1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

My pc has a virus! how do i remove it?

Discussion in 'Virus & Other Malware Removal' started by IMVERYSTUCK, Nov 9, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. IMVERYSTUCK

    IMVERYSTUCK Thread Starter

    Joined:
    Aug 10, 2007
    Messages:
    22
    My pc has been running unusually slow and so i believe that a file has been downloaded, and the content inside was not what was advertised.
    Below is HIJACK THIS log. anything else you need just tell me.



    Logfile of HijackThis v1.99.1
    Scan saved at 20:40, on 2007-11-08
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\WINDOWS\stsystra.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
    C:\Program Files\Norton AntiVirus\navw32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Documents and Settings\Ian\Local Settings\Temp\hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=5061115
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\cmd.exe /c C:\ComboFix\Combobatch.bat
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Easy SpyRemover] C:\Program Files\Easy SpyRemover\EasySpyRemover.exe /smart
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\RunOnce: [My Global Search Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -2
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {A91DEB0D-AD0D-453E-9AC8-60178EC24212} - http://www.sonypictures.com/movies/casinoroyale/vividas/player/vivid_ocx.jpeg
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{BC253C78-88F4-4A80-BF89-A06FE7A32C0B}: NameServer = 192.168.0.1
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
    O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
    O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
     
  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,283
    First Name:
    Derek
    that is teh old version of hijackthis

    uninstall it &

    go to here and download 'Hijack This!' self installer. Save it to the desktop or other suitable place. DO NOT just press run from the website Double click on the file and it will install to C:\program files\hijackthis and create an entry in the start menu.
    Click on the entry in start menu to run HijackThis
    Click the "Scan" button, when the scan is finished the scan button will become "Save Log" click that and save the log.
    Go to where you saved the log and click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in a reply.
    It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required,
    so do NOT fix anything yet.
    Someone here will be happy to help you analyze the results.
     
  3. IMVERYSTUCK

    IMVERYSTUCK Thread Starter

    Joined:
    Aug 10, 2007
    Messages:
    22
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:50, on 2007-11-09
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\BitTorrent\bittorrent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\dlcfcoms.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=5061115
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\cmd.exe /c C:\ComboFix\Combobatch.bat
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Easy SpyRemover] C:\Program Files\Easy SpyRemover\EasySpyRemover.exe /smart
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\RunOnce: [DelayShred] "C:\Program Files\McAfee.com\Shredder\SHRED32.EXE" /q C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.SH! C:\PROGRA~1\McAfee\SPAMKI~1\MSKOEPlg.SH! C:\PROGRA~1\McAfee.com\VSO\ashldres.SH! C:\PROGRA~1\McAfee.com\VSO\emscnres.SH! C:\PROGRA~1\McAfee.com\VSO\McVSEscn.SH! C:\PROGRA~1\McAfee.com\VSO\mcvsftsn.SH! C:\PROGRA~1\McAfee.com\VSO\mcvsscrp.SH! C:\PROGRA~1\McAfee.com\VSO\McVSSkt.SH! C:\PROGRA~1\McAfee.com\VSO\mcvsworm.SH! C:\PROGRA~1\McAfee.com\VSO\scrpres.SH! C:\PROGRA~1\McAfee.com\VSO\vscfgw32.SH! C:\PROGRA~1\McAfee.com\VSO\vsoupd.SH! C:\PROGRA~1\McAfee.com\VSO\wormres.SH!
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {A91DEB0D-AD0D-453E-9AC8-60178EC24212} - http://www.sonypictures.com/movies/casinoroyale/vividas/player/vivid_ocx.jpeg
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{BC253C78-88F4-4A80-BF89-A06FE7A32C0B}: NameServer = 192.168.0.1
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

    --
    End of file - 10223 bytes
     
  4. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,283
    First Name:
    Derek
    Run hijackthis, put a tick in the box beside these entries listed below and ONLY these entries, double check to make sure, then make sure all browser & email windows are closed and press fix checked

    O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\cmd.exe /c C:\ComboFix\Combobatch.bat

    then delete the version of combofix you have and

    Download Combofix Beta to your desktop:

    * Double-click combofix.exe & follow the prompts.
    * When finished, it shall produce a log for you. Post that log in your next reply.


    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
     
  5. IMVERYSTUCK

    IMVERYSTUCK Thread Starter

    Joined:
    Aug 10, 2007
    Messages:
    22
    ComboFix 07-11-08.3 - Ian 2007-11-10 0:11:58.3 - NTFSx86
    Running from: C:\Program Files\ComboFix.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Ian\Application Data\SpamBlockerUtility_Icons
    C:\Program Files\myglobalsearch
    C:\Program Files\myglobalsearch\bar\History\search

    .
    ((((((((((((((((((((((((( Files Created from 2007-10-10 to 2007-11-10 )))))))))))))))))))))))))))))))
    .

    2007-11-10 00:10 1,539,967 --a------ C:\Program Files\ComboFix.exe
    2007-11-09 19:18 <DIR> d-------- C:\Program Files\Nero
    2007-11-09 19:18 <DIR> d-------- C:\Program Files\Common Files\Nero
    2007-11-09 00:50 <DIR> d-------- C:\Program Files\Trend Micro
    2007-11-09 00:49 812,344 --a------ C:\Program Files\HJTsetup.exe
    2007-11-08 20:15 2,283,633 --a------ C:\Program Files\Cdvd.exe
    2007-11-08 20:07 5,940,400 --a------ C:\Program Files\BurnMyFiles-Setup.exe
    2007-11-08 19:30 <DIR> d-------- C:\Program Files\InterVideo Information Service
    2007-11-06 23:50 116,079 --a------ C:\Program Files\isum_hotfix.exe
    2007-11-06 23:41 <DIR> d-------- C:\Program Files\Easy SpyRemover
    2007-11-06 23:41 4,730,776 --a------ C:\Program Files\EasySpyRemover_setup.exe
    2007-11-06 23:07 121,242,712 --a------ C:\Program Files\WinDVD8.exe
    2007-11-06 22:40 2,777,832 --a------ C:\Program Files\mp3splitter.exe
    2007-11-06 21:39 <DIR> d-------- C:\Documents and Settings\Ian\Application Data\TuneUp Software
    2007-11-06 21:30 <DIR> d-------- C:\Program Files\TuneUp Utilities
    2007-11-06 20:16 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-10-30 17:19 187,041,352 --a------ C:\Program Files\Nero-8.1.1.0b_eng_trial.exe
    2007-10-25 22:39 <DIR> d-------- C:\Program Files\MySpace
    2007-10-25 22:37 79,856 --a------ C:\Program Files\MySpaceIM_Setup.exe
    2007-10-23 00:17 <DIR> d-------- C:\Program Files\Maxis
    2007-10-16 17:33 <DIR> d-------- C:\WINDOWS\system32\QuickTime
    2007-10-16 17:33 107,864 --a------ C:\WINDOWS\system32\tsccvid.dll
    2007-10-16 17:32 <DIR> d-------- C:\Program Files\TechSmith
    2007-10-16 17:32 <DIR> d-------- C:\Program Files\Common Files\TechSmith Shared
    2007-10-13 20:19 <DIR> d-------- C:\Program Files\Microsoft Games
    2007-10-11 17:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2007-10-11 15:47 245,408 --a------ C:\WINDOWS\system32\unicows.dll
    2007-10-11 15:09 <DIR> d-------- C:\Program Files\Windows Live
    2007-10-11 15:09 <DIR> d-------- C:\Program Files\Messenger Plus! Live
    2007-10-11 15:07 3,954,000 --a------ C:\Program Files\MsgPlusLive-423.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-09 19:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
    2007-11-08 23:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
    2007-11-08 20:14 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2007-11-08 19:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-11-08 19:22 --------- d-----w C:\Documents and Settings\Ian\Application Data\BitTorrent
    2007-11-08 09:52 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2007-11-08 08:44 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
    2007-11-07 16:37 --------- d-----w C:\Program Files\Norton AntiVirus
    2007-11-07 16:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
    2007-11-07 16:35 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
    2007-11-07 16:35 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
    2007-11-07 16:35 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2007-11-07 16:35 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
    2007-11-07 16:35 --------- d-----w C:\Program Files\Symantec
    2007-11-07 16:34 --------- d-----w C:\Program Files\MSN Messenger
    2007-11-06 21:57 --------- d-----w C:\Program Files\MTC
    2007-11-06 21:57 --------- d-----w C:\Documents and Settings\Ian\Application Data\LimeWire
    2007-11-06 21:57 --------- d-----w C:\Documents and Settings\Ian\Application Data\GetRightToGo
    2007-11-06 21:35 --------- d-----w C:\Program Files\Java
    2007-11-04 10:09 --------- d-----w C:\Program Files\THQ
    2007-11-03 00:33 150,685 ----a-w C:\Program Files\SoundPack_1351.plp
    2007-11-01 23:20 --------- d-----w C:\Documents and Settings\Ian\Application Data\BearShare
    2007-10-27 09:06 --------- d-----w C:\Program Files\EA GAMES
    2007-10-26 02:33 --------- d-----w C:\Program Files\DOWNLOADS
    2007-10-16 17:07 37,418,496 ----a-w C:\Program Files\camtasia.msi
    2007-10-13 15:06 --------- d-----w C:\Program Files\MagicISO
    2007-10-11 21:38 --------- d-----w C:\Program Files\BitTorrent
    2007-10-11 15:25 6,295 ----a-w C:\Program Files\Myspace Manager.plsc
    2007-10-07 07:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-10-07 07:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
    2007-10-07 07:40 --------- d-----w C:\Documents and Settings\Ian\Application Data\AVG7
    2007-10-06 13:31 --------- d-----w C:\Program Files\Macrogaming
    2007-10-06 12:38 --------- d-----w C:\Program Files\DivX
    2007-10-04 22:19 --------- d-----w C:\Program Files\Windows Media Connect 2
    2007-10-04 22:19 --------- d-----w C:\Program Files\RGB
    2007-10-04 21:52 --------- d-----w C:\Documents and Settings\Ian\Application Data\Nero
    2007-10-04 20:56 --------- d-----w C:\Documents and Settings\Ian\Application Data\Download Manager
    2007-10-04 15:38 --------- d-----w C:\Program Files\Google
    2007-10-01 11:51 --------- d-----w C:\Program Files\QuickTime
    2007-09-24 09:05 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
    2007-09-24 09:05 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
    2007-09-20 09:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe
    2007-09-20 09:55 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
    2007-09-20 09:55 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
    2007-09-19 19:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kontiki
    2007-09-18 22:28 --------- d-----w C:\Documents and Settings\Ian\Application Data\Center Cut GUI
    2007-09-18 14:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
    2007-09-18 14:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
    2007-09-18 14:44 10,658 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
    2007-09-18 14:44 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
    2007-09-18 14:44 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
    2007-09-18 14:44 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
    2007-09-18 14:43 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
    2007-09-18 14:43 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
    2007-09-18 14:43 278,576 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
    2007-09-18 11:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
    2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
    2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
    2007-09-17 18:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
    2007-09-17 18:22 739,840 ----a-w C:\WINDOWS\system32\DivX.dll
    2007-09-14 10:15 50,520 ----a-w C:\WINDOWS\system32\csvidcap.dll
    2007-09-12 17:50 --------- d-----w C:\Documents and Settings\Ian\Application Data\Ahead
    2007-09-11 23:14 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2007-09-11 21:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
    2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-08-21 06:15 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
    2007-08-21 00:26 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
    2007-08-21 00:26 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
    2007-08-20 10:04 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
    2007-08-20 10:04 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
    2007-08-20 10:04 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
    2007-08-20 10:04 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
    2007-08-20 10:04 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2007-08-20 10:04 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
    2007-08-20 10:04 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
    2007-08-20 10:04 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
    2007-08-20 10:04 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
    2007-08-20 10:04 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2007-08-20 10:04 3,584,512 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-08-20 10:04 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
    2007-08-20 10:04 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
    2007-08-20 10:04 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
    2007-08-20 10:04 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
    2007-08-20 10:04 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
    2007-08-20 10:04 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
    2007-08-20 10:04 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
    2007-08-20 10:04 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
    2007-08-20 10:04 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
    2007-08-20 10:04 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
    2007-08-20 10:04 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
    2007-08-20 10:04 1,152,000 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
    2007-08-17 10:21 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
    2007-08-17 10:20 63,488 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2007-08-17 10:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
    2007-08-17 07:34 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
    2007-08-16 00:05 49,152 -c--a-w C:\npbittorrent.dll
    2007-08-15 22:33 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
    2007-08-15 22:33 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
    2007-08-15 22:33 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2007-08-15 22:33 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
    2007-01-06 16:19:25 168 --sh--r C:\WINDOWS\system32\50AF9AE4E1.sys
    2007-01-06 16:19:38 5,018 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-03-20 16:34]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 16:34]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 05:59]
    "osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-01-14 07:11]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
    "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 16:34]
    "SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 09:38 C:\WINDOWS\stsystra.exe]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
    "Easy SpyRemover"="C:\Program Files\Easy SpyRemover\EasySpyRemover.exe" []
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
    "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57]
    "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-30 19:44]
    "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-09-07 23:01]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
    "DelayShred"="C:\Program Files\McAfee.com\Shredder\SHRED32.EXE" /q C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.SH! C:\PROGRA~1\McAfee\SPAMKI~1\MSKOEPlg.SH! C:\PROGRA~1\McAfee.com\VSO\ashldres.SH! C:\PROGRA~1\McAfee.com\VSO\emscnres.SH! C:\PROGRA~1\McAfee.com\VSO\McVSEscn.SH! C:\PROGRA~1\McAfee.com\VSO\mcvsftsn.SH! C:\PROGRA~1\McAfee.com\VSO\mcvsscrp.SH! C:\PROGRA~1\McAfee.com\VSO\McVSSkt.SH! C:\PROGRA~1\McAfee.com\VSO\mcvsworm.SH! C:\PROGRA~1\McAfee.com\VSO\scrpres.SH! C:\PROGRA~1\McAfee.com\VSO\vscfgw32.SH! C:\PROGRA~1\McAfee.com\VSO\vsoupd.SH! C:\PROGRA~1\McAfee.com\VSO\wormres.SH!

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-06-14 23:47:15]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

    R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ
    S2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    S3 ASPI;Advanced SCSI Programming Interface Driver;\??\C:\WINDOWS\System32\DRIVERS\ASPI32.sys
    S3 SDVC05;USB SDVC05;C:\WINDOWS\system32\Drivers\SDVC05.sys

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
    \Shell\AutoRun\command - E:\setup.exe

    *Newly Created Service* - CATCHME
    *Newly Created Service* - NMINDEXINGSERVICE
    .
    Contents of the 'Scheduled Tasks' folder
    "2007-11-05 21:17:26 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Ian.job"
    - C:\Program Files\Norton AntiVirus\Navw32.exe
    "2007-11-04 23:11:02 C:\WINDOWS\Tasks\Norton AntiVirus - SCANNING FOR VIRUSES AND OTHER MALICIOUS MATERIAL ON YOUR PC - Ian.job"
    - C:\Program Files\Norton AntiVirus\Navw32.exe
    "2007-10-30 18:00:03 C:\WINDOWS\Tasks\Windows Update.job"
    .
    **************************************************************************

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-10 00:14:42
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-10 0:15:15
    .
    --- E O F ---
     
  6. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,283
    First Name:
    Derek
    nothing bad there

    is it any better now
     
  7. IMVERYSTUCK

    IMVERYSTUCK Thread Starter

    Joined:
    Aug 10, 2007
    Messages:
    22
    Nothing bad! Aww thats great thankyou!

    Its not as slow. S fingers crossed. Thanks again mate
     
  8. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,283
    First Name:
    Derek
    if you get any more problems post back
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/649883

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice