help with worm & trojan
-
help with worm & trojan
I have tried my best to follow instructions on a hijack this log but as my computer keeps turning off and spybot wont run i have only managed to do the adaware but have customised it like you have asked.
For the past few days i noticed my pc would reboot no matter what i was doing and then it wouldnt boot at all so today i got the BSOD unmountable boot volume so have done a xp repair with a xp disc and have just ran spybot but it will not run through a complete scan the pc just turns off.
Please help here is my log file.
Logfile of HijackThis v1.99.1
Scan saved at 23:10:01, on 04/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\Go ogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN\MSNCoreFiles\msn6.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by blueyonder
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Workflow] D:\Workflow.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtim e.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\Go ogleToolbarNotifier.exe
O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: R-Wipe&Clean.lnk = ?
O4 - Global Startup: Uninstall R-Wipe&Clean.lnk = C:\Program Files\R-Wipe&Clean\unins000.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?cae7ccfd238b4b899008d89d1252ca22
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?cae7ccfd238b4b899008d89d1252ca22
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\sam\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://www.imagestation.com/common/c...b?ver=1,1,0,32
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...4/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.co...haringctrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1162479517223
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab32846.cab
O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} (Image Uploader 3.0 Control) - http://www.asda-photo.co.uk/wpp/asda...pcuploader.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.telewest.co.uk/motive/fil...ivePreQual.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/dim2/def...ploader_v6.cab
O16 - DPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} - http://www.clickteam.com/vitalize3/vitalize.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - http://download.mcafee.com/molbin/is...06/mcfscan.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe
-
Just a quick update as my pc keeps turning off i have turned it on this morning to find the bios screen stating somewhere along the lines of my cpu has changed or a new cpu boots at 66mhz and to ensure the cpu doesnt hang i need to restart and adjust the cpu internal frequency also my time and date had changed to 1st Jan 2000.
-
Welcome, sounds difficult, is your fan running?
1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
* Doubleclick the drweb-cureit.exe file and Allow to run the express scan
* This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
* Once the short scan has finished, mark the drives that you want to scan.
* Select all drives. A red dot shows which drives have been chosen.
* Click the green arrow at the right, and the scan will start.
* Click 'Yes to all' if it asks if you want to cure/move the file.
* When the scan has finished, look if you can click next icon next to the files found: 
* If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
* After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
* Save the report to your desktop. The report will be called DrWeb.csv
* Close Dr.Web Cureit.
* Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
* After reboot, post the contents of the log from Dr.Web you saved previously in your next reply. You can use Notepad to open the DrWeb.cvs report.
-
Here is the first part you asked for.
sam - 07-01-07 16:54:21.02 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\sam\Desktop"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\winupdates
((((((((((((((((((((((((((((((( Files Created from 2006-12-07 to 2007-01-07 ))))))))))))))))))))))))))))))))))
2007-01-05 15:23 <DIR> dr-h-c--- C:\Documents and Settings\sam\Recent
2007-01-04 23:07 <DIR> d-------- C:\Program Files\HijackThis
2007-01-04 19:49 <DIR> d-------- C:\Program Files\CCleaner
2006-12-15 09:23 <DIR> d-------- C:\Program Files\Puppy Luv
2006-12-12 16:53 <DIR> d-------- C:\Program Files\Virtual Villagers
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )))
2007-01-04 23:23 -------- d-------- C:\Program Files\Mozilla Firefox
2007-01-04 22:11 -------- d----c--- C:\Documents and Settings\sam\Application Data\Lavasoft
2007-01-04 22:11 -------- d-------- C:\Program Files\Lavasoft
2007-01-04 20:09 -------- d-------- C:\Program Files\R-Wipe&Clean
2007-01-04 19:57 -------- d---sc--- C:\Documents and Settings\sam\Application Data\Microsoft
2007-01-04 19:57 -------- d-------- C:\Program Files\Macrogaming
2007-01-02 16:44 -------- d-------- C:\Documents and Settings\sam\Application Data\R-Wipe&Clean
2007-01-02 16:37 -------- d-------- C:\Program Files\DivX
2006-12-27 17:06 -------- d-------- C:\Program Files\Lx_cats
2006-12-15 08:42 -------- d-------- C:\Program Files\MSN Messenger
2006-12-03 19:04 48424 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-12-01 16:20 -------- d----c--- C:\Documents and Settings\sam\Application Data\Adobe
2006-12-01 16:19 -------- d-------- C:\Program Files\Common Files\Adobe
2006-11-30 13:04 -------- d-------- C:\Program Files\Trymedia
2006-11-27 11:37 -------- d-------- C:\Program Files\Common Files
2006-11-26 20:24 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-21 18:10 -------- d-------- C:\Program Files\Ulead Systems
2006-11-21 18:09 -------- d-------- C:\Program Files\mdsc4m
2006-11-20 21:01 -------- d-------- C:\Program Files\Google
2006-11-20 18:44 -------- d-------- C:\Program Files\There
2006-11-20 16:29 -------- d-------- C:\Program Files\Windows Live Toolbar
2006-11-20 16:29 -------- d-------- C:\Program Files\Windows Live Favorites
2006-11-20 16:25 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-11-15 13:08 -------- d-------- C:\Program Files\Electronic Arts
2006-11-15 13:03 -------- d-------- C:\Program Files\Maxis
2006-11-13 19:32 -------- d-------- C:\Program Files\Grisoft
2006-11-08 09:56 -------- d-------- C:\Program Files\Java
2006-11-08 09:54 -------- d-------- C:\Program Files\Common Files\Java
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run]
"msnmsgr"="~\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"SweetIM"="C:\\Program Files\\Macrogaming\\SweetIM\\SweetIM.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.6962 \\GoogleToolbarNotifier.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run]
"Workflow"="D:\\Workflow.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc. exe /STARTUP"
"LXCFCATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\ LXCFtime.dll,_RunDLLEntry@16"
"zBrowser Launcher"="C:\\Program Files\\Logitech\\iTouch\\iTouch.exe"
"SweetIM"="C:\\Program Files\\Macrogaming\\SweetIM\\SweetIM.exe"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="http://www.msndollies.com/files/15984.gif"
"SubscribedURL"="http://www.msndollies.com/files/15984.gif"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,52,01,00,00,23,00,00,00 ,7c,00,00,00,72,00,00,00,e8,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00 ,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,12,03,00,00,17 ,01,00,00,1c,00,00,00,1e,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:14,6d,d9,04,41,c0,b4,74,70 ,f2,f3,02,68,de,d9,04,20,6d,\
d9,04,c4,7e,00,00
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="http://www.tolle-geschenke.com/images/products/1%20AW-Winnie%20Pooh.picnic.jpg"
"SubscribedURL"="http://www.tolle-geschenke.com/images/products/1%20AW-Winnie%20Pooh.picnic.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,12,02,00,00,17,01,00,00 ,d8,00,00,00,96,00,00,00,ea,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00 ,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,12,02,00,00,17 ,01,00,00,d8,00,00,00,96,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:14,6d,ef,02,41,c0,b4,74,98 ,c3,4c,02,68,de,ef,02,20,6d,\
ef,02,8a,4b,00,00
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
"Source"="http://smg.photobucket.com/albums/v212/samaaronshenise/th_CIMG0005.jpg"
"SubscribedURL"="http://smg.photobucket.com/albums/v212/samaaronshenise/th_CIMG0005.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,12,01,00,00,23,00,00,00 ,a0,00,00,00,78,00,00,00,ec,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00 ,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,12,01,00,00,23 ,00,00,00,a0,00,00,00,78,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:14,6d,db,02,41,c0,b4,74,b0 ,b9,1f,03,68,de,db,02,20,6d,\
db,02,07,3d,00,00
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\3]
"Source"="http://www.thesims2.co.uk/images/products/screenshots/1202-SIMS2pcSCRNpopularitynew1.jpg"
"SubscribedURL"="http://www.thesims2.co.uk/images/products/screenshots/1202-SIMS2pcSCRNpopularitynew1.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,48,ff,ff,ff,3a,00,00,00 ,6a,04,00,00,e5,03,00,00,ee,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00 ,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,12,01,00,00,17 ,01,00,00,69,04,00,00,2f,03,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,86,ff,ff,ff,0b ,00,00,00,69,04,00,00,e7,03,\
00,00,01,00,00,40
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\4]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,01,00,00,00 ,34,03,00,00,dd,02,00,00,f0,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00 ,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00 ,00,00,00,34,03,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00 ,00,00,00,34,03,00,00,e2,02,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\System32\\CTFMON.EX E"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw. exe /RUNONCE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\System32\\CTFMON.EX E"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw. exe /RUNONCE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\polic ies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0\\bin\\jusched.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
Completion time: 07-01-07 16
15.78
C:\ComboFix.txt ... 07-01-07 16:56
-
I have ran the Drweb and it said i didnt have any viruses so does this mean i'm cured as in the last couple of days i have ran spybot and adaware with system restore off and had quarantined then deleted everything and on the final scan nothing was showing and my computer has been behaving and so far hasnt turned off or rebooted.
-
If you think it is ok turn system restore back on and surf for a day or two and if all is ok I will have some prevention and free tools for your consideration.
-
I think i have jinxed myself i read your post and turned my system restore back on and ran an avg virus scan and soon after my computer turned off and when i tried my reboot nothing happened it was as if there were no power at all so i turned everything off by the power socket and then turned it back on where i got the you have changed your cpu frequency and it asks me to turn it off and then back on to change my frequency.
-
My sincere apologies for not reading instructions properly i had only ran a short scan before thats whay it picked up no viruses
I have since ran a complete scan and its picked up 3 these are down to my lovely children downloading games when i continually tell them not to so here is my saved dr web report
FBearsBirthday-dm[1].exe;C:\Downloads;Adware.TryMedia;Incurable.Moved. ;
RollerCoasterTycoon2-dm[1].exe;C:\Downloads;Adware.TryMedia;Incurable.Moved. ;
RollerCoasterTycoon2Setup-dm[1].exe;C:\Downloads;Adware.TryMedia;Incurable.Moved. ;
Look forward to hearing from you.
-
Any better?
Just so you will know it is always best to leave system restore alone until the very last step as anything in there can be flushed by turning it off then back on.
-
Hi i would like to firstly thanks you for all your help so far but i'm afraid my computer has just turned off on me again and after unpugging it as it wouldnt power until i did i got the bios screen stating my cpu frequency needed changing again and the date had changed back to jan 1 2000 do you think this is a faulty cmos battery and if so where would i buy one from and would it be easy for me to replace and roughly how much are these.
Thanks.
