frostwire virus?

2 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

frostwire virus?28th April 2009, 5:21 pm

i installed frostwire about 3 weeks ago and uninstalled it since my computer started to process slow...but when i uninstalled it,the java program still appears everytime i turn on my laptop and also my computer still process slow compared to when it was still new...my laptop is only a month old...help me pls

Re: frostwire virus?28th April 2009, 5:40 pm

Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
Link 1
Link 2
Double click DDS.scr to run
When complete, DDS.txt will open.
Save the report to your Desktop.
Copy and paste DDS.txt back here, I don't need to see attach.txt.

............................................................................................
Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
frostwire virus? DXwU4

Re: frostwire virus?28th April 2009, 6:13 pm

DDS (Ver_09-03-16.01) - NTFSx86
Run by AXIOO at 2:07:32.21 on Wed 04/29/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1028 [GMT 7:00]

AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\OEM\OSD_1.5.2\OsdService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OEM\OSD_1.5.2\osd.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\AXIOO\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page =
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
mSearchAssistant =
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Device Detector] DevDetect.exe -autorun
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [WinampAgent] c:\program files\winamp\winampa.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
StartupFolder: c:\docume~1\axioo\startm~1\programs\startup\frostw~1.lnk - c:\program files\frostwire\FrostWire.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\osd.lnk - c:\windows\installer\{73289228-1853-4623-982a-eb17ff0270ca}\_92336A3DC4E4457994C245.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: Backward &Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Si&milar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\axioo\applic~1\mozilla\firefox\profiles\6cl6ev71.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101668&gct=&gc=1&q=

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2009-4-1 11840]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;c:\program files\avira\antivir personaledition classic\sched.exe [2009-4-1 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2009-4-1 151297]
R2 OsdService;OSD Service;c:\program files\oem\osd_1.5.2\OsdService.exe [2008-2-22 94208]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-10 602392]
R3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2009-4-1 52032]
R3 GpdDevDPort;GpdDevDPort;c:\windows\system32\directport.sys [2008-6-17 7168]
R3 GpdKbFilter;GpdKbFilter;c:\windows\system32\kbfiltr.sys [2008-4-22 8192]
R3 ReallusionVirtualAudio;Reallusion Virtual Audio;c:\windows\system32\drivers\RLVrtAuCbl.sys [2008-10-19 31616]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2008-10-19 156160]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2008-10-19 275712]

=============== Created Last 30 ================

2009-04-19 20:39 216,064 a------- c:\windows\system32\CNMLM8R.DLL
2009-04-18 16:28 25,856 ac------ c:\windows\system32\dllcache\usbprint.sys
2009-04-18 16:28 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-04-18 16:28 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2009-04-18 16:28 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-04-16 23:01 1,970,176 a------- c:\windows\system32\d3dx9.dll
2009-04-16 23:01 679,936 a------- c:\windows\system32\D3DX81ab.dll
2009-04-16 23:01 --d----- c:\program files\Cheat Engine
2009-04-16 10:48 268,648 a------- c:\windows\system32\mucltui.dll
2009-04-16 10:48 208,744 a------- c:\windows\system32\muweb.dll
2009-04-16 10:48 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-04-15 21:50 --d----- c:\program files\Windows Media Connect 2
2009-04-15 21:48 --d----- c:\windows\system32\LogFiles
2009-04-15 21:37 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-04-15 21:37 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-04-15 21:37 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-04-15 21:37 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 21:37 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-04-15 21:37 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 21:37 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-04-15 21:37 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-04-15 21:37 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 20:12 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-15 20:12 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 20:12 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-04-13 12:12 --dsh--- c:\documents and settings\axioo\IECompatCache
2009-04-13 01:39 --d----- c:\docume~1\axioo\applic~1\FrostWire
2009-04-13 01:37 --d----- c:\program files\FrostWire
2009-04-08 10:44 --d----- c:\program files\Adobe PhotoShop CS3 v10.0 Portable
2009-04-05 23:07 --dsh--- c:\documents and settings\axioo\PrivacIE
2009-04-05 23:06 --dsh--- c:\documents and settings\axioo\IETldCache
2009-04-05 23:04 --d----- c:\windows\ie8updates
2009-04-05 23:02 -cd-h--- c:\windows\ie8
2009-04-05 23:01 --d-h--- c:\windows\msdownld.tmp
2009-04-05 23:00 --dsh--- c:\documents and settings\axioo\UserData
2009-04-05 22:58 105,984 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-04-03 08:50 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-04-03 08:49 914,944 ac------ c:\windows\system32\dllcache\wininet.dll
2009-04-03 08:49 1,206,784 ac------ c:\windows\system32\dllcache\urlmon.dll
2009-04-03 08:49 1,499,136 -c------ c:\windows\system32\dllcache\shdocvw.dll
2009-04-03 08:41 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-03 08:41 2,189,056 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-03 08:41 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-04-03 08:41 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-03 08:38 5,937,152 ac------ c:\windows\system32\dllcache\mshtml.dll
2009-04-03 08:33 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-04-03 08:33 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-04-03 08:32 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-04-03 08:32 331,776 -c------ c:\windows\system32\dllcache\msadce.dll
2009-04-03 08:31 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-04-03 08:26 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-04-03 08:26 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2009-04-03 02:01 --d----- c:\windows\system32\PreInstall
2009-04-02 17:55 --d----- c:\program files\Yahoo!
2009-04-01 22:31 --d----- c:\docume~1\axioo\applic~1\ACD Systems
2009-04-01 15:26 --d----- c:\program files\Bonjour
2009-04-01 15:23 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-04-01 15:23 15,464 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-04-01 15:23 --d----- c:\program files\iPod
2009-04-01 15:23 --d----- c:\program files\iTunes
2009-04-01 15:23 --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-04-01 13:42 773,120 a------- c:\windows\system32\bubbles.scr
2009-04-01 13:29 --d----- c:\docume~1\axioo\applic~1\Reallusion
2009-04-01 13:27 --d----- c:\program files\XP Codec Pack
2009-04-01 13:23 20,640 -------- c:\windows\system32\drivers\PxHelp20.sys
2009-04-01 13:23 155 a------- c:\windows\winamp.ini
2009-04-01 13:20 --d----- c:\program files\VideoLAN
2009-04-01 13:19 --d----- C:\noob
2009-04-01 13:18 --d----- c:\program files\DivX
2009-04-01 11:09 --d----- c:\program files\Avira
2009-04-01 11:09 --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-04-01 10:58 714 a------- c:\windows\m3jpeg.ini
2009-04-01 10:44 376 a------- c:\windows\ODBC.INI
2009-04-01 10:44 28,040 a------- c:\windows\system32\mdimon.dll
2009-04-01 10:43 --d----- c:\program files\common files\L&H
2009-04-01 10:43 --d----- c:\program files\Microsoft ActiveSync
2009-04-01 10:42 --d----- c:\windows\SHELLNEW
2009-04-01 10:32 --d----- c:\docume~1\alluse~1\applic~1\ACD Systems
2009-04-01 10:32 --d----- c:\program files\common files\ACD Systems
2009-04-01 10:32 --d----- c:\program files\ACD Systems
2009-04-01 10:26 --d----- c:\windows\Downloaded Installations

==================== Find3M ====================

2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 04:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-06 21:22 284,160 a------- c:\windows\system32\pdh.dll
2009-02-09 19:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 19:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 19:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 19:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 18:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-06 18:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 18:06 2,145,280 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 17:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 17:32 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-04 02:59 56,832 a------- c:\windows\system32\secur32.dll

============= FINISH: 2:08:00.51 ===============

Re: frostwire virus?28th April 2009, 6:19 pm

Hello.
Do you know what this folder is?

C:\noob

Please download the OTMoveIt3 by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt3.exe to run it.
Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:files
c:\docume~1\axioo\startm~1\programs\startup\frostw~1.lnk
c:\program files\frostwire
c:\docume~1\axioo\applic~1\FrostWire
Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.

Re: frostwire virus?28th April 2009, 6:27 pm

========== FILES ==========
c:\docume~1\axioo\startm~1\programs\startup\FrostWire On Startup.lnk moved successfully.
c:\program files\FrostWire moved successfully.
c:\docume~1\axioo\applic~1\FrostWire\xml\data moved successfully.
c:\docume~1\axioo\applic~1\FrostWire\xml moved successfully.
c:\docume~1\axioo\applic~1\FrostWire\themes\frostwirePro_theme moved successfully.
c:\docume~1\axioo\applic~1\FrostWire\themes moved successfully.
c:\docume~1\axioo\applic~1\FrostWire\.NetworkShare\Incomplete moved successfully.
c:\docume~1\axioo\applic~1\FrostWire\.NetworkShare moved successfully.
c:\docume~1\axioo\applic~1\FrostWire\.AppSpecialShare moved successfully.
c:\docume~1\axioo\applic~1\FrostWire moved successfully.

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04292009_022500

Re: frostwire virus?28th April 2009, 6:28 pm

sorry for being noob...its my 1st time trying out this site

Re: frostwire virus?28th April 2009, 6:30 pm

Please download the current version of HijackThis from HERE

Double click and run the installer.
It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
After installing, you should get the user agreement, press accept and Hijack This will run.
Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.

Re: frostwire virus?28th April 2009, 6:32 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:32:25 AM, on 4/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\OEM\OSD_1.5.2\OsdService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OEM\OSD_1.5.2\osd.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: OSD.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: OSD Service (OsdService) - TODO: - C:\Program Files\OEM\OSD_1.5.2\OsdService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 7372 bytes

Re: frostwire virus?28th April 2009, 6:48 pm

Hello.

Open HijackThis
Choose "Do a system scan only"
Check the boxes in front of these lines:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: OSD.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
Press "Fix Checked"
Close Hijack This.

Reboot normally.
Let me know what problems remain.

Re: frostwire virus?28th April 2009, 6:59 pm

ok...by the way,may i ask something?...does the removed program have anything to do with the slow processing of my laptop the past days?

Re: frostwire virus?28th April 2009, 7:09 pm

Removing them from startup will speed the laptop up somewhat because there isn't a load of of unused stuff loading at startup.

Re: frostwire virus?28th April 2009, 7:58 pm

ok..so far the performance seems to be faster...thanks a lot for the help Thank You!

frostwire virus?

descriptionfrostwire virus?28th April 2009, 5:21 pm

descriptionRe: frostwire virus?28th April 2009, 5:40 pm

descriptionRe: frostwire virus?28th April 2009, 6:13 pm

descriptionRe: frostwire virus?28th April 2009, 6:19 pm

descriptionRe: frostwire virus?28th April 2009, 6:27 pm

descriptionRe: frostwire virus?28th April 2009, 6:28 pm

descriptionRe: frostwire virus?28th April 2009, 6:30 pm

descriptionRe: frostwire virus?28th April 2009, 6:32 pm

descriptionRe: frostwire virus?28th April 2009, 6:48 pm

descriptionRe: frostwire virus?28th April 2009, 6:59 pm

descriptionRe: frostwire virus?28th April 2009, 7:09 pm

descriptionRe: frostwire virus?28th April 2009, 7:58 pm

descriptionRe: frostwire virus?