1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

i suspect i got a msn virus

Discussion in 'Virus & Other Malware Removal' started by jeanle, Nov 9, 2007.

Thread Status:
Not open for further replies.
  1. jeanle

    jeanle Thread Starter

    Joined:
    Nov 9, 2007
    Messages:
    2
    recently i got a msn virus, sending things to everyone.

    i used system restore, it doesn't seem to be around, but i am suspicious of it.

    i did a scan with norton and it does not show anything. can you help me check whether is the virus still around?
     
  2. jeanle

    jeanle Thread Starter

    Joined:
    Nov 9, 2007
    Messages:
    2
    here is my log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:52:40 AM, on 11/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    E:\WINDOWS\System32\smss.exe
    E:\WINDOWS\system32\winlogon.exe
    E:\WINDOWS\system32\services.exe
    E:\WINDOWS\system32\lsass.exe
    E:\WINDOWS\system32\svchost.exe
    E:\WINDOWS\System32\svchost.exe
    E:\WINDOWS\system32\ZoneLabs\vsmon.exe
    E:\WINDOWS\Explorer.EXE
    E:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    E:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    E:\WINDOWS\system32\spoolsv.exe
    E:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    E:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    E:\WINDOWS\system32\nvsvc32.exe
    E:\WINDOWS\system32\svchost.exe
    E:\Program Files\Analog Devices\Core\smax4pnp.exe
    E:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    E:\Program Files\Common Files\Symantec Shared\ccApp.exe
    E:\Program Files\FlashGet\FlashGet.exe
    E:\Program Files\Camera Assistant Software for ViewSonic\traybar.exe
    E:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Installation Files\utorrent.exe
    E:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
    E:\Program Files\Camera Assistant Software for ViewSonic\CEC_MAIN.exe
    E:\Program Files\Hamachi\hamachi.exe
    E:\WINDOWS\system32\wuauclt.exe
    E:\Program Files\Internet Explorer\iexplore.exe
    E:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    E:\Program Files\Windows Live\Messenger\usnsvc.exe
    E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    E:\WINDOWS\system32\CTFMON.EXE
    E:\Program Files\Internet Explorer\iexplore.exe
    E:\Program Files\[email protected]\FAH504-Console.exe
    E:\Program Files\[email protected]\FahCore_82.exe
    E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - E:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - E:\Program Files\FlashGet\getflash.dll
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - E:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SoundMAXPnP] E:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] "E:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [JMB36X IDE Setup] E:\WINDOWS\RaidTool\xInsIDE.exe
    O4 - HKLM\..\Run: [36X Raid Configurer] E:\WINDOWS\system32\xRaidSetup.exe boot
    O4 - HKLM\..\Run: [ZoneAlarm Client] "E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "E:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "E:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "E:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [Flashget] E:\Program Files\FlashGet\FlashGet.exe /min
    O4 - HKLM\..\Run: [Camera Assistant Software] "E:\Program Files\Camera Assistant Software for ViewSonic\traybar.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "E:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] E:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [uTorrent] "C:\Installation Files\utorrent.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\CTFMON.EXE
    O4 - Startup: hamachi.lnk = E:\Program Files\Hamachi\hamachi.exe
    O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?
    O8 - Extra context menu item: &Download All with FlashGet - E:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Download with FlashGet - E:\Program Files\FlashGet\jc_link.htm
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - E:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: [email protected]:+Program [email protected] Windows SMP Client V1.01+fah.exe - Unknown owner - E:\Program Files\[email protected] Windows SMP Client V1.01\fah.exe (file missing)
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - E:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - E:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Symantec Core LC - Unknown owner - E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - E:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 8043 bytes
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/649805

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice