Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Svchost.exe Help? [RESOLVED]


  • This topic is locked This topic is locked

#1
Akina

Akina

    Member

  • Member
  • PipPip
  • 13 posts
I'm at the end of my rope, so please help me :) My computer has contacted viruses of sorts and everything I've done so far has taken off several of them except one I think. I installed Norton Antivirus 2004, updated it, and ran two scans on my computer with it. One in normal mode (Found 22 infections) and the other in safe mode (Though it found no infections). Afterwards I ran Lavasoft Adaware SE Personal, Prevx CSI, and Ewido Anti-spyware Microscanner.

While those also found infections and quarantined it, my computer is still experiencing problems with svchost.exe. I have no idea what to do anymore, everything on my computer runs very slow now. Everytime I start up Windows and log into my computer says =

"Windows cannot find 'C:\WINDOWS\svchost.exe'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button and then click Search."

"Could not load or run 'C:\WINDOWS\svchost.exe' specified in the registry. Make sure the file exists on your computer or remove the reference to it in the registry."

I will admit I accidently deleted some files named svchost.exe while working on trying to get rid of the W32.SillyFDC virus since Norton Antivirus had said before it found it but couldn't delete it (Though now it doesn't find it anymore), but when I read online that's a big mistake, I undeleted them so I don't understand what the problem is (And don't know if it's important to add, but I deleted autorun files). In fact, I'm pretty sure this message was coming out before I deleted and undeleted those files.


============


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:09:04 PM, on 5/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://awesomestart.com/elfenlied/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe, "C:\WINDOWS\system32\M5VBVM60.EXE StartUp"
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Desksite CMA] c:\program files\desksite\bin\cma.exe
O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [Blank AntiViri] C:\AUT0EXEC.BAT StartUp
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Universal Installer] "C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe" /fromrun /starthidden
O4 - HKCU\..\Run: [Secure64] C:\WINDOWS\system32\dllcache\Regedit32.com StartUp
O4 - HKCU\..\Run: [Secure32] C:\WINDOWS\system32\dllcache\Shell32.com StartUp
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab47946.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab31267.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GlobalSCAPE CuteFTP Server Home - Unknown owner - C:\Program Files\GlobalSCAPE\CuteFTP Server\cftpstes.exe (file missing)
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 11076 bytes
  • 0

Advertisements


#2
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Hi there,

Welcome to GeeksToGo. My name is RatHat, and I will help you get through the process of cleaning the malware from your computer.


OK firstly, I need you to print out each post I make so that you can refer to it while we fix your computer. This is because there will be times when you are unable to be online to read my instructions, and I will want you to do everything very carefully. I also need you to follow my instructions in the order that they are given. If however, you cannot carry out one of them, please continue on with the next and let me know what you were unsuccessful with. Please ensure you turn off word wrap in Notepad. To do this, open Notepad, choose Format, then Un-check Word Wrap. (Word Wrap makes reading your log difficult).

Next, I would like to make sure that you can view hidden files and folders;
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Hidden files and folders heading SELECT Show hidden files and folders.
  • UNCHECK the Hide protected operating system files (recommended) option.
  • UNCHECK the Hide extensions for known file types option.
  • Click Yes to confirm.
  • Click OK.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe
O4 - HKCU\..\Run: [Secure64] C:\WINDOWS\system32\dllcache\Regedit32.com StartUp
O4 - HKCU\..\Run: [Secure32] C:\WINDOWS\system32\dllcache\Shell32.com StartUp
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please read this Combofix tutorial before continuing, then follow the instructions below.

Please ensure you read this guide carefully and install the Recovery Console first.

Next, download ComboFix from Here or Here to your Desktop.

Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System.

Posted Image

Download the file & save it as it's originally named, next to ComboFix.exe.

Posted Image

Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you. Save this log to your desktop as Combofix.txt and post it in your next reply.

(Note: Combofix will also save the report to C:\Combofix.txt)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please run an online scan with Kaspersky WebScanner. Note: You must use Internet Explorer to run this scan.

Click the Accept button.

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display the results if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop as Kaspersky.txt.
  • Copy and paste that information in your next post.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


So in your next reply, please include the contents of the Combofix log, and the contents of the Kaspersky log. Also note that you may need to make two posts to ensure all the details included in the logs are complete.

Regards,
RatHat
  • 0

#3
Akina

Akina

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Thank you for the welcome and for assisting me, I really appreciate it. So far what I've done is take off the Word Wrap from Notepad, changed the hidden files and folders settings, fixed those files you told me to check with HiJackThis, and now I've encountered a problem.

I got up to the point where Combofix says it is creating a logfile so no other programs should be running, but nothing afterwards happens. My computer's clock has changed and the Recovery Console was installed because Combofix stated so, but other than that nothing. I left my computer on with Combofix stating it was creating a logfile for about two hours, and nothing changed. Is it suppose to be longer?
  • 0

#4
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Could you have a look in your C: Drive? You should find the file Combofix.txt there.

Regards,
RatHat
  • 0

#5
Akina

Akina

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I have the Combofix.exe on my desktop. I forgot to mention since I was cut for time, but the first time I moved the Windows XP file into Combofix.exe, it installed the Recovery Console but then never moved from the screen when it said

"Stage 1 complete
Stage 2 complete
Stage 3 complete
Stage 4 complete
Stage 5 complete
Stage 6 complete
Stage 7 complete
Stage 8 complete
Stage 9 complete
Stage 10 complete
Stage 11 complete"

I restarted the computer and clicked on the Combofix.exe file again, and it made it through all the stages until it said I had to wait for the program to create the logfile, but then the problem I briefly described above occured where after even two hours (Probably more since I lost track of time), it never created a logfile and it stayed with the command prompt window open not moving. I don't understand what to do now :)
  • 0

#6
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Could you run the Kaspersky scan and post me it's results please, and we'll go about this a different way.

Regards,
RatHat
  • 0

#7
Akina

Akina

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
2008-05-29 19:49
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 29/05/2008
Kaspersky Anti-Virus database records: 812777
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 89450
Number of viruses found: 9
Number of infected objects: 40
Number of suspicious objects: 0
Duration of the scan process: 03:04:40

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\SupportSoft\ddoctorv2\SYSTEM\state\logs\sprtcmd.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\SupportSoft\ddoctorv2\Owner\state\logs\sprtcmd.log Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012008052920080530\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\temp\~DF4BE.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\temp\~DF4C9.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Real\Toolbar\RealBar.dll Infected: not-a-virus:AdWare.Win32.MegaSearch.s skipped
C:\Program Files\Morpheus\morpheustoolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\Program Files\Morpheus\mymorpheusToolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton AntiVirus\Quarantine\0DE251F2.exe Infected: Worm.Win32.Perlovga.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\10375560.DLL Infected: Trojan-PSW.Win32.OnLineGames.tje skipped
C:\Program Files\Norton AntiVirus\Quarantine\168345E1 Infected: Trojan-Dropper.Win32.Small.apl skipped
C:\Program Files\Norton AntiVirus\Quarantine\173F2BEC Infected: Trojan.Win32.Pakes.cob skipped
C:\Program Files\Norton AntiVirus\Quarantine\17F65B22 Infected: Trojan.Win32.Pakes.cob skipped
C:\Program Files\Norton AntiVirus\Quarantine\188F1832.EXE Infected: Trojan.Win32.Pakes.cob skipped
C:\Program Files\Norton AntiVirus\Quarantine\198F5B61 Infected: Trojan.Win32.Pakes.cob skipped
C:\Program Files\Norton AntiVirus\Quarantine\1992055E Infected: Trojan.Win32.Pakes.cob skipped
C:\Program Files\Norton AntiVirus\Quarantine\1CCB0B89.BAT Infected: Trojan.Win32.Pakes.cob skipped
C:\Program Files\Norton AntiVirus\Quarantine\1CF62D5A.exe Infected: Trojan.Win32.Pakes.cob skipped
C:\Program Files\Norton AntiVirus\Quarantine\1EF7656E Infected: Trojan.Win32.Pakes.cob skipped
C:\Program Files\Norton AntiVirus\Quarantine\1F7D1EDA Infected: Worm.Win32.Perlovga.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\1FDD723F Infected: Trojan.Win32.Pakes.cob skipped
C:\Program Files\Norton AntiVirus\Quarantine\228A4687 Infected: Trojan.Win32.Pakes.cob skipped
C:\Program Files\Norton AntiVirus\Quarantine\23F5627B Infected: Worm.Win32.Perlovga.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\23F90C78 Infected: Worm.Win32.Perlovga.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\2A9E7F28 Infected: Trojan-Dropper.Win32.Small.apl skipped
C:\Program Files\Norton AntiVirus\Quarantine\2AA12924 Infected: Trojan-Dropper.Win32.Small.apl skipped
C:\Program Files\Norton AntiVirus\Quarantine\3BD83D5E Infected: Worm.Win32.Perlovga.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\513F71D0 Infected: Trojan.Java.ClassLoader.as skipped
C:\Program Files\Norton AntiVirus\Quarantine\514645C9 Infected: Trojan.Java.ClassLoader.as skipped
C:\Program Files\Norton AntiVirus\Quarantine\52823A05 Infected: Worm.Win32.Perlovga.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\5A4B3B41 Infected: Trojan-Dropper.Win32.Small.apl skipped
C:\Program Files\Norton AntiVirus\Quarantine\5FF16555 Infected: Worm.Win32.Perlovga.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\60C431E0 Infected: Trojan.Win32.Pakes.cob skipped
C:\Program Files\Norton AntiVirus\Quarantine\65A5503E Infected: Trojan.Win32.Pakes.cob skipped
C:\Program Files\Norton AntiVirus\Quarantine\65E61883 Infected: Trojan-Dropper.Win32.Small.apl skipped
C:\Program Files\Norton AntiVirus\Quarantine\6624363F Infected: Trojan-Dropper.Win32.Small.apl skipped
C:\Program Files\Norton AntiVirus\Quarantine\6627603B Infected: Backdoor.Win32.Small.lo skipped
C:\Program Files\Norton AntiVirus\Quarantine\662E3434 Infected: Trojan.Java.ClassLoader.as skipped
C:\Program Files\Norton AntiVirus\Quarantine\7A6803E8 Infected: Trojan.Win32.Pakes.cob skipped
C:\Program Files\Norton AntiVirus\Quarantine\7AC356D6 Infected: Backdoor.Win32.Small.lo skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP4\A0003041.exe Infected: Worm.Win32.Perlovga.c skipped
C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP4\A0003042.exe Infected: Worm.Win32.Perlovga.a skipped
C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP4\A0003043.inf Infected: Worm.Win32.Perlovga.a skipped
C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP4\change.log Object is locked skipped
C:\WINDOWS\autorun.inf Infected: Worm.Win32.Perlovga.a skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP4\A0003044.inf Infected: Worm.Win32.Perlovga.a skipped

Scan process completed.
  • 0

#8
Akina

Akina

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Also, while going through my computer I found a file that was named Combofix.txt and I'm not sure if that's the file you were asking for, but I'll post the content of that file here regardless to see if it helps in anyway. Thanks again, I value your help and patience with me :)


ComboFix 08-05-27.4 - Owner 2008-05-27 23:40:34.2 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Owner\Application Data\inst.exe
C:\WINDOWS\Downloaded Program Files\rave
C:\WINDOWS\Downloaded Program Files\rave\avirexe.vdm
C:\WINDOWS\Downloaded Program Files\rave\avirscr.vdm
C:\WINDOWS\Downloaded Program Files\rave\base.vdm
C:\WINDOWS\Downloaded Program Files\rave\daily.vdm
C:\WINDOWS\Downloaded Program Files\rave\daily.vdt
C:\WINDOWS\Downloaded Program Files\rave\filters.vdm
C:\WINDOWS\Downloaded Program Files\rave\kernel.vdk
C:\WINDOWS\Downloaded Program Files\rave\keyring.vdk
C:\WINDOWS\Downloaded Program Files\rave\mapi_vdm.vdm
C:\WINDOWS\Downloaded Program Files\rave\modules.vdk
C:\WINDOWS\Downloaded Program Files\rave\rav8def.vdm
C:\WINDOWS\Downloaded Program Files\rave\rufs.vdm
C:\WINDOWS\Downloaded Program Files\rave\rufsplg.vdm
C:\WINDOWS\Downloaded Program Files\rave\unarch.vdm
C:\WINDOWS\Downloaded Program Files\rave\unmail.vdm
C:\WINDOWS\Downloaded Program Files\rave\unpack.vdm
.
---- Previous Run -------
.
C:\WINDOWS\msnimport.exe
C:\WINDOWS\system32\dllchache
C:\WINDOWS\system32\dllchache\msvbvm60.dll

.
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-28 )))))))))))))))))))))))))))))))
.
  • 0

#9
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Yes that was the report from Combofix, though it has been cut short.

Please delete the version of combofix that you have, and the folders it created C:\Combofix and C:\Qoobox then download a new version and run it as outlined before.

Regards,
RatHat
  • 0

#10
Akina

Akina

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
ComboFix 08-05-29.1 - Owner 2008-05-29 21:01:30.3 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-30 )))))))))))))))))))))))))))))))
.

2008-05-29 01:24 . 2008-05-29 01:24 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-29 01:24 . 2008-05-29 01:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-26 22:08 . 2008-05-26 22:08 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-25 23:37 . 2008-05-26 21:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-05-25 11:52 . 2008-05-25 11:52 <DIR> d-------- C:\Program Files\CCleaner
2008-05-25 00:11 . 2008-05-25 00:11 <DIR> d-------- C:\Program Files\SymNetDrv
2008-05-24 23:58 . 2008-05-25 00:11 <DIR> d-------- C:\Program Files\Symantec
2008-05-24 23:58 . 2008-05-25 00:15 <DIR> d-------- C:\Program Files\Norton AntiVirus
2008-05-24 23:58 . 2003-11-21 08:07 82,984 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-05-24 23:58 . 2003-11-21 08:07 82,136 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-05-24 23:24 . 2004-02-23 20:42 1,386,496 -r-hsc--- C:\WINDOWS\system32\dllcache\msvbvm60.dll
2008-05-24 23:24 . 2004-02-23 20:42 1,386,496 -r-hs---- C:\msvbvm60.dll
2008-05-06 18:44 . 2008-05-06 18:44 <DIR> d-------- C:\Program Files\Comcast
2008-05-06 18:44 . 2008-05-06 18:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-05-06 18:42 . 2008-05-06 18:42 <DIR> d-------- C:\Program Files\ComcastUI
2008-05-06 18:31 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-04-27 23:42 . 2004-09-10 13:50 34,820 --a------ C:\WINDOWS\system32\ffdshow.reg

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-29 05:15 --------- d-----w C:\Documents and Settings\Owner\Application Data\U3
2008-05-25 16:04 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-25 04:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-25 03:47 --------- d-----w C:\Program Files\Livejournal Client
2008-05-22 01:39 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-22 01:37 737,280 -c--a-w C:\WINDOWS\iun6002.exe
2008-05-22 01:21 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-05-20 02:39 --------- d-----w C:\Program Files\Morpheus
2008-05-06 22:44 --------- d-----w C:\Program Files\Common Files\SupportSoft
2008-05-06 22:32 --------- d-----w C:\Documents and Settings\Owner\Application Data\Apple Computer
2008-04-13 04:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-22 02:40 47,360 ----a-w C:\Documents and Settings\Owner\Application Data\pcouffin.sys
2003-06-20 19:04 0 -c--a-w C:\Documents and Settings\Guest\ub.dat
2003-06-20 19:04 0 -c--a-w C:\Documents and Settings\Guest\ad.dat
2004-11-25 19:17 56 --sh--r C:\WINDOWS\system32\7F148D9C13.sys
2004-02-24 00:42 1,386,496 -csh--r C:\WINDOWS\system32\dllcache\msvbvm60.dll
.

------- Sigcheck -------

2004-08-28 03:34 108032 101901a35fad677c78a8e9213f330e9e C:\WINDOWS\ServicePackFiles\i386\services.exe
2004-08-21 17:49 108032 bcc58f894048e8a081eca1d3ddb47c38 C:\WINDOWS\system32\services.exe

2004-08-28 03:33 15360 9d7bd61d8aaa064f6e7644c2f4f3340c C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2004-08-28 03:35 15360 a945a864e066fb8522884775f2653770 C:\WINDOWS\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" [ ]
"WebCamRT.exe"="" []
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe" [ ]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"Universal Installer"="C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe" [2008-03-18 14:50 984616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"windows auto update"="" []
"WildTangent CDA"="C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" [ ]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-03-08 20:45 180269]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-08-11 22:28 212992]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2004-08-11 22:29 81920]
"nwiz"="nwiz.exe" [2004-08-11 22:29 372736 C:\WINDOWS\system32\nwiz.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"KBD"="C:\HP\KBD\KBD.EXE" [2001-07-07 00:56 61440]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 16:55 155648]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 20:04 52736]
"Desksite CMA"="c:\program files\desksite\bin\cma.exe" [ ]
"AutoTBar"="C:\hp\bin\autotbar.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"ddoctorv2"="C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2007-04-19 14:21 198184]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-12-21 12:54 71328]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2008-05-25 00:11 95960]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [2007-06-07 18:28:25 1073152]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{0015D6FA-D7A2-456A-AE04-EB9ABF822FE4}"= C:\DOCUME~1\Owner\LOCALS~1\Temp\aow.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.YV12"= yv12vfw.dll
"vidc.i420"= i420vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\7-Zip\\7zFM.exe"=
"C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"C:\\WINDOWS\\system32\\lxczcoms.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R2 lxcz_device;lxcz_device;C:\WINDOWS\system32\lxczcoms.exe [2007-02-08 18:50]
S2 GlobalSCAPE CuteFTP Server Home;GlobalSCAPE CuteFTP Server Home;"C:\Program Files\GlobalSCAPE\CuteFTP Server\cftpstes.exe" []
S2 WNMFLT;Wifi Monitor Filter Plugin;C:\WINDOWS\system32\Drivers\WNMFLT.SYS []
S3 ComFiltr;Panda Anti-Dialer;C:\WINDOWS\system32\DRIVERS\COMFiltr.sys []
S3 PCDRDRV;Pcdr Helper Driver;C:\PROGRA~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-04-19 19:17:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-25 04:04:41 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Owner.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/task:
"2008-05-30 00:06:06 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-29 21:08:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-29 21:23:03
ComboFix-quarantined-files.txt 2008-05-30 01:22:57

Pre-Run: 35,860,123,648 bytes free
Post-Run: 35,849,224,192 bytes free

139 --- E O F --- 2008-05-28 11:11:00
  • 0

Advertisements


#11
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\iun6002.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"=-
"WebCamRT.exe"=-
"PhotoShow Deluxe Media Manager"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"windows auto update"=-
"WildTangent CDA"=-
"Desksite CMA"=-
"AutoTBar"=-


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the Combofix.txt report into your next reply along with a fresh HijackThis log, and let me know how your computer is behaving now.

Regards,
RatHat
  • 0

#12
Akina

Akina

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
ComboFix 08-05-29.1 - Owner 2008-05-30 23:09:56.4 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\iun6002.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\iun6002.exe

.
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-31 )))))))))))))))))))))))))))))))
.

2008-05-29 01:24 . 2008-05-29 01:24 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-29 01:24 . 2008-05-29 01:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-26 22:08 . 2008-05-26 22:08 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-25 23:37 . 2008-05-26 21:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-05-25 11:52 . 2008-05-25 11:52 <DIR> d-------- C:\Program Files\CCleaner
2008-05-25 00:11 . 2008-05-25 00:11 <DIR> d-------- C:\Program Files\SymNetDrv
2008-05-24 23:58 . 2008-05-25 00:11 <DIR> d-------- C:\Program Files\Symantec
2008-05-24 23:58 . 2008-05-25 00:15 <DIR> d-------- C:\Program Files\Norton AntiVirus
2008-05-24 23:58 . 2003-11-21 08:07 82,984 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-05-24 23:58 . 2003-11-21 08:07 82,136 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-05-24 23:24 . 2004-02-23 20:42 1,386,496 -r-hsc--- C:\WINDOWS\system32\dllcache\msvbvm60.dll
2008-05-24 23:24 . 2004-02-23 20:42 1,386,496 -r-hs---- C:\msvbvm60.dll
2008-05-06 18:44 . 2008-05-06 18:44 <DIR> d-------- C:\Program Files\Comcast
2008-05-06 18:44 . 2008-05-06 18:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-05-06 18:42 . 2008-05-06 18:42 <DIR> d-------- C:\Program Files\ComcastUI
2008-05-06 18:31 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-04-27 23:42 . 2004-09-10 13:50 34,820 --a------ C:\WINDOWS\system32\ffdshow.reg

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-29 05:15 --------- d-----w C:\Documents and Settings\Owner\Application Data\U3
2008-05-25 16:04 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-25 04:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-25 03:47 --------- d-----w C:\Program Files\Livejournal Client
2008-05-22 01:39 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-22 01:21 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-05-20 02:39 --------- d-----w C:\Program Files\Morpheus
2008-05-06 22:44 --------- d-----w C:\Program Files\Common Files\SupportSoft
2008-05-06 22:32 --------- d-----w C:\Documents and Settings\Owner\Application Data\Apple Computer
2008-04-13 04:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-22 02:40 47,360 ----a-w C:\Documents and Settings\Owner\Application Data\pcouffin.sys
2003-06-20 19:04 0 -c--a-w C:\Documents and Settings\Guest\ub.dat
2003-06-20 19:04 0 -c--a-w C:\Documents and Settings\Guest\ad.dat
2004-11-25 19:17 56 --sh--r C:\WINDOWS\system32\7F148D9C13.sys
2004-02-24 00:42 1,386,496 -csh--r C:\WINDOWS\system32\dllcache\msvbvm60.dll
.

------- Sigcheck -------

2004-08-28 03:34 108032 101901a35fad677c78a8e9213f330e9e C:\WINDOWS\ServicePackFiles\i386\services.exe
2004-08-21 17:49 108032 bcc58f894048e8a081eca1d3ddb47c38 C:\WINDOWS\system32\services.exe

2004-08-28 03:33 15360 9d7bd61d8aaa064f6e7644c2f4f3340c C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2004-08-28 03:35 15360 a945a864e066fb8522884775f2653770 C:\WINDOWS\system32\ctfmon.exe
.
((((((((((((((((((((((((((((( snapshot@2008-05-29_21.22.32.10 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-29 19:57:12 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-31 02:05:27 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"Universal Installer"="C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe" [2008-03-18 14:50 984616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-03-08 20:45 180269]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-08-11 22:28 212992]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2004-08-11 22:29 81920]
"nwiz"="nwiz.exe" [2004-08-11 22:29 372736 C:\WINDOWS\system32\nwiz.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"KBD"="C:\HP\KBD\KBD.EXE" [2001-07-07 00:56 61440]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 16:55 155648]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 20:04 52736]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"ddoctorv2"="C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2007-04-19 14:21 198184]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-12-21 12:54 71328]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2008-05-25 00:11 95960]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [2007-06-07 18:28:25 1073152]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{0015D6FA-D7A2-456A-AE04-EB9ABF822FE4}"= C:\DOCUME~1\Owner\LOCALS~1\Temp\aow.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.YV12"= yv12vfw.dll
"vidc.i420"= i420vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\7-Zip\\7zFM.exe"=
"C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"C:\\WINDOWS\\system32\\lxczcoms.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R2 lxcz_device;lxcz_device;C:\WINDOWS\system32\lxczcoms.exe [2007-02-08 18:50]
S2 GlobalSCAPE CuteFTP Server Home;GlobalSCAPE CuteFTP Server Home;"C:\Program Files\GlobalSCAPE\CuteFTP Server\cftpstes.exe" []
S2 WNMFLT;Wifi Monitor Filter Plugin;C:\WINDOWS\system32\Drivers\WNMFLT.SYS []
S3 ComFiltr;Panda Anti-Dialer;C:\WINDOWS\system32\DRIVERS\COMFiltr.sys []
S3 PCDRDRV;Pcdr Helper Driver;C:\PROGRA~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-04-19 19:17:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-25 04:04:41 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Owner.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/task:
"2008-05-31 02:18:09 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-30 23:20:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-30 23:36:07
ComboFix-quarantined-files.txt 2008-05-31 03:35:58
ComboFix2.txt 2008-05-30 01:23:05

Pre-Run: 35,956,477,952 bytes free
Post-Run: 35,946,627,072 bytes free

140 --- E O F --- 2008-05-28 11:11:00
  • 0

#13
Akina

Akina

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
My computer is acting a little better than before, with the message of svchost.exe not being found no longer appearing, however everything is still going slower than it should be. Loading should not be taking this long, so sorry for still having a problem :)


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:54:32 PM, on 5/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://awesomestart.com/elfenlied/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Universal Installer] "C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe" /fromrun /starthidden
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab47946.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab31267.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GlobalSCAPE CuteFTP Server Home - Unknown owner - C:\Program Files\GlobalSCAPE\CuteFTP Server\cftpstes.exe (file missing)
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 9929 bytes
  • 0

#14
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Please uninstall the following programs:

Comcast Desktop Doctor

  • Go to Start then Settings, then Control Panel
  • Choose Add or Remove Programs
  • Remove all of the above
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OK, lets do a bit of a tune up of your machine.

Firstly, lets get rid of all the old prefetch files, that could be slowing things down a bit:

Click Start then Run, type prefetch then press enter. Click Edit then Select All, (all files will highlight), right click any file, click delete, confirm. This will empty all the old prefetch files, and Windows will rebuild the new ones that it needs. If you want to find out more about what Prefetch does, click here.

Now, lets run Disk Cleanup:

Click Start then All Programmes, then Accessories, then system tools. Locate Disk Cleanup and click to run it. Clean all your drives, then reboot your computer.

Next run a defrag: Start then All Programmes, then Accessories, then system tools. Locate Disk Defragmenter and click to run it. Highlight a drive, and click Defragment. Repeat for each of your drives.

Another good way to improve the speed of your computer is by downloading and installing Tune-Up Utilities.

Run Tune Up disc clean up

Run Tune Up registry clean up

Disable the anti virus programme then click Optimize and Improve to run Reg Defrag, the screen will lose colour during the process which can take a few minutes and then needs a reboot

Check the anti virus programme is running

Those will have cleared the drive of obsolete software errors

These are suggestions for making the most of the free trial

Click optimize and improve then system optimizer to optimize the computer, select computer with an internet connection from the drop down menu, this also requires a reboot

After the reboot, click optimize then system optimizer to accelerate downloads, select the speed just above your actual connection speed, this requires a reboot.

After the reboot, click optimize then system optimizer to run system advisor.

Regards,
RatHat
  • 0

#15
Akina

Akina

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
For the Tune Up disc clean up, what do I click on? My only options are = "TuneUp 1-Click Maintenance" "TuneUp Disk Doctor" "TuneUp Disk Space Explorer"
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP