1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

hijack this log file

Discussion in 'Virus & Other Malware Removal' started by ih8spyware22, Jan 6, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. ih8spyware22

    ih8spyware22 Thread Starter

    Joined:
    Nov 21, 2005
    Messages:
    12
    i seem to have had some spyware installed onto my computer that i cant seem to get rid of. if someone could take a look at my hijack this log file and give me some idea of what to do. i would greatly appreciate it



    ogfile of HijackThis v1.99.1
    Scan saved at 3:22:28 PM, on 1/6/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\windows\System32\smss.exe
    C:\windows\system32\winlogon.exe
    C:\windows\system32\services.exe
    C:\windows\system32\lsass.exe
    C:\windows\system32\svchost.exe
    C:\windows\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\windows\system32\spoolsv.exe
    C:\windows\system32\AvidSDMService.exe
    E:\Program Files\security suite\ewidoctrl.exe
    C:\windows\system32\nvsvc32.exe
    C:\windows\System32\svchost.exe
    C:\Program Files\Filseclab\xfilter\xfilter.exe
    C:\windows\SOUNDMAN.EXE
    C:\windows\ALCWZRD.EXE
    C:\windows\smss.exe
    E:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\windows\explorer.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    E:\Program Files\security suite\SecuritySuite.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\ADMIN.COOLMOED-0SWUGL\Desktop\spyware\hijackthis\HijackThis.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mytelus.com/
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O4 - HKLM\..\Run: [ipTray.exe] "C:\Program Files\Intel\IDU\iptray.exe"
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [XFILTER] "C:\Program Files\Filseclab\xfilter\xfilter.exe" -a
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Microsoft Windows Session Manager Subsystem] C:\windows\smss.exe
    O4 - HKLM\..\Run: [Microsoft Windows Logon Process] C:\windows\winlogon.exe
    O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\Office\Office10\EXCEL.EXE/3000
    O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
    O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
    O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
    O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
    O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121228196608
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Avid SDM Service (AvidSDMService) - Avid Technology, Inc. - C:\windows\system32\AvidSDMService.exe
    O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\windows\system32\AvidStartup.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido security suite control - ewido networks - E:\Program Files\security suite\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - E:\Program Files\Norton\navapsvc.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    You have no active AntiVirus!

    Get the free AVG 7 install it, check for updates and run a full scan

    AVG 7 - http://free.grisoft.com/freeweb.php/doc/2/
    ============
    Care to give us more information?????

    <<i seem to have had some spyware installed>>

    That doesn't say much
     
  3. ih8spyware22

    ih8spyware22 Thread Starter

    Joined:
    Nov 21, 2005
    Messages:
    12
    hi sorry that was a bit of a bad description, i just dont know to much about this.
    i opened microsoft antispyware and immediately boxes popped up telling me to block a bunch of spyware so i did. but the only option was block i couldnt remove. i was just wondering if my hijack this file says i have anything bad, i dont know how to read it.
    thanks!
     
  4. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Get AVG as I posted, scan with it and then post a new log
     
  5. ih8spyware22

    ih8spyware22 Thread Starter

    Joined:
    Nov 21, 2005
    Messages:
    12
    ok scanned with AVG here is the log




    Logfile of HijackThis v1.99.1
    Scan saved at 1:04:34 PM, on 1/7/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\windows\System32\smss.exe
    C:\windows\system32\winlogon.exe
    C:\windows\system32\services.exe
    C:\windows\system32\lsass.exe
    C:\windows\system32\svchost.exe
    C:\windows\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\windows\system32\spoolsv.exe
    C:\windows\Explorer.EXE
    C:\Program Files\Filseclab\xfilter\xfilter.exe
    C:\windows\SOUNDMAN.EXE
    C:\windows\ALCWZRD.EXE
    E:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
    E:\PROGRA~1\AVGFRE~1\avgcc.exe
    E:\PROGRA~1\AVGFRE~1\avgamsvr.exe
    E:\PROGRA~1\AVGFRE~1\avgupsvc.exe
    E:\PROGRA~1\AVGFRE~1\avgemc.exe
    C:\windows\system32\AvidSDMService.exe
    E:\Program Files\security suite\ewidoctrl.exe
    C:\windows\system32\nvsvc32.exe
    C:\windows\System32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\windows\system32\wuauclt.exe
    C:\Documents and Settings\ADMIN.COOLMOED-0SWUGL\Desktop\spyware\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mytelus.com/
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O4 - HKLM\..\Run: [ipTray.exe] "C:\Program Files\Intel\IDU\iptray.exe"
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [XFILTER] "C:\Program Files\Filseclab\xfilter\xfilter.exe" -a
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Microsoft Windows Session Manager Subsystem] C:\windows\smss.exe
    O4 - HKLM\..\Run: [Microsoft Windows Logon Process] C:\windows\winlogon.exe
    O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\AVGFRE~1\avgcc.exe /STARTUP
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\Office\Office10\EXCEL.EXE/3000
    O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
    O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
    O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
    O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
    O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121228196608
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\AVGFRE~1\avgemc.exe
    O23 - Service: Avid SDM Service (AvidSDMService) - Avid Technology, Inc. - C:\windows\system32\AvidSDMService.exe
    O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\windows\system32\AvidStartup.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido security suite control - ewido networks - E:\Program Files\security suite\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - E:\Program Files\Norton\navapsvc.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
     
  6. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Fix these with HJT – mark them, close IE, click fix checked

    O4 - HKLM\..\Run: [Microsoft Windows Session Manager Subsystem] C:\windows\smss.exe

    O4 - HKLM\..\Run: [Microsoft Windows Logon Process] C:\windows\winlogon.exe

    DownLoad http://www.downloads.subratam.org/KillBox.zip

    Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

    Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

    C:\windows\smss.exe
    C:\windows\winlogon.exe

    Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

    START – RUN – type in %temp% OK - Edit – Select all – File – Delete

    Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

    Empty the recycle bin
    Boot and post a new log from normal NOT safe mode

    Please give feedback on what worked/didn’t work and the current status of your system
     
  7. ih8spyware22

    ih8spyware22 Thread Starter

    Joined:
    Nov 21, 2005
    Messages:
    12
    ok i did what you said. deleted those 2 files from HJT.
    but when i restarted in safe mode
    and tried to remove the files
    C:\windows\smss.exe
    C:\windows\winlogon.exe
    it coudlnt find them, and i tried looking for them myself and couldnt find them

    i opened run and typed in %temp% and was able to delete 4 of the files but
    ~DF7BF4.tmp
    ~DF569E.tmp
    ~DF803D.tmi
    coudlnt be deleted...
    and there was nothing in C:\Windows\Temp
    so i emptied the recylce bin and restarted



    here is my new log




    Logfile of HijackThis v1.99.1
    Scan saved at 1:40:12 PM, on 1/7/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\windows\System32\smss.exe
    C:\windows\system32\winlogon.exe
    C:\windows\system32\services.exe
    C:\windows\system32\lsass.exe
    C:\windows\system32\svchost.exe
    C:\windows\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\windows\system32\spoolsv.exe
    C:\windows\Explorer.EXE
    C:\Program Files\Filseclab\xfilter\xfilter.exe
    C:\windows\SOUNDMAN.EXE
    C:\windows\ALCWZRD.EXE
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    E:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
    E:\PROGRA~1\AVGFRE~1\avgcc.exe
    E:\PROGRA~1\AVGFRE~1\avgamsvr.exe
    E:\PROGRA~1\AVGFRE~1\avgupsvc.exe
    E:\PROGRA~1\AVGFRE~1\avgemc.exe
    C:\windows\system32\AvidSDMService.exe
    E:\Program Files\security suite\ewidoctrl.exe
    C:\windows\system32\nvsvc32.exe
    C:\windows\System32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    E:\Program Files\Office\Office10\WINWORD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\ADMIN.COOLMOED-0SWUGL\Desktop\spyware\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mytelus.com/
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O4 - HKLM\..\Run: [ipTray.exe] "C:\Program Files\Intel\IDU\iptray.exe"
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [XFILTER] "C:\Program Files\Filseclab\xfilter\xfilter.exe" -a
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\AVGFRE~1\avgcc.exe /STARTUP
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\Office\Office10\EXCEL.EXE/3000
    O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
    O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
    O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
    O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
    O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121228196608
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\AVGFRE~1\avgemc.exe
    O23 - Service: Avid SDM Service (AvidSDMService) - Avid Technology, Inc. - C:\windows\system32\AvidSDMService.exe
    O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\windows\system32\AvidStartup.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido security suite control - ewido networks - E:\Program Files\security suite\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - E:\Program Files\Norton\navapsvc.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
     
  8. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
  9. ih8spyware22

    ih8spyware22 Thread Starter

    Joined:
    Nov 21, 2005
    Messages:
    12
    here are the results of the scan



    -------------------------------------------------------------------------------
    KASPERSKY ON-LINE SCANNER REPORT
    Saturday, January 07, 2006 17:50:22
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky On-line Scanner version: 5.0.67.0
    Kaspersky Anti-Virus database last update: 7/01/2006
    Kaspersky Anti-Virus database records: 159428
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: standard
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\
    E:\

    Scan Statistics:
    Total number of scanned objects: 61769
    Number of viruses found: 2
    Number of infected objects: 3
    Number of suspicious objects: 1
    Duration of the scan process: 4021 sec

    Infected Object Name - Virus Name
    C:\System Volume Information\_restore{75EF8429-FAC4-42D3-9856-A51E6ED77145}\RP155\A0036879.exe Suspicious: Trojan-Spy.Win32.Sters.f
    C:\System Volume Information\_restore{75EF8429-FAC4-42D3-9856-A51E6ED77145}\RP156\A0036895.exe Infected: Trojan-Downloader.Win32.Small.cbf
    C:\System Volume Information\_restore{75EF8429-FAC4-42D3-9856-A51E6ED77145}\RP170\A0037331.exe Infected: Trojan-Downloader.Win32.Small.cbf
    C:\System Volume Information\_restore{75EF8429-FAC4-42D3-9856-A51E6ED77145}\RP170\A0037337.exe Infected: Trojan-Downloader.Win32.Small.cbf

    Scan process completed.
     
  10. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
  11. ih8spyware22

    ih8spyware22 Thread Starter

    Joined:
    Nov 21, 2005
    Messages:
    12
    what about the things the kaspeky scan found? i dont think it got rid of them ?
    thanks
     
  12. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    C:\System Volume Information is the restore point directory
     
  13. ih8spyware22

    ih8spyware22 Thread Starter

    Joined:
    Nov 21, 2005
    Messages:
    12
    oh ok i gotcha.


    ok i did that
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/431780

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice