1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

4 virus , 11 infected HELP??

Discussion in 'Virus & Other Malware Removal' started by vr6man22, Nov 11, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. vr6man22

    vr6man22 Thread Starter

    Joined:
    Nov 28, 2005
    Messages:
    74
    did a kaspersky online scan and it say 4 virus, 11 infected.
    Avg says its clean.
    Spybot is clean.

    Is it true?

    HJT THIS and Kaspersky log below.

    Logfile of HijackThis v1.99.1
    Scan saved at 8:45:44 AM, on 11/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgwb.dat
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


    ------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Sunday, November 11, 2007 8:35:28 AM
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 11/11/2007
    Kaspersky Anti-Virus database records: 456176
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\
    E:\
    F:\

    Scan Statistics:
    Total number of scanned objects: 111664
    Number of viruses found: 4
    Number of infected objects: 11
    Number of suspicious objects: 0
    Duration of the scan process: 04:12:01

    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\1nf1n1ty\Application Data\Mozilla\Firefox\Profiles\qo9p2m1j.default\Cache\50D38F10d01/Phoenix Atmega Loader v1.1.1_With_Support/ATMEGA LIVE HELP/Live_Help.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
    C:\Documents and Settings\1nf1n1ty\Application Data\Mozilla\Firefox\Profiles\qo9p2m1j.default\Cache\50D38F10d01 ZIP: infected - 1 skipped
    C:\Documents and Settings\1nf1n1ty\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\1nf1n1ty\Desktop\PHOENIX Atmega Loader v1.1.1_With_Extra_Support.zip/Phoenix Atmega Loader v1.1.1_With_Support/ATMEGA LIVE HELP/Live_Help.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
    C:\Documents and Settings\1nf1n1ty\Desktop\PHOENIX Atmega Loader v1.1.1_With_Extra_Support.zip ZIP: infected - 1 skipped
    C:\Documents and Settings\1nf1n1ty\Desktop\Phoenix Atmega Loader v1.1.1_With_Support\ATMEGA LIVE HELP\Live_Help.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
    C:\Documents and Settings\1nf1n1ty\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\1nf1n1ty\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\1nf1n1ty\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\1nf1n1ty\Local Settings\Temp\hsperfdata_1nf1n1ty\3424 Object is locked skipped
    C:\Documents and Settings\1nf1n1ty\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\1nf1n1ty\ntuser.dat Object is locked skipped
    C:\Documents and Settings\1nf1n1ty\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\avg7\l_100596.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped
    C:\Program Files\mIRC123\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\_restore{0488F08B-8183-4D0B-9363-F249FC421079}\RP73\change.log Object is locked skipped
    C:\System Volume Information\_restore{E8C79624-4C25-4F55-8E62-D41CA6E09BB6}\RP1113\A0643103.exe/data0010 Infected: Trojan-Dropper.Win32.Small.qn skipped
    C:\System Volume Information\_restore{E8C79624-4C25-4F55-8E62-D41CA6E09BB6}\RP1113\A0643103.exe NSIS: infected - 1 skipped
    C:\System Volume Information\_restore{E8C79624-4C25-4F55-8E62-D41CA6E09BB6}\RP1119\A0660034.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf skipped
    C:\System Volume Information\_restore{E8C79624-4C25-4F55-8E62-D41CA6E09BB6}\RP1119\A0660034.exe NSIS: infected - 1 skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
    C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
    C:\WINDOWS\Internet Logs\GFUNK.ldb Object is locked skipped
    C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
    C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
    C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\Temp\ZLT01c8c.TMP Object is locked skipped
    C:\WINDOWS\Temp\ZLT01c8f.TMP Object is locked skipped
    C:\WINDOWS\wiadebug.log Object is locked skipped
    C:\WINDOWS\wiaservc.log Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped
    F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

    Scan process completed.
     
  2. vr6man22

    vr6man22 Thread Starter

    Joined:
    Nov 28, 2005
    Messages:
    74
    cheese or dvk can you look this over plz
     
  3. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,354
    First Name:
    Derek
    well yes it is true but the files are MIRC which is often used by backdoor trojans

    if you are aware of them and use mirc as part of the live help program then they are fine

    if not delete them

    the others are in system restore

    Turn off system restore by following instructions here
    http://www.thespykiller.co.uk/index.php?page=8
    That will purge the restore folder and clear any malware that has been put in there. Then reboot & then re-enable sytem restore & create a new restore point.
     
  4. vr6man22

    vr6man22 Thread Starter

    Joined:
    Nov 28, 2005
    Messages:
    74
    did the system restore off then on again then ,create new restore point
    deleted all mirc files.
    then did a kaspersky scan again
    and still 2 virus.
    HOW DO I Get rid of them?

    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Tuesday, November 13, 2007 5:15:20 PM
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 13/11/2007
    Kaspersky Anti-Virus database records: 457693
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\
    E:\
    F:\

    Scan Statistics:
    Total number of scanned objects: 106330
    Number of viruses found: 2
    Number of infected objects: 4
    Number of suspicious objects: 0
    Duration of the scan process: 03:49:58

    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\1nf1n1ty\Application Data\Mozilla\Firefox\Profiles\qo9p2m1j.default\Cache\_CACHE_001_ Object is locked skipped
    C:\Documents and Settings\1nf1n1ty\Application Data\Mozilla\Firefox\Profiles\qo9p2m1j.default\Cache\_CACHE_002_ Object is locked skipped
    C:\Documents and Settings\1nf1n1ty\Application Data\Mozilla\Firefox\Profiles\qo9p2m1j.default\Cache\_CACHE_003_ Object is locked skipped
    C:\Documents and Settings\1nf1n1ty\Application Data\Mozilla\Firefox\Profiles\qo9p2m1j.default\Cache\_CACHE_MAP_ Object is locked skipped
    C:\Documents and Settings\1nf1n1ty\Application Data\Mozilla\Firefox\Profiles\qo9p2m1j.default\cert8.db Object is locked skipped
    C:\Documents and Settings\1nf1n1ty\Application Data\Mozilla\Firefox\Profiles\qo9p2m1j.default\formhistory.dat Object is locked skipped
    C:\Documents and Settings\1nf1n1ty\Application Data\Mozilla\Firefox\Profiles\qo9p2m1j.default\history.dat Object is locked skipped
    C:\Documents and Settings\1nf1n1ty\Application Data\Mozilla\Firefox\Profiles\qo9p2m1j.default\key3.db Object is locked skipped
    C:\Documents and Settings\1nf1n1ty\Application Data\Mozilla\Firefox\Profiles\qo9p2m1j.default\parent.lock Object is locked skipped
    C:\Documents and Settings\1nf1n1ty\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\1nf1n1ty\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\1nf1n1ty\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\1nf1n1ty\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\1nf1n1ty\Local Settings\History\History.IE5\MSHist012007111320071114\index.dat Object is locked skipped
    C:\Documents and Settings\1nf1n1ty\Local Settings\Temp\miunst_.exe Object is locked skipped
    C:\Documents and Settings\1nf1n1ty\Local Settings\Temp\Perflib_Perfdata_4f4.dat Object is locked skipped
    C:\Documents and Settings\1nf1n1ty\Local Settings\Temp\sqlite_hAHpNfWUqMc4zyw Object is locked skipped
    C:\Documents and Settings\1nf1n1ty\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\1nf1n1ty\ntuser.dat Object is locked skipped
    C:\Documents and Settings\1nf1n1ty\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\_restore{0488F08B-8183-4D0B-9363-F249FC421079}\RP2\change.log Object is locked skipped
    C:\System Volume Information\_restore{E8C79624-4C25-4F55-8E62-D41CA6E09BB6}\RP1113\A0643103.exe/data0010 Infected: Trojan-Dropper.Win32.Small.qn skipped
    C:\System Volume Information\_restore{E8C79624-4C25-4F55-8E62-D41CA6E09BB6}\RP1113\A0643103.exe NSIS: infected - 1 skipped
    C:\System Volume Information\_restore{E8C79624-4C25-4F55-8E62-D41CA6E09BB6}\RP1119\A0660034.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf skipped
    C:\System Volume Information\_restore{E8C79624-4C25-4F55-8E62-D41CA6E09BB6}\RP1119\A0660034.exe NSIS: infected - 1 skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
    C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
    C:\WINDOWS\Internet Logs\GFUNK.ldb Object is locked skipped
    C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
    C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
    C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\Temp\ZLT03630.TMP Object is locked skipped
    C:\WINDOWS\Temp\ZLT03637.TMP Object is locked skipped
    C:\WINDOWS\wiadebug.log Object is locked skipped
    C:\WINDOWS\wiaservc.log Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped
    F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

    Scan process completed.


    Logfile of HijackThis v1.99.1
    Scan saved at 5:18:14 PM, on 13/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Hijackthis\HijackThis.exe

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
     
  5. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,354
    First Name:
    Derek
    they are still in system restore so you can't have emptied it before

    Turn off system restore by following instructions here
    http://www.thespykiller.co.uk/index.php?page=8
    That will purge the restore folder and clear any malware that has been put in there. Then reboot & then re-enable sytem restore & create a new restore point. Now Empty Recycle bin on desktop

    go here http://www.thespykiller.co.uk/index.php?page=3 for info on how to tighten your security settings and how to help prevent future attacks.

    and scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer

    Then pay an urgent visit to windows update & make sure you are fully updated & get the bunch of new updates that are alleged to plug the security holes that let these pests on in the first place
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/650542

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice