Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus despite New HD


  • Please log in to reply

#1
hawthorn

hawthorn

    Member

  • Member
  • PipPipPip
  • 203 posts
I am having terrible trouble at the moment. Norton detected netsky last week and deleted it. Since that i have installed a new HD, and reinstalled XP, but very little else.Was running for 2 days before installing Norton, as PC was running incredibly slow and i was writing to various forums for help.

Today at PC Pitstop Forum I did a test of my PC and it said I had Netsky. Also I d/loaded Stinger and IT discovered and deleted 2 worms and 2 viruses.

And Trend Micro House call discovered 4 more worms/viruses and deleted them. I presume i picked them up in these last 2 days.

But none of them detected Netsky, although Pitstop still does. I wondered if a reformat would be best, but i got a few replies telling me that Netsky could survive a reformat! i quote

"Yes it is. It can make itself undeletable with a reformat, I had one like this last week.

To guarantee its removal, you must use your HD utility disk and write 0s to the HD. Then it will be gone. When you reformat, win only knocks off a few zone bits and technically does not delete the files.

You can do a clean install and have a virus the minute you boot for the first time. Theres also a chance that the virus or virus repair files are hidden in your BIOS program. This is the purpose of 'Dual Bios'. If the Bios are corrupted by a virus, you can load a new clean copy of the Bios program from within BIOS .

So yes, a Virus can also live in your BIOS software."

What I also wonder is could it have survived a new HD being installed?

And more important, what will i do now!!??

KC
  • 0

Advertisements


#2
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
Run a free online virus scan here (tick the "Auto Clean" checkbox):
http://housecall.antivirus.com/

Since that i have installed a new HD, and reinstalled XP

Did you enable the Windows Firewall and apply critical updates immediately after installing XP. On average, an unprotected system will contract a virus 20 minutes after being connected to the Internet. <_<

A fdisk (or delete and install the partitions), and format will remove most any virus.
  • 0

#3
hawthorn

hawthorn

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 203 posts
I have already run HouseCall and it didnt find Netsky.
  • 0

#4
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
I think PCPitstop is giving you a false positive. <_<

Let us take a closer look at what is running on your PC. We'll need you to use a free diagnostic tool (HiJackThis) and post a log back here with the results.

Click the HijackThis Guide in my signature, download it and follow the instructions in the guide.

Most of what it lists will be harmless or even essential, DO NOT delete or modify anything yet! Someone will be along to tell you what steps to take after you post the contents of the scan results.
  • 0

#5
hawthorn

hawthorn

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 203 posts
I actually replied to you earlier today buy the pc hung and wouldnt send it!

Anyway, The latest situation is this:

I downloaded AVG and its updates, it found 4 virus/trojans and removed 3 of them, leaving a Trojan Boxed.B virus.

I loaded and ran adaware and Spybot search and destroy, ran AVG again, and no virus showed.

However, Im convinced there is something there still. Occasionally certain web pages wont open, and earlier the pc just hung, and i had to turn it off manually.

Now when I turn on the pc a screen opens (explorer type screen) System 32, showing loads of folders. I simply close it down and continue.

Here is the Hijack This log:

Logfile of HijackThis v1.97.7
Scan saved at 02:44:18, on 17/09/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\videosd32.exe
C:\WINDOWS\System32\syshelper.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Grisoft\AVG6\AVGCC32.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Kevin Carroll\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [Win32 Configuration] videosd32.exe
O4 - HKLM\..\Run: [BuildLabs] C:\WINDOWS\system\csrss.exe
O4 - HKLM\..\Run: [MicrosoftUpdate] syshelper.exe
O4 - HKLM\..\Run: [MSNMSGRS] C:\swiss.bat
O4 - HKLM\..\Run: [BootCTRL] C:\bootctrl.exe
O4 - HKLM\..\Run: [Microsoft Update] wssvr.exe
O4 - HKLM\..\Run: [NAV CfgWiz] C:\PROGRA~1\NORTON~1\NORTON~1\Cfgwiz.exe /R
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\RunServices: [Win32 Configuration] videosd32.exe
O4 - HKLM\..\RunServices: [MicrosoftUpdate] syshelper.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wssvr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Win32 Configuration] videosd32.exe
O4 - HKCU\..\Run: [MicrosoftUpdate] syshelper.exe
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:ENG
O4 - HKLM\..\RunOnce: [Win32 Configuration] videosd32.exe
O4 - HKLM\..\RunOnce: [MicrosoftUpdate] syshelper.exe
O4 - HKCU\..\RunOnce: [Win32 Configuration] videosd32.exe
O4 - HKCU\..\RunOnce: [MicrosoftUpdate] syshelper.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1095350570078
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{03C8E272-58D2-443E-BA91-695EECC228C9}: NameServer = 194.145.128.1 194.125.2.206
O17 - HKLM\System\CS1\Services\Tcpip\..\{03C8E272-58D2-443E-BA91-695EECC228C9}: NameServer = 194.145.128.1 194.125.2.206



So thats it for now! The pc is running faster now, but occasionally the CPU usage shoots up to 100%.

Thanks all for patience and help so far.

KC
  • 0

#6
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
You may wish to print out a copy of these instructions to follow while you complete this procedure.

Please save Hijack This in a permanent folder (i.e. C:\HJT). This ensures backups are saved and accessible.

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.


O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Win32 Configuration] videosd32.exe
O4 - HKLM\..\Run: [MicrosoftUpdate] syshelper.exe
O4 - HKLM\..\Run: [MSNMSGRS] C:\swiss.bat
O4 - HKLM\..\Run: [BootCTRL] C:\bootctrl.exe
O4 - HKLM\..\Run: [Microsoft Update] wssvr.exe
O4 - HKLM\..\RunServices: [Win32 Configuration] videosd32.exe
O4 - HKLM\..\RunServices: [MicrosoftUpdate] syshelper.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wssvr.exe
O4 - HKCU\..\Run: [Win32 Configuration] videosd32.exe
O4 - HKCU\..\Run: [MicrosoftUpdate] syshelper.exe
O4 - HKLM\..\RunOnce: [Win32 Configuration] videosd32.exe
O4 - HKLM\..\RunOnce: [MicrosoftUpdate] syshelper.exe
O4 - HKCU\..\RunOnce: [Win32 Configuration] videosd32.exe
O4 - HKCU\..\RunOnce: [MicrosoftUpdate] syshelper.exe
O4 - HKLM\..\Run: [MSNMSGRS] C:\swiss.bat

Please reboot into safe mode - How do I boot into "Safe" mode?.
Be sure you're able to view hidden files, and remove the following files in bold (if found):



C:\syshelper.exe
C:\swiss.bat
C:\WINDOWS\System32\videosd32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\ wssvr.exe
C:\bootctrl.exe




If you would please, rescan with HijackThis and post a fresh log in this same topic, and let us know how your system's working. <_<
C:\ syshelper.exe
  • 0

#7
hawthorn

hawthorn

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 203 posts
Hi coachwife! Thanks for your instructions; just got them today, and will try it later this evening. just wondering if you wouldnt mind telling me what exactly you think is going on in my pc? What am I actually deleting and fixing? Im just curious to know!

Thanks

KC
  • 0

#8
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
I've slept since then, so I really can't remember that much. <_<

From a quick look right now, it looks like you downloaded something that tricked you into thinking it was from Microsoft. Who knows for sure? I used to wonder what caused it, but now I just want it gone. :D

Good luck.
  • 0

#9
hawthorn

hawthorn

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 203 posts
Hi Coachwife!

I've gone as far as rebooting in safe mode....but Im now stuck.
This is probably a fairly basic question but remove the 6 files you listed from where?

At the moment the system 32 folder is still opening up (though now Im in normal mode, to go online)

KC
  • 0

#10
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Right-click on start...you should see the "search" option. Click on that. Scroll down and click more advanced options. Make sure show hidden files is checked. Put in a part of the file name listed and hit search.
  • 0

Advertisements


#11
hawthorn

hawthorn

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 203 posts
Hi Coachwife!

Ok I've done that, but not deleted anything yet. Here is what found:

C:\WINDOWS\System32\videosd32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\ wssvr.exe
C:\bootctrl.exe

none of the above were found.

C:\syshelper.exe this one was found but it was listed as
IN folder C:\WINDOWS\system32

It wasnt in bold (none of them were). Do I still delete it?



C:\swiss.bat this was found as IN folder C:\

again not in bold. Should I delete it?


I await...!

Thanks!
Kevin
  • 0

#12
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Yes, delete them all. You did well. <_<

Edited by coachwife6, 21 September 2004 - 09:00 AM.

  • 0

#13
hawthorn

hawthorn

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 203 posts
OK coachwife! I deleted the files, re-booted, but the System 32 folder still opens up. here is the Hijack This log I've just taken:

Logfile of HijackThis v1.97.7
Scan saved at 17:09:45, on 21/09/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\WINDOWS\win32dlli.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Kevin Carroll\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [BuildLabs] C:\WINDOWS\system\csrss.exe
O4 - HKLM\..\Run: [NAV CfgWiz] C:\PROGRA~1\NORTON~1\NORTON~1\Cfgwiz.exe /R
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [ctfmonn] C:\WINDOWS\win32dlli.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:ENG
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1095350570078
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab

So now! Thanks again for your patience and help.

Kevin
  • 0

#14
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Kev:

You're doing well. Follow the same instructions and get rid of these entries.

O4 - HKLM\..\Run: [ctfmonn] C:\WINDOWS\win32dlli.exe

Reboot into safe mode and get rid of this file. It is causing a great deal of your problems.

C:\WINDOWS\win32dlli.exe

Do a search for something named this. If you find it, delete it.

W32.Xau@mm.

Clean out your disc. Click on start....programs...accessories...system tools...clean up drive C.

Reboot and post a new log.
Later-
  • 0

#15
hawthorn

hawthorn

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 203 posts
Hi again coachwife!

Ok have done that, couldnt find W32.Xau@mm however.
And System 32 still opens up when I turn on...!!!!!

Anyway here is the latest log:

Logfile of HijackThis v1.97.7
Scan saved at 01:35:26, on 22/09/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Kevin Carroll\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [BuildLabs] C:\WINDOWS\system\csrss.exe
O4 - HKLM\..\Run: [NAV CfgWiz] C:\PROGRA~1\NORTON~1\NORTON~1\Cfgwiz.exe /R
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:ENG
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1095350570078
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab


Talk soon no doubt.....!

Kevin
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP