Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Worm.Win32.Netsky [RESOLVED]


  • This topic is locked This topic is locked

#1
ShadowBunny

ShadowBunny

    New Member

  • Member
  • Pip
  • 8 posts
Logfile of HijackThis v1.99.1
Scan saved at 00:58:15, on 03/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\ntl\ntl Netguard\fws.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\Program Files\Common Files\Symantec Shared\ccProxy.exe
F:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
F:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
F:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
F:\Program Files\Executive Software\Diskeeper\DkService.exe
F:\Program Files\Common Files\Command Software\dvpapi.exe
F:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
F:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\system32\PnkBstrA.exe
F:\Program Files\Viewpoint\Common\ViewpointService.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\WINDOWS\RTHDCPL.EXE
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
F:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
F:\Program Files\AIM6\aim6.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\Program Files\Real\RealPlayer\RealPlay.exe
F:\WINDOWS\explorer.exe
F:\Program Files\Internet Explorer\iexplore.exe
C:\Applications\HijackThis_v1.99.1.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - F:\Program Files\ntl\ntl Netguard\pkR.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - F:\Program Files\ntl\ntl Netguard\FBHR.dll
O2 - BHO: MSVPS System - {7A22D62B-562F-4D55-8B1E-3AAA6C2BA688} - F:\WINDOWS\advreprwd.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - F:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - F:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - F:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - F:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: The sdrmod - {521A5897-9EA7-43B4-A51D-B4C11D67BEEF} - F:\WINDOWS\sdrmod.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] F:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BJCFD] F:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "F:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "F:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM] "F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [igndlm.exe] F:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Gutshot Poker - {70FF3DD2-AC81-43f2-AF80-979E2B789C4A} - F:\Microgaming\Poker\GutshotMPP\MPPoker.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O21 - SSODL: hupsrv - {DC37F7DD-EB3F-4A1F-B3E5-9BE8D7985956} - F:\WINDOWS\hupsrv.dll
O21 - SSODL: bindmod - {CD1CB8E9-648A-4193-8F00-EA31719BA50F} - F:\WINDOWS\bindmod.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - F:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - F:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - F:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - F:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - F:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - F:\Program Files\ntl\ntl Netguard\fws.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - F:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Unknown owner - F:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "F:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - F:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - F:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: PnkBstrA - Unknown owner - F:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - F:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - F:\Program Files\Viewpoint\Common\ViewpointService.exe

Edited by ShadowBunny, 02 November 2007 - 06:59 PM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there ShadowBunny love the name .. However, it is time to get to work

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: MSVPS System - {7A22D62B-562F-4D55-8B1E-3AAA6C2BA688} - F:\WINDOWS\advreprwd.dll
O3 - Toolbar: The sdrmod - {521A5897-9EA7-43B4-A51D-B4C11D67BEEF} - F:\WINDOWS\sdrmod.dll
O21 - SSODL: hupsrv - {DC37F7DD-EB3F-4A1F-B3E5-9BE8D7985956} - F:\WINDOWS\hupsrv.dll
O21 - SSODL: bindmod - {CD1CB8E9-648A-4193-8F00-EA31719BA50F} - F:\WINDOWS\bindmod.dll

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

THEN

Please download the OTMoveIt by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    F:\WINDOWS\advreprwd.dll
    F:\WINDOWS\sdrmod.dll
    F:\WINDOWS\hupsrv.dll
    F:\WINDOWS\bindmod.dll


  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
  • Close OTMoveIt
*If a file or folder cannot be moved immediately, you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine, choose Yes.
**If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
C:\_OTMoveIt\MovedFiles\********_******.log
(where "********_******" is the "date_time")


Click "Exit" to close OTMoveIt.

FINALLY

Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

I will also need an uninstall list

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post


Logs required are Uninstall list, OTMoveit and Combofix
  • 0

#3
ShadowBunny

ShadowBunny

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
OTMoveIt Log

File/Folder F:\WINDOWS\advreprwd.dll not found.
F:\WINDOWS\sdrmod.dll unregistered successfully.
F:\WINDOWS\sdrmod.dll moved successfully.
DllUnregisterServer procedure not found in F:\WINDOWS\hupsrv.dll
F:\WINDOWS\hupsrv.dll NOT unregistered.
F:\WINDOWS\hupsrv.dll moved successfully.
DllUnregisterServer procedure not found in F:\WINDOWS\bindmod.dll
F:\WINDOWS\bindmod.dll NOT unregistered.
F:\WINDOWS\bindmod.dll moved successfully.

Created on 11/03/2007 19:37:13
  • 0

#4
ShadowBunny

ShadowBunny

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Combo Fix Log

ComboFix 07-11-01.1** - cts 2007-11-03 19:45:32.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1457 [GMT 0:00]
Running from: F:\Documents and Settings\cts\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

F:\WINDOWS\dat.txt
F:\WINDOWS\main_uninstaller.exe
F:\WINDOWS\rs.txt
F:\WINDOWS\search_res.txt

.
((((((((((((((((((((((((( Files Created from 2007-10-03 to 2007-11-03 )))))))))))))))))))))))))))))))
.

2007-11-03 19:43 51,200 --a------ F:\WINDOWS\NirCmd.exe
2007-11-03 17:24 <DIR> d-------- F:\Program Files\Championship Manager 2007
2007-11-03 16:07 <DIR> d--h----- F:\Program Files\Zero G Registry
2007-11-03 16:07 <DIR> d-------- F:\Program Files\Sports Interactive
2007-11-03 16:04 <DIR> d--h----- F:\Documents and Settings\cts\InstallAnywhere
2007-11-03 16:04 <DIR> d-------- F:\Documents and Settings\cts\Application Data\Sports Interactive
2007-11-03 01:53 59,264 --a------ F:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-11-03 01:53 59,264 --a--c--- F:\WINDOWS\system32\dllcache\usbaudio.sys
2007-11-03 01:53 31,616 --a------ F:\WINDOWS\system32\drivers\usbccgp.sys
2007-11-03 01:53 31,616 --a--c--- F:\WINDOWS\system32\dllcache\usbccgp.sys
2007-11-02 23:07 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Uniblue
2007-11-02 20:40 <DIR> d-------- F:\Program Files\Uniblue
2007-11-02 19:39 <DIR> d-------- F:\Documents and Settings\cts\Application Data\Uniblue
2007-11-02 15:17 <DIR> d-------- F:\WINDOWS\pss
2007-11-02 13:04 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-11-02 00:35 <DIR> d-------- F:\Program Files\Lavasoft
2007-11-02 00:35 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-02 00:34 <DIR> d-------- F:\Program Files\Common Files\Wise Installation Wizard
2007-11-02 00:04 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-01 18:48 3,216 --a------ F:\WINDOWS\system32\tmp.reg
2007-11-01 15:59 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Prevx
2007-11-01 01:14 143,360 --a------ F:\WINDOWS\wtopmod.exe
2007-10-18 23:25 <DIR> d-------- F:\Program Files\7-Zip
2007-10-16 18:01 <DIR> d-------- F:\Program Files\Micrografx
2007-10-16 18:01 <DIR> d-------- F:\Documents and Settings\cts\WINDOWS
2007-10-16 01:26 <DIR> d-------- F:\Program Files\Common Files\DirectX
2007-10-11 19:17 <DIR> d-------- F:\Resident Evil 2
2007-10-11 00:05 180,224 --------- F:\WINDOWS\Res2_uninst.exe
2007-10-09 00:42 <DIR> d-------- F:\Program Files\Doom 3
2007-10-07 15:54 <DIR> d-------- F:\Scenario
2007-10-06 23:49 48,128 --a------ F:\WINDOWS\system\WNASPI32.DLL
2007-10-06 23:30 <DIR> d-------- F:\Documents and Settings\cts\Application Data\fltk.org
2007-10-06 20:27 <DIR> d-------- F:\Program Files\Delta
2007-10-06 18:24 <DIR> d-------- F:\Documents and Settings\cts\Application Data\Microsoft Games
2007-10-06 15:48 <DIR> d-------- F:\Program Files\WinLemm
2007-10-06 14:47 <DIR> d-------- F:\ID
2007-10-06 14:33 <DIR> d-------- F:\MADDOG2
2007-10-06 11:46 <DIR> d-------- F:\Program Files\Common Files\Adobe
2007-10-05 20:00 <DIR> d-------- F:\Program Files\VDMSound
2007-10-05 19:12 <DIR> d-------- F:\MADDOG
2007-10-05 18:56 <DIR> d-------- F:\Program Files\DOSBox-0.72
2007-10-05 12:55 <DIR> d-------- F:\Program Files\GameSpy Arcade
2007-10-05 12:47 <DIR> d-------- F:\Program Files\Microsoft Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-03 19:31 --------- d-----w F:\Documents and Settings\cts\Application Data\Xfire
2007-11-03 17:24 --------- d--h--w F:\Program Files\InstallShield Installation Information
2007-11-03 01:54 --------- d-----w F:\Program Files\Common Files\Symantec Shared
2007-11-02 21:33 --------- d-----w F:\Program Files\Betfred Poker
2007-11-02 18:41 --------- d-----w F:\Program Files\Norton Internet Security
2007-11-01 01:40 --------- d-----w F:\Program Files\Xfire
2007-10-30 23:47 805 ----a-w F:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-10-30 23:47 60,800 ----a-w F:\WINDOWS\system32\S32EVNT1.DLL
2007-10-30 23:47 123,952 ----a-w F:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-10-30 23:47 10,740 ----a-w F:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-10-30 23:47 --------- d-----w F:\Program Files\Symantec
2007-10-29 20:54 --------- d-----w F:\Program Files\AIM6
2007-10-29 20:53 --------- d-----w F:\Program Files\Viewpoint
2007-10-29 20:53 --------- d-----w F:\Documents and Settings\All Users\Application Data\Viewpoint
2007-10-29 20:53 --------- d-----w F:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-10-29 20:53 --------- d-----w F:\Documents and Settings\All Users\Application Data\AOL
2007-10-17 23:24 --------- d-----w F:\Documents and Settings\cts\Application Data\Microgaming
2007-10-13 17:51 --------- d-----w F:\Program Files\World of Warcraft
2007-10-09 00:53 11,973 ----a-w F:\WINDOWS\system32\drivers\secdrv.sys
2007-10-07 15:16 --------- d-----w F:\Documents and Settings\cts\Application Data\IGN_DLM
2007-10-06 08:11 --------- d-----w F:\Documents and Settings\cts\Application Data\AdobeUM
2007-10-05 12:59 --------- d-----w F:\Program Files\PKR
2007-10-04 22:32 22,328 ----a-w F:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-10-04 22:31 103,736 ----a-w F:\WINDOWS\system32\PnkBstrB.exe
2007-10-03 23:51 --------- d-----w F:\Program Files\ABC
2007-10-01 14:49 98,184 ----a-w F:\WINDOWS\system32\drivers\symfw.sys
2007-10-01 14:49 542,088 ----a-w F:\WINDOWS\system32\SymNeti.dll
2007-10-01 14:49 31,624 ----a-w F:\WINDOWS\system32\drivers\symids.sys
2007-10-01 14:49 28,040 ----a-w F:\WINDOWS\system32\drivers\symndis.sys
2007-10-01 14:49 23,944 ----a-w F:\WINDOWS\system32\drivers\symredrv.sys
2007-10-01 14:49 189,320 ----a-w F:\WINDOWS\system32\drivers\symtdi.sys
2007-10-01 14:49 161,160 ----a-w F:\WINDOWS\system32\SymRedir.dll
2007-10-01 14:48 12,680 ----a-w F:\WINDOWS\system32\drivers\symdns.sys
2007-09-27 12:00 --------- d-----w F:\Documents and Settings\LocalService\Application Data\Xfire
2007-09-25 16:32 66,872 ----a-w F:\WINDOWS\system32\PnkBstrA.exe
2007-09-23 19:28 --------- d-----w F:\Documents and Settings\All Users\Application Data\Apple Computer
2007-09-23 16:21 --------- d-----w F:\Documents and Settings\cts\Application Data\Media Player Classic
2007-09-23 14:59 --------- d-----w F:\Program Files\EA GAMES
2007-09-22 23:02 33,533 ----a-w F:\WINDOWS\system32\CoreVorbis-uninstall.exe
2007-09-22 20:48 --------- d-----w F:\Program Files\Combined Community Codec Pack
2007-09-22 20:37 --------- d-----w F:\Program Files\K-Lite Codec Pack
2007-09-22 20:32 --------- d-----w F:\Program Files\DivX
2007-09-22 16:33 --------- d-----w F:\Documents and Settings\cts\Application Data\.ABC
2007-09-22 15:36 --------- d-----w F:\Documents and Settings\cts\Application Data\Apple Computer
2007-09-22 15:26 --------- d-----w F:\Documents and Settings\cts\Application Data\InterVideo
2007-09-22 15:23 --------- d-----w F:\Program Files\Apple Software Update
2007-09-22 15:20 --------- d-----w F:\Program Files\InterVideo Information Service
2007-09-22 15:20 --------- d-----w F:\Program Files\Common Files\Ulead
2007-09-22 15:13 --------- d-----w F:\Program Files\InterVideo
2007-09-21 20:37 --------- d-----w F:\Program Files\Codemasters
2007-09-20 19:56 --------- d-----w F:\Program Files\DAEMON Tools
2007-09-20 19:51 737,280 ----a-w F:\WINDOWS\iun6002.exe
2007-09-20 19:51 --------- d-----w F:\Program Files\Codec Pack - All In 1
2007-09-20 19:38 685,816 ----a-w F:\WINDOWS\system32\drivers\sptd.sys
2007-09-20 17:12 --------- d-----w F:\Documents and Settings\cts\Application Data\acccore
2007-09-20 17:11 --------- d-----w F:\Program Files\Common Files\AOL
2007-09-20 17:11 --------- d-----w F:\Documents and Settings\All Users\Application Data\AOL OCP
2007-09-20 16:43 --------- d-----w F:\Program Files\Download Manager
2007-09-20 16:28 --------- d-----w F:\Documents and Settings\NetworkService\Application Data\Xfire
2007-09-20 15:45 --------- d-----w F:\Program Files\GameSpy
2007-09-20 15:36 --------- d-----w F:\Program Files\Electronic Arts
2007-09-20 00:05 --------- d-----w F:\Program Files\Real
2007-09-20 00:05 --------- d-----w F:\Program Files\Common Files\xing shared
2007-09-20 00:05 --------- d-----w F:\Program Files\Common Files\Real
2007-09-19 23:28 --------- d-----w F:\Program Files\Common Files\PestPatrol
2007-09-19 23:28 --------- d-----w F:\Program Files\Common Files\Command Software
2007-09-19 23:25 --------- d-----w F:\Documents and Settings\cts\Application Data\ntl
2007-09-19 23:21 --------- d-----w F:\Program Files\ntl
2007-09-19 23:21 --------- d-----w F:\Documents and Settings\All Users\Application Data\ntl
2007-09-19 22:11 107,888 ----a-w F:\WINDOWS\system32\CmdLineExt.dll
2007-09-19 22:11 --------- d--h--r F:\Documents and Settings\cts\Application Data\SecuROM
2007-09-19 21:58 --------- d-----w F:\Documents and Settings\All Users\Application Data\Symantec
2007-09-19 20:52 --------- d-----w F:\Program Files\Common Files\Motive
2007-09-19 20:52 --------- d-----w F:\Program Files\BroadJump
2007-09-19 20:38 10,344 ----a-w F:\WINDOWS\system32\drivers\symlcbrd.sys
2007-09-19 20:22 --------- d-----w F:\Program Files\SEGA
2007-09-19 19:56 --------- d-----w F:\Documents and Settings\cts\Application Data\Symantec
2007-09-19 19:48 --------- d-----w F:\Documents and Settings\cts\Application Data\DivX
2007-09-19 18:47 --------- d-----w F:\Program Files\Common Files\Blizzard Entertainment
2007-09-18 23:03 --------- d-----w F:\Program Files\MSXML 4.0
2007-09-18 22:28 --------- d-----w F:\Program Files\Common Files\InstallShield
2007-09-18 22:17 14,656 ----a-w F:\WINDOWS\gdrv.sys
2007-09-18 21:48 --------- d-----w F:\Program Files\GIGABYTE
2007-09-18 21:20 315,392 ----a-w F:\WINDOWS\HideWin.exe
2007-09-18 21:20 --------- d-----w F:\Program Files\Realtek
2007-09-18 20:34 --------- d-----w F:\Program Files\Yahoo!
2007-09-03 09:49 --------- d-----w F:\Program Files\CyberLink
2007-09-03 09:49 --------- d-----w F:\Documents and Settings\All Users\Application Data\CyberLink
2007-09-03 09:45 --------- d-----w F:\Program Files\Microsoft ActiveSync
2007-09-03 09:44 --------- d-----w F:\Program Files\Common Files\L&H
2007-09-03 09:43 --------- d-----w F:\Documents and Settings\All Users\Application Data\InstallShield
2007-09-03 09:42 --------- d-----w F:\Program Files\Jasc Software Inc
2007-09-03 09:42 --------- d-----w F:\Program Files\Common Files\Jasc Software Inc
2007-09-03 09:42 --------- d-----w F:\Documents and Settings\cts\Application Data\Jasc Software Inc
2007-09-03 09:37 --------- d-----w F:\Program Files\PConPoint
2007-09-03 09:30 --------- d-----w F:\Program Files\Common Files\Ahead
2007-09-03 09:29 --------- d-----w F:\Documents and Settings\cts\Application Data\Ahead
2007-09-03 09:28 --------- d-----w F:\Program Files\Nero
2007-09-03 09:23 --------- d-----w F:\Program Files\Executive Software
2007-09-03 09:23 --------- d-----w F:\Documents and Settings\cts\Application Data\Leadertech
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="F:\WINDOWS\system32\NvCpl.dll" [2007-05-10 22:03]
"nwiz"="nwiz.exe" [2007-05-10 22:03 F:\WINDOWS\system32\nwiz.exe]
"NWEReboot"="" []
"NeroFilterCheck"="F:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]
"NvMediaCenter"="F:\WINDOWS\system32\NvMcTray.dll" [2007-05-10 22:03]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 10:54 F:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 10:04 F:\WINDOWS\SkyTel.exe]
"ccApp"="F:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 21:19]
"BJCFD"="F:\Program Files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 16:16]
"Symantec PIF AlertEng"="F:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30]
"TkBellExe"="F:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-20 00:05]
"ISUSPM"="F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 16:34]
"Adobe Reader Speed Launcher"="F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="F:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 12:32]
"igndlm.exe"="F:\Program Files\Download Manager\DLM.exe" [2007-03-05 21:57]

F:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - F:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"= F:\WINDOWS\system32\ieframe.dll [2007-08-20 10:04 6058496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"bindmod"= {B98B3231-06E5-40EA-B5F4-C2A98CA3FAB6} - F:\WINDOWS\bindmod.dll [ ]

R3 AEILAB;AEI USB To Fast Ethernet Adapter;F:\WINDOWS\system32\DRIVERS\AEILAB.SYS
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;F:\WINDOWS\system32\DRIVERS\ADM8511.SYS
S3 gdrv;gdrv;\??\F:\WINDOWS\gdrv.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4000abaa-4744-11dc-a6fa-806d6172696f}]
\Shell\AutoRun\command - D:\setup.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2007-09-22 15:23:26 F:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- F:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-02 20:00:19 F:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - cts.job"
- F:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe
"2007-11-02 21:26:42 F:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- F:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-11-02 21:26:41 F:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- F:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-11-02 23:11:55 F:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job"
- F:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2007-11-02 23:11:55 F:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- F:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-03 19:46:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-03 19:47:08
.
--- E O F ---
  • 0

#5
ShadowBunny

ShadowBunny

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Updated Hijack This Log

Logfile of HijackThis v1.99.1
Scan saved at 19:50:44, on 03/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\ntl\ntl Netguard\fws.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\Program Files\Common Files\Symantec Shared\ccProxy.exe
F:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
F:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
F:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
F:\Program Files\Executive Software\Diskeeper\DkService.exe
F:\Program Files\Common Files\Command Software\dvpapi.exe
F:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
F:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\system32\PnkBstrA.exe
F:\Program Files\Viewpoint\Common\ViewpointService.exe
F:\WINDOWS\RTHDCPL.EXE
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
F:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
F:\WINDOWS\system32\ctfmon.exe
F:\WINDOWS\explorer.exe
F:\WINDOWS\system32\msiexec.exe
F:\Program Files\Messenger\msmsgs.exe
C:\Applications\HijackThis_v1.99.1.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - F:\Program Files\ntl\ntl Netguard\pkR.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - F:\Program Files\ntl\ntl Netguard\FBHR.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - F:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - F:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - F:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - F:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] F:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BJCFD] F:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "F:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "F:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM] "F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [igndlm.exe] F:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Gutshot Poker - {70FF3DD2-AC81-43f2-AF80-979E2B789C4A} - F:\Microgaming\Poker\GutshotMPP\MPPoker.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O21 - SSODL: bindmod - {B98B3231-06E5-40EA-B5F4-C2A98CA3FAB6} - F:\WINDOWS\bindmod.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - F:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - F:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - F:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - F:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - F:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - F:\Program Files\ntl\ntl Netguard\fws.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - F:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Unknown owner - F:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "F:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - F:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - F:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: PnkBstrA - Unknown owner - F:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - F:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - F:\Program Files\Viewpoint\Common\ViewpointService.exe
  • 0

#6
ShadowBunny

ShadowBunny

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Uninstall Log

7-Zip 4.42
ABC (remove only)
Ad-Aware 2007
Adobe Reader 8.1.0
Adobe Shockwave Player
AIM 6
Apple Software Update
Athlon 64 Processor Driver
Battlefield 2142
Betfred Poker
BroadJump Client Foundation
CC_ccProxyExt
ccCommon
ccPxyCore
Championship Manager 2007
Codec Pack - All In 1 6.0.3.0
Combined Community Codec Pack 2007-07-22
CoreVorbis Audio Decoder (remove only)
Diskeeper Professional Edition
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Doom 3
DOOM 3: Resurrection of Evil
Download Manager 2.3.6
DriverCD
Football Manager 2008
GameSpy Arcade
Gutshot Poker
High Definition Audio Driver Package - KB888111
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB935448)
InterVideo WinDVD 8
Jasc Paint Shop Pro 9
Jasc Paint Shop Pro 9 GDI+ Patch
Jasc Paint Shop Pro 9.01 Patch
K-Lite Mega Codec Pack 3.4.5
LiveUpdate 3.0 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
LMA Professional Manager 2005
Medieval II Total War
Medieval II Total War : Kingdoms : Americas
Medieval II Total War : Kingdoms : Britannia
Medieval II Total War : Kingdoms : Crusades
Medieval II Total War : Kingdoms : Teutonic
Micrografx Picture Publisher 7
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# .NET Redistributable Package 1.1
MSRedist
MSXML 4.0 SP2 (KB936181)
MSXML4 Parser
Nero 7 Essentials
Norton AntiSpam
Norton AntiSpam
Norton AntiVirus 2006
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security 2006 (Symantec Corporation)
Norton Protection Center
Norton WMI Update
Norton WMI Update
ntl Netguard Security
nullDC 1.0.0 Public Beta 1 Setup
NVIDIA Drivers
PConPoint v4.1
Pinnacle Instant DVD Recorder
PKR
PowerDVD
proDAD Heroglyph 2.5
proDAD Vitascene 1.0
Project64 1.6
RealPlayer
Realtek High Definition Audio Driver
RESIDENT EVIL2
Rise of Nations
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
SoundSoap PE
SPBBC
Studio 11 Bonus DVD
Studio 11 Ultimate
The Sims 2
The Sims 2 Family Fun Stuff
The Sims 2 Glamour Life Stuff
The Sims 2 Nightlife
The Sims 2 Open For Business
The Sims 2 Pets
The Sims 2 University
The Sims™ 2 Bon Voyage
The Sims™ 2 Celebration! Stuff
The Sims™ 2 H&M® Fashion Stuff
The Sims™ 2 Seasons
Uniblue RegistryBooster 2
Uniblue SpeedUpMyPC 3
Uniblue SpyEraser
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
VDMSound
Viewpoint Media Player
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
World of Warcraft
Xfire (remove only)
Yahoo! Desktop Login
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Back again :)

One to get rid of with Hijackthis

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O21 - SSODL: bindmod - {B98B3231-06E5-40EA-B5F4-C2A98CA3FAB6} - F:\WINDOWS\bindmod.dll (file missing)

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

Now to catch the orphan registry entries

Download and then run SuperAntispyware
  • On the first page select Check for Updates
  • On completion select SCAN YOUR COMPUTER
  • On the next page select COMPLETE SCAN and tick ALL your drives
  • The next stage will take a while as your entire drive(s), memory and registry are scanned
  • When it has completed click NEXT
  • The next screen shows the problems found click OK
  • On the next screen place a tick against all items and select NEXT
  • Now to get the log Go to the PREFERENCES button on the right bottom
  • Select the STATISTICS/LOG tab
  • Highlight the scan just completed and click VIEW LOG
  • This will open a notepad text file copy and paste this to your next reply

If I could have the Superantispyware log and a new Hijackthis... Plus how is you system running now ?
  • 0

#8
ShadowBunny

ShadowBunny

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Super Anti Spyware Log

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/03/2007 at 08:42 PM

Application Version : 3.9.1008

Core Rules Database Version : 3337
Trace Rules Database Version: 1338

Scan type : Complete Scan
Total Scan Time : 00:25:50

Memory items scanned : 515
Memory threats detected : 0
Registry items scanned : 6418
Registry threats detected : 0
File items scanned : 74044
File threats detected : 8

Adware.Tracking Cookie
F:\Documents and Settings\cts\Cookies\[email protected][1].txt
F:\Documents and Settings\cts\Cookies\[email protected][2].txt
F:\Documents and Settings\cts\Cookies\[email protected][2].txt
F:\Documents and Settings\cts\Cookies\[email protected][1].txt
F:\Documents and Settings\cts\Cookies\[email protected][1].txt
F:\Documents and Settings\cts\Cookies\[email protected][1].txt
F:\Documents and Settings\cts\Cookies\[email protected][3].txt
F:\Documents and Settings\cts\Cookies\[email protected][1].txt
  • 0

#9
ShadowBunny

ShadowBunny

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Updated Hijack This Log

Logfile of HijackThis v1.99.1
Scan saved at 20:46:11, on 03/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\ntl\ntl Netguard\fws.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\Program Files\Common Files\Symantec Shared\ccProxy.exe
F:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
F:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
F:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
F:\Program Files\Executive Software\Diskeeper\DkService.exe
F:\Program Files\Common Files\Command Software\dvpapi.exe
F:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
F:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\system32\PnkBstrA.exe
F:\Program Files\Viewpoint\Common\ViewpointService.exe
F:\WINDOWS\RTHDCPL.EXE
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
F:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
F:\WINDOWS\system32\ctfmon.exe
F:\WINDOWS\explorer.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
F:\Program Files\Messenger\msmsgs.exe
C:\Applications\HijackThis_v1.99.1.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - F:\Program Files\ntl\ntl Netguard\pkR.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - F:\Program Files\ntl\ntl Netguard\FBHR.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - F:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - F:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - F:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - F:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] F:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BJCFD] F:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "F:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "F:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM] "F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [igndlm.exe] F:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [SUPERAntiSpyware] F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Gutshot Poker - {70FF3DD2-AC81-43f2-AF80-979E2B789C4A} - F:\Microgaming\Poker\GutshotMPP\MPPoker.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O20 - Winlogon Notify: !SASWinLogon - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - F:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - F:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - F:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - F:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - F:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - F:\Program Files\ntl\ntl Netguard\fws.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - F:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Unknown owner - F:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "F:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - F:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - F:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: PnkBstrA - Unknown owner - F:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - F:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - F:\Program Files\Viewpoint\Common\ViewpointService.exe

Machine seems to be better, even though my desktop is now looking messy LOL, internet is kinda slow with the Phishing filter, any ideas how to optimize net speed?
Oh and I saved all the logs for reference just in case. Clean PC's are so much better :)
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Machine seems to be better, even though my desktop is now looking messy LOL, internet is kinda slow with the Phishing filter, any ideas how to optimize net speed?
Oh and I saved all the logs for reference just in case. Clean PC's are so much better

Let me tidy your desktop :) and you can delete the logs now.. Speed up tip at the end


Now the best part of the day ----- Your log now appears clean :)

Double click OTMoveIt once again and you should see a CleanUp! button, press that button, you may get prompted by your firewall that OTMoveIt wants to contact the internet, allow this, a cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will delete all the tools you have downloaded plus itself



Now to get you off to a good start we will re-set your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your your restore point but this is my method:

1. Select Start > All Programs > Accessories > System tools > System Restore.
2. On the dialogue box that appears select Create a Restore Point
3. Click NEXT
4. Enter a name e.g. Clean
5. Click CREATE

You now have a clean restore point, to get rid of the bad ones:

1. Select Start > All Programs > Accessories > System tools > Disk Cleanup.
2. In the Drop down box that appears select your main drive e.g. C
3. Click OK
4. The System will do some calculation and the display a dialogue box with TABS
5. Select the More Options Tab.
6. At the bottom will be a system restore box with a CLEANUP button click this
7. Accept the Warning and select OK again, the program will close and you are done



Now that you are clean, to help protect your computer in the future I recommend that you get the following free program:
  • SpywareBlaster to help prevent spyware from installing in the first place.
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?


Keep safe :)

Prefetch is clickable for more information

Click start then run, type prefetch then press enter, click edit then select all, (all files will highlight), right click any file, click delete, confirm

Click start then all programmes, accessories, system tools to run disc clean up

Reboot

Click start then all programmes, accessories, system tools to run defragmenter

Download, install and run
Tune Up 2007 Trial

Run Tune Up disc clean up

Run Tune Up registry clean up

Disable the anti virus programme then click Optimize and Improve to run Reg Defrag, the screen will lose colour during the process which can take a few minutes and then needs a reboot

Check the anti virus programme is running

Those will have cleared the drive of obsolete software errors

These are suggestions for making the most of the free trial

Click optimize and improve then system optimizer to optimize the computer, select computer with an internet connection from the drop down menu, this also requires a reboot

After the reboot, click optimize then system optimizer to accelerate downloads, select the speed just above your actual connection speed, this requires a reboot.

After the reboot, click optimize then system optimizer to run system advisor


Let me know how you get on
  • 0

#11
ShadowBunny

ShadowBunny

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Done everything up to the point where it mentions Prefetch, theres been no further signs of the virus.
Will try that trial program tomorrow and see how it does.
Thanks for helping me out today, I owe you a fresh cup of coffee :)
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP