lesser-equity

Magazine
Go Back   Computer Juice > Computer Software > Virus, Spyware & Security
Reload this Page

Think my desktop PC been infected by bugs/viruses! Any help?

Register Site Spy Member List Donate Search Today's Posts Mark Forums Read Forum Rules

Register


 Default 

Think my desktop PC been infected by bugs/viruses! Any help?




Reply
Page 2 of 3 1 2 3
 
Thread Tools
  #11  
Old 30th Jan 2009, 13:15
Moderator Group
  
Default Think my desktop PC been infected by bugs/viruses! Any help?

ComboFix is compatible with VISTA home premium. What is the exact error message?
__________________
  #12  
Old 30th Jan 2009, 13:57
Member Group
  
Default Think my desktop PC been infected by bugs/viruses! Any help?

OK now i manage to get combofix to work.

Below is the log:

Quote:
ComboFix 09-01-21.04 - Jay 2009-01-30 20:35:33.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1015.218 [GMT 0:00]
Running from: c:\users\Jay\Desktop\ComboFix.exe
AV: Norton 360 *On-access scanning disabled* (Outdated)
FW: Norton 360 *disabled*
* Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-30 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-01-30 20:13 --------- d-----w c:\programdata\Google Updater
2009-01-30 20:08 --------- d-----w c:\users\Jay\AppData\Roaming\uTorrent
2009-01-30 19:39 --------- d---a-w c:\programdata\TEMP
2009-01-30 16:17 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-30 16:07 --------- d-----w c:\program files\Common Files\Adobe
2009-01-30 10:51 --------- d-----w c:\program files\Spyware Doctor
2009-01-30 10:48 --------- d-----w c:\users\Jay\AppData\Roaming\Malwarebytes
2009-01-30 10:48 --------- d-----w c:\programdata\Malwarebytes
2009-01-30 10:48 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-29 20:07 --------- d-----w c:\program files\trend micro
2009-01-25 19:00 --------- d-----w c:\programdata\FLEXnet
2009-01-25 18:47 --------- d-----w c:\program files\Adobe Media Player
2009-01-25 18:45 --------- d-----w c:\program files\Common Files\Adobe AIR
2009-01-25 18:43 --------- d-----w c:\program files\Common Files\Macrovision Shared
2009-01-24 18:25 --------- d-----w c:\programdata\Access Lock
2009-01-24 18:17 --------- d-----w c:\program files\Access Lock
2009-01-22 10:26 --------- d-----w c:\users\Jay\AppData\Roaming\OpenOffice.org2
2009-01-19 22:20 --------- d-----w c:\programdata\Yahoo! Companion
2009-01-19 22:19 --------- d-----w c:\programdata\Symantec
2009-01-19 22:18 --------- d-----w c:\program files\GetGo Software
2009-01-19 16:16 --------- d-----w c:\users\Jay\AppData\Roaming\Orbit
2009-01-19 15:52 --------- d-----w c:\users\Jay\AppData\Roaming\Megaupload
2009-01-19 15:20 --------- d-----w c:\program files\QuickMediaConverter
2009-01-19 14:25 --------- d-----w c:\users\Jay\AppData\Roaming\GetGo Software
2009-01-19 14:09 --------- d-----w c:\program files\VDOWNLOADER
2009-01-19 14:08 --------- d-----w c:\users\Jay\AppData\Roaming\Desktopicon
2009-01-19 10:44 --------- d-----w c:\users\Jay\AppData\Roaming\DivX
2009-01-19 10:30 --------- d-----w c:\program files\uTorrent
2009-01-19 10:26 --------- d-----w c:\program files\DivX
2009-01-19 10:26 --------- d-----w c:\program files\Common Files\PX Storage Engine
2009-01-14 16:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 16:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-13 13:05 --------- d-----w c:\users\Jay\AppData\Roaming\Notepad++
2009-01-13 11:55 --------- d-----w c:\program files\Notepad++
2009-01-11 18:02 410,984 ----a-w c:\windows\System32\deploytk.dll
2009-01-11 18:02 --------- d-----w c:\program files\Java
2009-01-06 09:15 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-01-06 09:15 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-06 09:15 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-06 09:15 --------- d-----w c:\program files\Symantec
2009-01-03 18:23 --------- d-----w c:\programdata\Yahoo!
2009-01-03 18:23 --------- d-----w c:\program files\Yahoo!
2009-01-03 17:52 --------- d-----w c:\program files\Mozilla Thunderbird
2009-01-01 18:04 --------- d-----w c:\users\Jay\AppData\Roaming\Yahoo!
2008-12-20 21:13 --------- d-----w c:\program files\Bonjour
2008-12-20 13:58 174 --sha-w c:\program files\desktop.ini
2008-12-20 13:54 --------- d-----w c:\program files\Windows Mail
2008-12-20 13:52 --------- d-----w c:\programdata\Microsoft Help
2008-12-18 22:39 129 ----a-w C:\DelUS.bat
2008-12-18 22:38 --------- d-----w c:\programdata\PPLiveVA
2008-12-18 22:36 --------- d-----w c:\program files\SwarmPlayer
2008-12-18 22:33 --------- d-----w c:\program files\CoffeeCup Software
2008-12-16 11:41 --------- d-----w c:\users\Jay\AppData\Roaming\PPLiveVA
2008-12-13 17:01 --------- d-----w c:\users\Jay\AppData\Roaming\.SwarmPlayer
2008-12-13 17:00 --------- d-----w c:\users\Jay\AppData\Roaming\.Tribler
2008-12-12 11:18 87,336 ----a-w c:\windows\System32\dns-sd.exe
2008-12-12 11:11 61,440 ----a-w c:\windows\System32\dnssd.dll
2008-12-11 00:33 86,016 ----a-w c:\windows\System32\dpl100.dll
2008-12-11 00:33 200,704 ----a-w c:\windows\System32\dtu100.dll
2008-12-09 02:28 593,920 ----a-w c:\windows\System32\dpuGUI11.dll
2008-12-09 02:28 57,344 ----a-w c:\windows\System32\dpv11.dll
2008-12-09 02:28 344,064 ----a-w c:\windows\System32\dpus11.dll
2008-12-09 02:28 294,912 ----a-w c:\windows\System32\dpu11.dll
2008-12-06 18:15 --------- d-----w c:\program files\WinSCP
2008-11-30 23:07 15,804,416 ----a-w c:\windows\System32\imageres.dll
2008-11-29 21:13 --------- d-----w c:\program files\Safari
2008-11-06 16:37 524,288 ----a-w c:\windows\System32\DivXsm.exe
2008-11-06 16:37 3,596,288 ----a-w c:\windows\System32\qt-dx331.dll
2008-11-06 16:35 200,704 ----a-w c:\windows\System32\ssldivx.dll
2008-11-06 16:35 1,044,480 ----a-w c:\windows\System32\libdivx.dll
2008-11-06 16:33 823,296 ----a-w c:\windows\System32\divx_xx0c.dll
2008-11-06 16:33 823,296 ----a-w c:\windows\System32\divx_xx07.dll
2008-11-06 16:33 815,104 ----a-w c:\windows\System32\divx_xx0a.dll
2008-11-06 16:33 802,816 ----a-w c:\windows\System32\divx_xx11.dll
2008-11-06 16:33 684,032 ----a-w c:\windows\System32\DivX.dll
2008-11-06 16:33 12,288 ----a-w c:\windows\System32\DivXWMPExtType.dll
2008-11-01 03:33 537,600 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:33 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:33 449,536 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:33 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2008-11-01 03:33 2,144,256 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:33 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-11-01 03:33 1,687,040 ----a-w c:\windows\System32\gameux.dll
2008-10-31 23:38 4,247,552 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2008-10-31 23:23 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2008-10-29 06:20 2,923,520 ----a-w c:\windows\explorer.exe
2008-10-22 03:43 95,232 ----a-w c:\windows\System32\PortableDeviceClassExtension.d ll
2008-10-22 03:43 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll
2008-10-22 03:43 160,768 ----a-w c:\windows\System32\PortableDeviceTypes.dll
2008-10-21 23:31 2,048 ----a-w c:\windows\System32\tzres.dll
2008-10-21 05:16 297,472 ----a-w c:\windows\System32\gdi32.dll
2008-10-21 05:16 1,645,568 ----a-w c:\windows\System32\connect.dll
2008-10-16 21:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll
2008-10-16 21:12 561,688 ----a-w c:\windows\System32\wuapi.dll
2008-10-16 21:09 51,224 ----a-w c:\windows\System32\wuauclt.exe
2008-10-16 21:09 43,544 ----a-w c:\windows\System32\wups2.dll
2008-10-16 21:08 34,328 ----a-w c:\windows\System32\wups.dll
2008-10-16 20:56 1,524,736 ----a-w c:\windows\System32\wucltux.dll
2008-10-16 20:55 83,456 ----a-w c:\windows\System32\wudriver.dll
2008-10-16 14:08 162,064 ----a-w c:\windows\System32\wuwebv.dll
2008-05-15 20:39 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\History\History.IE5\index.da t
2008-05-15 20:39 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-05-15 20:39 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Ro aming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"Nero PhotoShow Media Manager"="c:\progra~1\Nero\NEROPH~1\data\Xtras\mss ysmgr.exe" [2006-05-10 249856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-11-15 151552]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 464168]
"CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2006-11-18 182744]
"NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2006-09-26 423424]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-24 154136]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2007-08-24 129560]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"MSConfig"="c:\windows\system32\msconfig.exe" [2006-11-02 222208]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-11 136600]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-11-03 1168264]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\MpcStar\Codecs\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"ala.exe"="c:\program files\access lock\ala.exe" [2005-07-20 579072]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e" [2008-08-14 611712]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 c:\windows\RtHDVCpl.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-16 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
--a------ 2007-02-16 01:39 151552 c:\acer\AcerTour\Reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 10:09 63712 c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-09-20 09:51 1836328 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero PhotoShow Media Manager]
--a------ 2006-05-10 19:52 249856 c:\progra~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-08-07 00:05 200704 c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\MpcStar\Codecs\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-12-27 14:01 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"WarReg_PopUp"=c:\acer\WR_PopUp\WarReg_PopUp.e xe
"Acer Empowering Technology Monitor"=c:\acer\Empowering Technology\SysMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{FB6B45A3-C732-4633-A7AB-253C1EAFB55C}"= c:\program files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{69931EF8-E65D-474E-AF40-F493F860AF3C}"= c:\program files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
"{B2DE75FD-D679-4417-8900-7A12C187678A}"= c:\program files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
"{B922E713-74E5-4F4A-9989-6E6C29A92449}"= c:\program files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
"{D40BF103-6006-4F6C-9740-165D15B50EBA}"= UDP:Profile=Private|Profile=Public:LocalSubnet:Loc alSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{C84BAFBF-4FCB-4814-B662-018A5035C4A2}"= TCP:Profile=Private|Profile=Public:LocalSubnet:Loc alSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{BBA86C52-3F87-4885-9C32-CF683FD8CF55}"= UDP:Profile=Private|Profile=Public:LocalSubnet:Loc alSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{A0B3150A-80FE-42A5-AC73-CDBCCBD3BF41}"= TCP:Profile=Private|Profile=Public:LocalSubnet:Loc alSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{3B8108F6-550F-447F-91E4-1BAF400B4759}"= UDP:Profile=Private|Profile=Public:LocalSubnet:Loc alSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{9BDA73A9-F76C-4DA5-944E-608900972F59}"= TCP:Profile=Private|Profile=Public:LocalSubnet:Loc alSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{AD198510-C252-43EB-B416-059D5969BFCD}"= TCP:Profile=Private|Profile=Public|9442:127.0.0.1: Intel(R) Viiv(TM) Media Server Discovery
"{5ADBF990-15F6-4F93-827C-650A5B8126B9}"= TCP:Profile=Private|Profile=Public|1900:LocalSubne t:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{34AEEE7E-7E6C-4459-815E-1A292D7C59C8}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{84153126-C1D9-4442-A758-7CC5AE889E4A}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{116C338F-A5F7-47BE-BF51-1EBA90594BCE}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{F1D3005F-2E18-4F78-9D4E-79E6BB64CE9C}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{50A44FC5-C124-4B1E-8858-8F13FFAE7B73}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A7CF579C-7B4A-4A74-85B4-024009F3EC2E}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{EBE24F32-B7A2-4532-8A81-903195D50D63}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{1C6090A9-47CC-4F24-A528-46CFD11B321A}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{1D64C6B9-5AE3-4EDB-9AD9-68C60333E744}"= UDP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{1D9990EB-FA6B-4DAC-BE98-4F048C829425}"= TCP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{6F3E1467-8528-46FD-9830-B3F781081F2B}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{53565130-E9E7-4F47-8E2F-8A0EEEFED9E1}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E39BCEE8-1FCC-4474-8B84-DB33BEDB39DD}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B7438F52-9FE8-410C-AD16-4056C8E07C3C}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6D65E25B-C9C7-4470-9782-476EECD3DF23}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A95FDE7B-3787-45E7-BD67-8CB2A37063E5}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6B30E86C-08ED-43F0-AB34-269ED98DE7F8}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D5808180-9093-45A4-9714-7FA83C145E54}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8E46FD03-241A-4C9F-B407-DBFCF7F61C3F}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5809726A-D523-4B40-8C46-85C588CE27DB}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0954EF2B-A4CD-42AF-BDAA-AE7760F015DB}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{DA755F64-F344-48A8-9B07-8FEDB9CEB1B2}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F94EAA66-DF90-4E23-92EF-1BC026157771}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{201345C4-B458-495D-B3AA-6E6907ABFE38}"= UDP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{CAA39B06-CF19-4A04-8B64-31003040F610}"= TCP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{E424D017-9C8E-4961-84CC-E0CB77271BCD}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{23820B35-32EC-46DC-9936-8B6E5193467F}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{8966DC93-82AC-449E-A261-9CB9F43D278F}"= UDP:c:\program files\PPLiveVA\PPLiveVA.exe:PPLiveVA
"{FF70A0DF-15AD-4C43-A45A-5DD3D8D5AEBB}"= TCP:c:\program files\PPLiveVA\PPLiveVA.exe:PPLiveVA
"{EE9CB939-3C76-49E1-ACFE-8416A69280DE}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{D94D3D23-9C39-46DA-9891-314D809F1102}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{6B16C24A-AA50-404F-8C95-63C351C73C78}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{13A7FDD2-4438-4D9B-8D32-0EB745C62B1B}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{49DE7838-9400-440F-8784-2C841CB17B92}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{C50E6A1C-6299-44BE-9E53-C55FCCAFB253}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{1B4AEA59-43A2-4732-AB81-A42DDC9FF1F8}"= UDP:5353:Adobe CSI CS4
"{EB2C6687-5FCA-4BB5-BA57-9AFBF0082035}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e:Adobe CSI CS4
"{79EA5297-9543-4447-8236-49DC23106201}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e:Adobe CSI CS4

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|S vc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile]
"EnableFirewall"= 0 (0x0)

S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsd efs\20090129.001\IDSvix86.sys [2008-09-12 270384]
S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.e xe [2006-10-29 208896]
S2 nmsgopro;GoProto Protocol Driver for NMS;c:\windows\system32\DRIVERS\nmsgopro.sys [2006-09-27 28672]
S2 nmsunidr;UniDriver for NMS;c:\windows\system32\DRIVERS\nmsunidr.sys [2006-10-19 7424]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
S3 CXRAPTOR;MPC718 Video Capture ;c:\windows\system32\drivers\yuanrap.sys [2007-03-07 146176]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-02 99376]
S3 IntelDH;IntelDH Driver;c:\windows\system32\Drivers\IntelDH.sys [2007-10-04 5504]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMN DISV.SYS [2007-01-09 38200]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
*Deregistered* - AFD
*Deregistered* - AtiPcie
*Deregistered* - Beep
*Deregistered* - bowser
*Deregistered* - cdfs
*Deregistered* - CLFS
*Deregistered* - comHost
*Deregistered* - crcdisk
*Deregistered* - DfsC
*Deregistered* - DXGKrnl
*Deregistered* - eeCtrl
*Deregistered* - EraserUtilRebootDrv
*Deregistered* - fastfat
*Deregistered* - FileInfo
*Deregistered* - FltMgr
*Deregistered* - HTTP
*Deregistered* - IDSvix86
*Deregistered* - IKFileSec
*Deregistered* - IKSysFlt
*Deregistered* - IKSysSec
*Deregistered* - int15
*Deregistered* - IntelDH
*Deregistered* - iScsiPrt
*Deregistered* - kbdclass
*Deregistered* - KSecDD
*Deregistered* - lltdio
*Deregistered* - luafv
*Deregistered* - mchInjDrv
*Deregistered* - mouclass
*Deregistered* - MountMgr
*Deregistered* - mpsdrv
*Deregistered* - MRxDAV
*Deregistered* - mrxsmb
*Deregistered* - mrxsmb10
*Deregistered* - mrxsmb20
*Deregistered* - Msfs
*Deregistered* - msisadrv
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NAVENG
*Deregistered* - NAVEX15
*Deregistered* - NDIS
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - netbt
*Deregistered* - nmsgopro
*Deregistered* - nmsunidr
*Deregistered* - Npfs
*Deregistered* - nsiproxy
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - PEAUTH
*Deregistered* - PptpMiniport
*Deregistered* - PQNTDrv
*Deregistered* - PSched
*Deregistered* - PSDFilter
*Deregistered* - PSDNServ
*Deregistered* - psdvdisk
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasPppoe
*Deregistered* - rdbss
*Deregistered* - RDPCDD
*Deregistered* - RDPENCDD
*Deregistered* - RDPWD
*Deregistered* - rspndr
*Deregistered* - SCDEmu
*Deregistered* - secdrv
*Deregistered* - Smb
*Deregistered* - SPBBCDrv
*Deregistered* - spldr
*Deregistered* - SRTSP
*Deregistered* - SRTSPX
*Deregistered* - srv
*Deregistered* - srv2
*Deregistered* - srvnet
*Deregistered* - swenum
*Deregistered* - SYMDNS
*Deregistered* - SymEvent
*Deregistered* - SYMFW
*Deregistered* - SYMIDS
*Deregistered* - SYMNDISV
*Deregistered* - SYMREDRV
*Deregistered* - SYMTDI
*Deregistered* - Tcpip
*Deregistered* - tcpipreg
*Deregistered* - TDTCP
*Deregistered* - tdx
*Deregistered* - tssecsrv
*Deregistered* - tunmp
*Deregistered* - tunnel
*Deregistered* - umbus
*Deregistered* - VgaSave
*Deregistered* - volmgr
*Deregistered* - volmgrx
*Deregistered* - volsnap
*Deregistered* - Wanarpv6
*Deregistered* - Wdf01000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-01-30 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:09]

2009-01-30 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.uk.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Jay\AppData\Roaming\Mozilla\Firefox\Profi les\veqz5ijr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin. dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin2 .dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin3 .dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin4 .dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin5 .dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-30 20:36:18
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2009-01-30 20:43:08
ComboFix-quarantined-files.txt 2009-01-30 20:43:01

Pre-Run: The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 30,342,512,640 bytes free

409 --- E O F --- 2009-01-03 14:10:31
  #13  
Old 30th Jan 2009, 14:01
Member Group
  
Default Think my desktop PC been infected by bugs/viruses! Any help?

And heres the other log file (hijack this)

Quote:
Logfile of random's system information tool 1.05 (written by random/random)
Run by Jay at 2009-01-30 20:59:43
Microsoft® Windows Vista™ Home Premium
System drive C: has 28 GB (22%) free of 127 GB
Total RAM: 1015 MB (25% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:59:57, on 30/01/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Access Lock\ala.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Nero\Nero PhotoShow 4\data\Xtras\mssysmgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.e xe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\System32\TuneUpDefragService.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Jay\Applications\RSIT.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Jay.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/yco...//uk.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\sw g.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingl eInstance.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\MpcStar\Codecs\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ala.exe] c:\program files\access lock\ala.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e" -launchedbylogin
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1150238235-2253000729-3966277688-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-1150238235-2253000729-3966277688-1001\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-1150238235-2253000729-3966277688-1001\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-1150238235-2253000729-3966277688-1001\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)
O13 - Gopher Prefix:
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/.../GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.e xe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

--
End of file - 16397 bytes

======Scheduled tasks folder======

C:\Windows\tasks\1-Click Maintenance.job
C:\Windows\tasks\Check Updates for Windows Live Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}]
C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll [2007-02-19 97960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll [2007-08-30 513336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-11 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-12-14 392240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-10-06 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\sw g.dll [2008-10-10 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-11 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingl eInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Windows\system32\eDStoolbar.dll [2007-02-07 151552]
{90222687-F593-4738-B738-FBEE9C7B26DF} - Show Norton Toolbar - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll [2007-02-19 609424]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-10-06 2403392]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-02-15 4390912]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2006-11-15 151552]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2007-02-07 464168]
"CCUTRAYICON"=C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe [2006-11-18 182744]
"NMSSupport"=C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe [2006-09-26 423424]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2007-08-24 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2007-08-24 154136]
"Persistence"=C:\Windows\system32\igfxpers.exe [2007-08-24 129560]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2007-01-10 115816]
"MSConfig"=C:\Windows\system32\msconfig.exe [2006-11-02 222208]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-11 136600]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-11-03 1168264]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-10-01 111936]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"QuickTime Task"=C:\Program Files\MpcStar\Codecs\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"ala.exe"=c:\program files\access lock\ala.exe [2005-07-20 579072]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e [2008-08-14 611712]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2005-08-11 249856]
"Nero PhotoShow Media Manager"=C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssy smgr.exe [2006-05-10 249856]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
C:\Acer\AcerTour\Reminder.exe [2007-02-16 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-09-20 1836328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero PhotoShow Media Manager]
C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe [2006-05-10 249856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE [2007-08-07 200704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\MpcStar\Codecs\QuickTime\QTTask.exe [2008-11-04 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe [2007-12-27 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2007-08-24 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\sdcoreservice]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\System]
"DisableChangePassword"=0
"DisableLockWorkstation"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\explorer]
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2009-01-30 20:43:09 ----A---- C:\ComboFix.txt
2009-01-30 20:33:46 ----A---- C:\Windows\zip.exe
2009-01-30 20:33:46 ----A---- C:\Windows\VFIND.exe
2009-01-30 20:33:46 ----A---- C:\Windows\SWXCACLS.exe
2009-01-30 20:33:46 ----A---- C:\Windows\SWSC.exe
2009-01-30 20:33:46 ----A---- C:\Windows\SWREG.exe
2009-01-30 20:33:46 ----A---- C:\Windows\sed.exe
2009-01-30 20:33:46 ----A---- C:\Windows\NIRCMD.exe
2009-01-30 20:33:46 ----A---- C:\Windows\grep.exe
2009-01-30 20:33:46 ----A---- C:\Windows\fdsv.exe
2009-01-30 20:33:25 ----D---- C:\ComboFix
2009-01-30 20:11:22 ----D---- C:\Windows\ERDNT
2009-01-30 20:11:22 ----D---- C:\Qoobox
2009-01-30 10:48:17 ----D---- C:\Users\Jay\AppData\Roaming\Malwarebytes
2009-01-30 10:48:03 ----D---- C:\ProgramData\Malwarebytes
2009-01-30 10:48:03 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-29 18:59:35 ----D---- C:\Program Files\trend micro
2009-01-29 18:59:16 ----D---- C:\rsit
2009-01-25 19:00:57 ----D---- C:\ProgramData\FLEXnet
2009-01-25 18:47:31 ----D---- C:\Program Files\Adobe Media Player
2009-01-25 18:45:28 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-01-25 18:43:35 ----D---- C:\Program Files\Common Files\Macrovision Shared
2009-01-24 18:17:41 ----D---- C:\ProgramData\Access Lock
2009-01-24 18:17:39 ----D---- C:\Program Files\Access Lock
2009-01-19 22:09:32 ----A---- C:\Windows\MegaManager.INI
2009-01-19 15:52:03 ----D---- C:\Users\Jay\AppData\Roaming\Megaupload
2009-01-19 14:25:26 ----D---- C:\Users\Jay\AppData\Roaming\GetGo Software
2009-01-19 14:25:16 ----D---- C:\Program Files\GetGo Software
2009-01-19 14:08:54 ----D---- C:\Users\Jay\AppData\Roaming\Desktopicon
2009-01-19 14:08:50 ----D---- C:\Program Files\VDOWNLOADER
2009-01-19 10:38:40 ----D---- C:\Users\Jay\AppData\Roaming\DivX
2009-01-19 10:30:31 ----D---- C:\Program Files\uTorrent
2009-01-19 10:30:23 ----D---- C:\Users\Jay\AppData\Roaming\uTorrent
2009-01-19 10:26:03 ----D---- C:\Program Files\Common Files\PX Storage Engine
2009-01-19 10:25:13 ----D---- C:\Program Files\DivX
2009-01-13 11:55:02 ----D---- C:\Users\Jay\AppData\Roaming\Notepad++
2009-01-13 11:55:02 ----D---- C:\Program Files\Notepad++
2009-01-11 18:03:07 ----A---- C:\Windows\system32\javaws.exe
2009-01-11 18:03:07 ----A---- C:\Windows\system32\javaw.exe
2009-01-11 18:03:07 ----A---- C:\Windows\system32\deploytk.dll
2009-01-11 18:03:05 ----A---- C:\Windows\system32\java.exe
2009-01-01 18:04:28 ----D---- C:\Users\Jay\AppData\Roaming\Yahoo!
2009-01-01 18:04:28 ----D---- C:\ProgramData\Yahoo! Companion
2009-01-01 18:01:32 ----D---- C:\ProgramData\Yahoo!

======List of files/folders modified in the last 1 months======

2009-01-30 20:59:33 ----D---- C:\Windows\Temp
2009-01-30 20:43:23 ----D---- C:\Windows\system32\en-US
2009-01-30 20:43:23 ----D---- C:\Windows\System32
2009-01-30 20:43:19 ----D---- C:\Windows
2009-01-30 20:36:47 ----A---- C:\Windows\system.ini
2009-01-30 20:34:45 ----D---- C:\Windows\Prefetch
2009-01-30 20:34:28 ----SHD---- C:\System Volume Information
2009-01-30 20:13:38 ----D---- C:\ProgramData\Google Updater
2009-01-30 20:11:18 ----D---- C:\Windows\system32\drivers
2009-01-30 19:39:09 ----AD---- C:\ProgramData\TEMP
2009-01-30 16:21:31 ----D---- C:\Users\Jay\AppData\Roaming\Adobe
2009-01-30 16:17:03 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-30 16:10:44 ----SHD---- C:\Windows\Installer
2009-01-30 16:07:32 ----D---- C:\Program Files\Common Files\Adobe
2009-01-30 16:06:19 ----D---- C:\Windows\winsxs
2009-01-30 16:06:02 ----D---- C:\ProgramData\Adobe
2009-01-30 16:05:40 ----RSD---- C:\Windows\Fonts
2009-01-30 16:01:27 ----D---- C:\Program Files\Adobe
2009-01-30 11:01:35 ----SD---- C:\Windows\Downloaded Program Files
2009-01-30 10:51:21 ----D---- C:\Program Files\Spyware Doctor
2009-01-30 10:48:03 ----RD---- C:\Program Files
2009-01-30 10:48:03 ----HD---- C:\ProgramData
2009-01-29 20:17:16 ----D---- C:\Windows\inf
2009-01-29 20:17:16 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-01-25 18:45:28 ----D---- C:\Program Files\Common Files
2009-01-22 10:26:55 ----D---- C:\Users\Jay\AppData\Roaming\OpenOffice.org2
2009-01-19 22:19:35 ----D---- C:\ProgramData\Symantec
2009-01-19 16:16:34 ----D---- C:\Users\Jay\AppData\Roaming\Orbit
2009-01-19 15:20:31 ----D---- C:\Program Files\QuickMediaConverter
2009-01-19 15:19:34 ----D---- C:\Downloads
2009-01-19 14:25:21 ----D---- C:\Program Files\Mozilla Firefox
2009-01-18 12:37:30 ----D---- C:\Windows\system32\catroot2
2009-01-12 17:54:53 ----RD---- C:\PortableApps
2009-01-11 18:02:01 ----D---- C:\Program Files\Java
2009-01-06 09:15:29 ----D---- C:\Program Files\Symantec
2009-01-03 18:23:00 ----D---- C:\Program Files\Yahoo!
2009-01-03 18:20:56 ----D---- C:\Users\Jay\AppData\Roaming\Google
2009-01-03 17:52:56 ----D---- C:\Program Files\Mozilla Thunderbird
2009-01-01 18:01:17 ----D---- C:\Program Files\Common Files\microsoft shared

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2008-09-02 371248]
R1 IDSvix86;Symantec Intrusion Prevention Driver; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs \20090129.001\IDSvix86.sys [2008-09-12 270384]
R1 IKSysFlt;System Filter Driver; C:\Windows\system32\drivers\iksysflt.sys [2008-11-03 66952]
R1 IKSysSec;System Security Driver; C:\Windows\system32\drivers\iksyssec.sys [2008-11-03 81288]
R1 PQNTDrv;PQNTDrv; C:\Windows\system32\drivers\PQNTDrv.sys [2004-05-05 4228]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2007-08-07 33052]
R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2007-11-30 43696]
R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2007-01-09 191544]
R2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 76584]
R2 nmsgopro;GoProto Protocol Driver for NMS; C:\Windows\system32\DRIVERS\nmsgopro.sys [2006-09-27 28672]
R2 nmsunidr;UniDriver for NMS; C:\Windows\system32\DRIVERS\nmsunidr.sys [2006-10-19 7424]
R3 CXRAPTOR;MPC718 Video Capture ; C:\Windows\system32\drivers\yuanrap.sys [2007-03-07 146176]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2007-01-30 214912]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-02 99376]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-08-24 1899008]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-02-14 1740904]
R3 IntelDH;IntelDH Driver; C:\Windows\System32\Drivers\IntelDH.sys [2007-10-04 5504]
R3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\2009013 0.003\NAVENG.SYS [2008-11-11 89104]
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\2009013 0.003\NAVEX15.SYS [2008-11-11 876112]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2007-04-14 6144]
R3 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2007-11-30 279088]
R3 SYMDNS;SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [2007-01-09 12984]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2009-01-06 124464]
R3 SYMFW;SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [2007-01-09 145976]
R3 SYMIDS;SYMIDS; C:\Windows\System32\Drivers\SYMIDS.SYS [2007-01-09 40120]
R3 SYMNDISV;SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [2007-01-09 38200]
R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2007-01-09 27576]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CVirtA;Cisco Systems VPN Adapter; C:\Windows\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2008-11-16 25280]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2008-05-22 47360]
S3 SDDMI2;SDDMI2; \??\C:\Windows\system32\DDMI2.sys []
S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [2007-04-14 418104]
S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2007-11-30 317616]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\Windows\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\Windows\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336]
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\Windows\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000]
S3 TSHWMDTCP;TSHWMDTCP; \??\C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys [2006-11-18 18904]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcerMemUsageCheckService;ePerformance Service; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [2006-12-30 28672]
R2 AlertService;Intel(R) Alert Service; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [2006-11-18 195032]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-12 554352]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ccEvtMgr;ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-10 108648]
R2 ccSetMgr;ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-10 108648]
R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-10 108648]
R2 DQLWinService;DQLWinService; C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.e xe [2006-10-29 208896]
R2 eDataSecurity Service;eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [2007-02-07 457512]
R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-01-31 53248]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-10 168432]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2006-11-15 81920]
R2 ISSM;Intel(R) Software Services Manager; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [2006-11-18 81880]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-15 61440]
R2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-10 108648]
R2 M1 Server;Intel(R) Viiv(TM) Media Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [2006-11-18 32216]
R2 MCLServiceATL;Intel(R) Application Tracker; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [2006-11-18 174552]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
R2 Remote UI Service;Intel(R) Remoting Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [2006-11-18 550872]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-11-03 1079176]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2006-11-02 22016]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
R3 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-01-23 1251720]
R3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragS ervice.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2008-10-04 355584]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
S3 comHost;COM Host; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2007-01-13 49248]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-01-25 655624]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-12 2999664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-09-20 382248]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 msvsmon90;Visual Studio 2008 Remote Debugger; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2007-11-07 3004416]
S4 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 853288]

-----------------EOF-----------------
  #14  
Old 30th Jan 2009, 14:15
Moderator Group
  
Default Think my desktop PC been infected by bugs/viruses! Any help?

Quote:
Norton 360 *On-access scanning disabled* (Outdated)
Do you need a new antivirus? There are many free solutions that are just as good as or even better as any paid.

Is there a reason you have MSCONFIG running at startup?
Quote:
O4 - HKLM\..\Run: [MSConfig] \"C:\Windows\system32\msconfig.exe\" /auto
.

Everything else looks OK. I do see a lot of P2P/File Sharing software. These should be used with extreme caution.

Quote:
Your log(s) show that you are using so called peer-to-peer or file-sharing programs.

These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files.
A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care.
Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology
__________________
  #15  
Old 31st Jan 2009, 03:48
Member Group
  
Default Think my desktop PC been infected by bugs/viruses! Any help?

In terms of Norton 360 i think it works, from time to time it scans for viruses. I think it says disabled because you told me to disable any anti-virus software before running Combofix.

I dont know how to stop MSCONFIG running at startup.

Yes i know i have a lot of File Sharing Peer to Peer programs. You think i should remove all them?

What should i do now? If the Norton is really outdated, what other anti-virus software i can get that is good? Kaspersky? I heard thats good?
  #16  
Old 31st Jan 2009, 10:44
Moderator Group
  
Default Think my desktop PC been infected by bugs/viruses! Any help?

Actually it says disabled* and (Outdated)

I think it would be wise to go ahead and uninstall the old Norton stuff and get some new FREE antivirus and also a good FREE firewall. That way you will never have to worry about being outdated and vulnerable to malware.

Step 1:

To completely remove Norton/Symantec go to add remove programs and uninstall: (they might not all be listed)
  • LiveUpdate 3.2 (Symantec Corporation)
  • LiveUpdate Notice (Symantec Corporation)
  • Norton 360 (Symantec Corporation)
  • Norton 360 Help
  • Norton 360
  • Norton 360
  • Norton 360
  • Norton 360
  • Norton Confidential Browser Component
  • Norton Confidential Web Authentification Component
  • Norton Confidential Web Protection Component
  • Symantec Technical Support Controls
Download the Norton Removal Tool (SymNRT) to your Desktop.

Once downloaded please close ALL open browsers, also save any work because this may require a restart.
  • Go to your desktop and double click on the removal tool and then click Setup.
  • Once open Click Next
  • Accept the license agreement and click Next
  • Type in the letters/numbers that you see into the text box then click Next.
  • Then click Next and the tool will start running.
  • Once finished restart the PC and run the tool again to ensure everything has been removed.
  • Delete Nortonremoval tool from your Desktop.
----------

Step 2:

Personally I use Avast. It's as good as or better than any paid software. All 3 of these are very good though.

Remember to only install one antivirus!

1) Avast! Home Free Edition
2) AVG Free Edition
3) Avira AntiVir Personal

----------

Step 3:

Remember only install ONE firewall

1) Comodo (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
2) Online Armor
3) Sunbelt/Kerio
4) Agnitum
5) PC Tools Firewall Plus

----------

Step 4:

Open HijackThis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

O4 - HKLM\..\Run: [MSConfig] \"C:\Windows\system32\msconfig.exe\" /auto

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

Run CCleaner and restart the computer.

----------

Step 5:

Now lets make sure nothing is hiding.

Use the ESET Online Antivirus Scanner

This scanner requires Internet Explorer

1. Check the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the activex control to install
4. Click Start
5. Make sure that the option Remove found threats and the option Scan unwanted applications is check marked.
6. Click Scan
7. Wait for the scan to finish
8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
9. Add the C:\Program Files\EsetOnlineScanner\log.txt log into your next reply.
__________________
  #17  
Old 1st Feb 2009, 07:39
Member Group
  
Default Think my desktop PC been infected by bugs/viruses! Any help?

OK now I've done all steps up to step 5 and can't do the ESET Online Scanner.

Given me the error message: "Error: Cannot initialize; due to administrator rights privilege"
  #18  
Old 1st Feb 2009, 11:24
Moderator Group
  
Default Think my desktop PC been infected by bugs/viruses! Any help?

Close all browsers. Right click on Internet Explorer and choose Run as Administrator. You should be able to run the scan now.
__________________
  #19  
Old 1st Feb 2009, 15:47
Member Group
  
Default Think my desktop PC been infected by bugs/viruses! Any help?

Hi i have now finished everything:

Heres the log..

Quote:
# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3816 (20090201)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=d6df53648eae19439ef3bad2c4d13f26
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-02-01 09:34:58
# local_time=2009-02-01 09:34:58 (+0000, GMT Standard Time)
# country="United Kingdom"
# osver=6.0.6000 NT
# scanned=1339779
# found=0
# scan_time=6980
A few qs:

1) The hidden stuff still exists in some of my directories, can i now safely just delete them from my system?

2) See the ComboFix/Anti_Malware/HijackThis/Random systems you told me to dload etc... Do i need to keep them?

3) Does Avast/Comodo take up a lot of memory space to run?

Thanks
  #20  
Old 1st Feb 2009, 15:53
Moderator Group
  
Default Think my desktop PC been infected by bugs/viruses! Any help?

Quote:
1) The hidden stuff still exists in some of my directories, can i now safely just delete them from my system?
Hard to say. What 'stuff' are you talking about?

Quote:
2) See the ComboFix/Anti_Malware/HijackThis/Random systems you told me to dload etc... Do i need to keep them?
We will clean that up now.

Quote:
3) Does Avast/Comodo take up a lot of memory space to run?
Avast is low on resources. You will have to try Comodo to see how it does. Each computer will be a little different.

----------

Run these to clean up the tools we have used. You can delete any logs that are left over.
  • Click START then RUN
  • Now type Combofix /u in the runbox
  • Make sure there's a space between Combofix and /u
  • Then hit Enter.
  • The above procedure will:
  • Delete the following:
  • ComboFix and its associated files and folders.
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Set a new, clean Restore Point.

----------

Download ATF Cleaner by Atribune to your Desktop.

Alternate download link

Note: Vista users must use Run As Administrator
  • Under Main: Select Files to Delete choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords click No at the prompt.
  • Click Exit on the Main menu to close the program.

Note that your system will run slower for a reboot or two after having used this tool so don't panic.

----------

Download OTCleanIt.exe and save it to your Desktop.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it yourself.

Important: Restart the computer before continuing.
__________________
Reply
Page 2 of 3 1 2 3

Register
Thread Tools



Arabic Bulgarian Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Thai Turkish Ukrainian

Copyright ©2006 - 2009 Computer Juice.
Contact - Privacy - Sitemap - Top

Powered by vBulletin® Copyright ©2000 - 2009 Jelsoft Enterprises Ltd. SEO by vBSEO ©2009, Crawlability, Inc.