welcome to PC Help Forum A member of the Security Team will assist you as soon as possible.
__________________
|
|
|
|
2 Weeks Ago
|
#3 |
|
Bronze Member
Join Date: Nov 2009
Posts: 6 PC Experience: Experienced
|
Re: Infected with Alpha virus
thank you for the update
|
|
|
|
|
2 Weeks Ago
|
#4 |
|
Senior Security Analyst
 
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 6,862 PC Experience: Elite PC Guru
|
Re: Infected with Alpha virus
Lets do one more check..
You will need to download ComboFix.exe. Download Combofix from any of the links below. You must rename it before saving it. Name it ComFx, and Save it to your desktop. http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe * IMPORTANT !!! Save ComboFix.exe to your Desktop It is important that it is saved and renamed following this process directly to your desktop** Disable your AntiVirus and AntiSpyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with our tools. More help on your specific AV here: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs Double click on ComFx.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.  Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:  Click on Yes to continue scanning for malware. When finished, it shall produce a log for you. Please include the ComboFix.txt in your reply. Caution..... Never use this program to remove files.Only use it with help from an experienced user.Wrongful use can damage your computer.
__________________
My real name is Eddy
|
|
|
|
|
2 Weeks Ago
|
#5 |
|
Bronze Member
Join Date: Nov 2009
Posts: 6 PC Experience: Experienced
|
Re: Infected with Alpha virus
I have tried several times to run combofix. It starts, makes the restore point and the says it is scanning for infected files . ... Then, it sits there and does nothing. I let it run (twice) for over 2 hours each and it never so much as did anything at all.
When I boot the computer, I get a pop up box that says runtime error: invalid backweb application id 7288971. I also tried to uninstall mcafee (had already disabled it) and it won't uninstall all of the way. Please advise how to continue. Thank you |
|
|
|
|
2 Weeks Ago
|
#6 |
|
Senior Security Analyst
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 6,862 PC Experience: Elite PC Guru
|
Re: Infected with Alpha virus
Run Combofix in safe mode.
__________________
My real name is Eddy
|
|
|
|
|
2 Weeks Ago
|
#7 |
|
Bronze Member
Join Date: Nov 2009
Posts: 6 PC Experience: Experienced
|
Re: Infected with Alpha virus
Here is combofix log: thanks for the safe mode tip
ComboFix 09-11-04.05 - HP_Owner 11/05/2009 17:09.1.1 - NTFSx86 NETWORK Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.275 [GMT -5:00] Running from: c:\documents and settings\HP_Owner\Desktop\ComFx.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\10.tmp C:\1F.tmp C:\28.tmp C:\2F.tmp C:\36.tmp C:\3D.tmp C:\40.tmp C:\44.tmp C:\4B.tmp C:\52.tmp C:\53.tmp C:\61.tmp C:\62.tmp C:\72.tmp C:\7F.tmp C:\9.tmp C:\94.tmp C:\9B.tmp c:\recycler\S-1-5-21-3402143952-2742371472-3645884128-1003 c:\recycler\S-1-5-21-485242667-1399376495-4093142703-1009 c:\windows\MailSwitch.ocx c:\windows\system32\3584867852.dat c:\windows\system32\ps2.bat c:\windows\system32\winsrc.dll.tmp c:\windows\viassary-hp.reg D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2009-10-05 to 2009-11-05 ))))))))))))))))))))))))))))))) . 2009-11-05 22:01 . 2009-11-05 22:01 -------- d-----w- c:\documents and settings\Administrator 2009-11-05 13:50 . 2009-11-05 13:50 -------- d-----w- C:\ComFx 2009-11-04 13:24 . 2009-11-04 13:24 -------- d-----w- c:\program files\7-Zip 2009-11-04 11:56 . 2009-11-04 11:56 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Malwarebytes 2009-11-04 11:56 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-04 11:56 . 2009-11-04 11:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-04 11:56 . 2009-11-04 11:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-11-04 11:56 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-04 11:45 . 2009-11-04 11:45 -------- d-----w- c:\program files\CCleaner 2009-11-04 11:31 . 2004-08-04 05:56 21504 ----a-w- c:\windows\system32\hidserv.dll 2009-11-04 11:31 . 2004-08-04 05:56 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll 2009-11-04 11:31 . 2004-08-04 03:58 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys 2009-11-04 11:31 . 2004-08-04 03:58 14848 ----a-w- c:\windows\system32\dllcache\kbdhid.sys 2009-11-04 11:30 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys 2009-11-04 11:30 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys 2009-11-01 16:41 . 2009-11-01 17:09 -------- d-----w- c:\windows\system32\CatRoot_bak . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2009-11-05 22:15 . 2008-01-19 19:59 -------- d-----w- c:\program files\TrueSwitchComcast 2009-11-05 12:31 . 2005-07-29 16:49 43968 -c--a-w- c:\documents and settings\HP_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-11-05 12:28 . 2005-05-04 05:41 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-11-05 12:28 . 2005-05-04 06:18 -------- d-----w- c:\program files\PC-Doctor for Windows 2009-11-05 12:26 . 2008-11-30 23:23 -------- d-----w- c:\program files\Common Files\McAfee 2009-11-05 12:26 . 2008-11-30 23:22 -------- d-----w- c:\program files\McAfee 2009-11-05 12:26 . 2006-10-03 10:25 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2009-11-04 11:52 . 2008-01-29 15:11 -------- d-----w- c:\documents and settings\All Users\Application Data\SupportSoft 2009-11-04 11:34 . 2008-01-29 15:11 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\ComcastToolbar 2009-10-31 13:26 . 2005-11-05 01:48 5274 -c--a-w- c:\documents and settings\HP_Owner\Application Data\wklnhst.dat 2009-10-02 20:25 . 2005-05-04 06:09 -------- d-----w- c:\program files\QuickTime 2009-10-02 20:25 . 2005-05-04 06:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2009-09-25 05:56 . 2004-08-04 11:00 662016 ----a-w- c:\windows\system32\wininet.dll 2009-09-25 05:56 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll 2009-09-11 14:33 . 2008-11-30 21:38 133632 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-04 20:45 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-26 08:16 . 2004-08-04 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe" [2007-08-30 67128] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2009-03-06 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "SiSPower"="SiSPower.dll" - c:\windows\system32\SiSPower.dll [2005-01-04 49152] "AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-09-21 55824] c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\ TrueAssistant.lnk - c:\program files\TrueSwitchComcast\TrueWizard.exe [2008-1-17 1060864] c:\documents and settings\All Users\Start Menu\Programs\Startup\ ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2009-1-4 303104] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-5 258048] Kodak EasyShare software.lnk - c:\program files\KODAK\Kodak EasyShare software\bin\EasyShare.exe [2002-9-16 299008] KODAK Software Updater.lnk - c:\program files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2002-3-13 16384] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe [2007-8-29 67128] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-8-14 784912] Updates from HP.lnk - c:\program files\Updates from HP\309731\Program\Updates from HP.exe [2005-5-4 45056] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2007-11-15 14:10 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"= "c:\\WINDOWS\\system32\\fxsclnt.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessen ger.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:*  isabled:@xpsp2res.dll,-22009--- Other Services/Drivers In Memory --- *NewlyCreated* - MBR *Deregistered* - mbr . Contents of the 'Scheduled Tasks' folder 2009-10-29 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] 2009-11-05 c:\windows\Tasks\McAfee.com Update Check (YOUR-F78BF48CE2-HP_Owner).job - c:\progra~1\McAfee.com\Agent\mcupdate.exe [2005-08-02 18:29] 2009-10-15 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-11-30 16:22] 2009-11-01 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-11-30 16:22] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.comcast.net/comcast.html uSearch Page = hxxp://www.google.com uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavi lion&pf=desktop uSearch Bar = hxxp://www.google.com/ie mStart Page = hxxp://www.comcast.net/ mSearch Bar = hxxp://www.google.com/ie mWindow Title = Windows Internet Explorer provided by Comcast uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Search IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll . - - - - ORPHANS REMOVED - - - - Notify-dimsntfy - (no file) SafeBoot-MCODS ************************************************** ************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2009-11-05 17:15 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(644) c:\program files\common files\logitech\bluetooth\LBTWlgn.dll c:\program files\common files\logitech\bluetooth\LBTServ.dll - - - - - - - > 'explorer.exe'(4024) c:\docume~1\HP_Owner\LOCALS~1\Temp\IadHide5.dll c:\program files\Logitech\SetPoint\lgscroll.dll c:\program files\Windows Media Player\wmpband.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\LightScribe\LSSrvc.exe c:\progra~1\McAfee\MSC\mcmscsvc.exe c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\HPZipm12.exe c:\windows\system32\wdfmgr.exe c:\progra~1\mcafee.com\agent\mcagent.exe c:\windows\system32\wscntfy.exe c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE . ************************************************** ************************ . Completion time: 2009-11-05 17:19 - machine was rebooted ComboFix-quarantined-files.txt 2009-11-05 22:19 Pre-Run: 143,283,154,944 bytes free Post-Run: 142,724,952,064 bytes free |
|
|
|
|
| Bookmarks |
| Tags |
| alpha, infected, virus |
Similar discussions...
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Pending: Seriously bad virus infected | GourmetPrince | [Pending] HJT Logs | 3 | 05-03-2009 05:41 AM |
| Infected with strange virus | Rishabh | [Pending] HJT Logs | 3 | 04-03-2009 05:08 AM |
| Fixed: Infected with Virus | Syker | [Fixed] Hijackthis! Logs | 14 | 03-06-2009 07:37 PM |
| Pending: virus infected to pc | class08820 | Spyware / AdWare | 1 | 04-09-2007 09:52 AM |
| So far 888 infected during virus scan | dilbert | Anti-Virus | 12 | 03-18-2006 07:24 PM |
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
