1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

please help with HIJACK THIS!!! pleaseee

Discussion in 'Virus & Other Malware Removal' started by Muffy7, Oct 29, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. Muffy7

    Muffy7 Thread Starter

    Joined:
    Apr 13, 2005
    Messages:
    306
    Hi!

    I'm working on my friend's computer and it is laggy.
    I ran anti-spyware and anti-viruses... as well as other security/tuning programs.

    However, it's still a bit laggy.
    It feels like there is a virus somewhere in it... but AVG couldn't find it.

    so here's my hijack this... i was hoping someone could take a look at it and help me out!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:42:09 PM, on 10/29/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Skyhook Wireless\Wi-Fi Service\WPSScannerSvc.exe
    C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\WINDOWS\system32\VTTimer.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Sierra\Planner\PLNRnote.exe
    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\HiJackThis.exe
    C:\Program Files\Hijackthis\HiJackThis.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\Sierra\Planner\PLNRnote.exe
    O8 - Extra context menu item: &Search - ?p=ZJxdm090KEUS
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?247874d40c16477ea23950e756cd4393
    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?247874d40c16477ea23950e756cd4393
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\John Doe\Start Menu\Programs\>IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157074355641
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Coupons.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: WPS Scanner Service (WPSScannerSvc) - Skyhook Wireless - C:\Program Files\Skyhook Wireless\Wi-Fi Service\WPSScannerSvc.exe
    O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/JOHNDO~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

    THANKS!
     
  2. endfro

    endfro

    Joined:
    May 11, 2007
    Messages:
    261
    I am NOT a HJT expert nor do I have the shields to support you with Hijack This. But I can say from experience that you do have some suspect looking files, I dont want to name any to avoid confusion, but I can see some entries in your hijack this that I know I have had to remove on other computers.
     
  3. golferbob

    golferbob

    Joined:
    May 18, 2004
    Messages:
    3,895
  4. Muffy7

    Muffy7 Thread Starter

    Joined:
    Apr 13, 2005
    Messages:
    306
    I'll start with the Java update, and thanks for the help!

    Now hopefully I can get those suspicious files looked at and helped with! :]


    thanks!
     
  5. Muffy7

    Muffy7 Thread Starter

    Joined:
    Apr 13, 2005
    Messages:
    306
    bump! :D
     
  6. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,283
    First Name:
    Derek
    Download Combofix to your desktop:

    * Double-click combofix.exe & follow the prompts.
    * When finished, it shall produce a log for you. Post that log in your next reply.


    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
     
  7. Muffy7

    Muffy7 Thread Starter

    Joined:
    Apr 13, 2005
    Messages:
    306
    Here's the combofix log!

    ComboFix 07-11-01.1 - John Doe 2007-11-02 12:35:26.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.210 [GMT -7:00]
    Running from: C:\Documents and Settings\John Doe\Desktop\ComboFix.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\grouppolicy\machine\scripts\scripts.ini

    .
    ((((((((((((((((((((((((( Files Created from 2007-10-02 to 2007-11-02 )))))))))))))))))))))))))))))))
    .

    2007-11-02 12:34 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-10-30 13:43 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
    2007-10-30 00:40 <DIR> d-------- C:\Program Files\FirefoxPreloader
    2007-10-30 00:40 28,672 --a------ C:\WINDOWS\system32\regclass.dll
    2007-10-29 19:27 <DIR> d-------- C:\Program Files\Avira
    2007-10-29 19:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2007-10-29 19:03 <DIR> d-------- C:\Program Files\Executive Software
    2007-10-28 19:21 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
    2007-10-28 19:21 <DIR> d-------- C:\Documents and Settings\John Doe\Application Data\AVG7
    2007-10-28 19:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
    2007-10-28 19:14 <DIR> d-------- C:\Program Files\MSBuild
    2007-10-28 19:08 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
    2007-10-28 19:06 <DIR> d-------- C:\Program Files\Reference Assemblies
    2007-10-28 19:04 <DIR> d-------- C:\Program Files\MSXML 6.0
    2007-10-28 19:04 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
    2007-10-28 16:49 5,974,048 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
    2007-10-28 16:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
    2007-10-28 16:43 <DIR> d-------- C:\Program Files\TuneUp Utilities 2007
    2007-10-28 16:43 <DIR> d-------- C:\Documents and Settings\John Doe\Application Data\TuneUp Software
    2007-10-28 16:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
    2007-10-28 16:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-10-28 16:43 29,704 --a------ C:\WINDOWS\system32\uxtuneup.dll
    2007-10-28 16:42 <DIR> d-------- C:\Program Files\Alwil Software
    2007-10-28 16:41 <DIR> d-------- C:\Program Files\Raxco
    2007-10-28 16:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Raxco
    2007-10-28 16:40 <DIR> d-------- C:\Program Files\CCleaner
    2007-10-28 16:38 <DIR> d-------- C:\Program Files\Lavasoft
    2007-10-28 16:38 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-10-28 16:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2007-10-28 13:07 <DIR> d-------- C:\Program Files\Belarc
    2007-10-28 13:07 3,840 --a------ C:\WINDOWS\system32\drivers\BANTExt.sys
    2007-10-09 16:12 582,656 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-31 00:40 70,748 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
    2007-10-30 20:22 --------- d-----w C:\Program Files\Java
    2007-10-30 07:28 --------- d-----w C:\Program Files\Viewpoint
    2007-10-30 07:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
    2007-10-30 00:27 --------- d-----w C:\Program Files\Windows Desktop Search
    2007-10-29 01:29 --------- d-----w C:\Program Files\Incomplete
    2007-10-29 01:28 --------- d-----w C:\Program Files\Greeting Card Creator 32
    2007-10-28 23:20 --------- d-----w C:\Program Files\Yahoo!
    2007-10-28 23:18 --------- d-----w C:\Program Files\Google
    2007-10-28 23:13 --------- d-----w C:\Program Files\AIM
    2007-10-22 17:32 --------- d-----w C:\Program Files\HP
    2007-09-21 18:24 43,520 ----a-w C:\WINDOWS\system32\drivers\fetnd5bv.sys
    2007-09-21 00:27 12,416 ----a-w C:\WINDOWS\system32\drivers\wpsnuio.sys
    2007-09-21 00:27 --------- d-----w C:\Program Files\Skyhook Wireless
    2007-09-21 00:27 --------- d-----w C:\Documents and Settings\John Doe\Application Data\AIMPro
    2007-09-21 00:25 --------- d-----w C:\Documents and Settings\John Doe\Application Data\Aim
    2007-09-16 05:02 --------- d-----w C:\Program Files\MSN Messenger
    2007-09-06 23:14 75,248 ----a-w C:\WINDOWS\zllsputility.exe
    2007-09-06 23:14 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
    2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2006-02-19 11:28 12,288 -c--a-w C:\WINDOWS\Fonts\RandFont.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 C:\WINDOWS\ALCXMNTR.EXE]
    "VTTimer"="VTTimer.exe" [2005-03-08 04:33 C:\WINDOWS\system32\VTTimer.exe]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-29 19:38]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Event Planner Reminders Tray Icon.lnk - C:\Sierra\Planner\PLNRnote.exe [2006-07-31 12:47:22]
    Firefox Preloader.lnk - C:\Program Files\FirefoxPreloader\FirefoxPreloader.exe [2007-10-30 00:40:07]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" -hide
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
    "HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"

    R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe -k netsvcs
    R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
    R3 Wpsnuio;WPS NDIS Usermode I/O Protocol;C:\WINDOWS\system32\DRIVERS\wpsnuio.sys

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    *Newly Created Service* - CATCHME
    .
    Contents of the 'Scheduled Tasks' folder
    "2007-10-28 23:43:58 C:\WINDOWS\Tasks\1-Click Maintenance.job"
    - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
    "2007-10-27 17:49:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    "2007-11-02 19:30:03 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
    .
    **************************************************************************

    catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-02 12:37:50
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-02 12:38:33
    .
    --- E O F ---
     
  8. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,283
    First Name:
    Derek
    nothing definite showing but I am a bit suspicious of this file

    please go to http://www.thespykiller.co.uk/index.php?board=1.0 and upload these files so I can examine them
    Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, If there is more than 1 file then press the more attachments button for each extra file and browse and select etc and then when all the files are listed in the windows press send to upload the files ( do not post HJT logs there as they will not get dealt with)

    Files to submit:

    C:\WINDOWS\system32\regclass.dll

    then

    download gmer rootkit detector from http://gmer.net

    unzip it & double click the gmer.exe file

    select rootkit tab & press scan

    when it has finished press copy & post back the log it makes
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/645510

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice