Fixed: Virus again

MorgothErmis · 10-24-2008

Hello all
I've been troubled lately from a virus I got from - God knows where, and of course avast finds nothing, as usual.

The virus slows my PC down after a while of using it actively , and renders use of any programs unavailable. For example when I try to open win messenger, it says "dll error" its like someone deleted my system 32 folder , but when I reboot it's ok. So I know it's a virus.

So I know it's a virus.

Yes I know this seems childish, but I believe I am right.

Apart from that, when I do get to reboot properly, it immediately tries to close a program called "scratch". I am thinking this one is at fault. I tried searching for such a file/folder in both my three hard drives with no luck.

Any clues on how to clean my poor vulnerable PC from this virus?
I have avast antivirus and zonealarm firewall. (both free versions)

Any help will be gladly accepted.

Here's a bird for your entertainment (and making this thread look better)
:4-dontkno

Crush · 10-24-2008

Can you please complete the prework link in my signature, then come back and post the requested logs? Once those logs are here it will help me assist you in getting your computer back to its old self once more.

If you have any questions feel free to post here or shoot me a PM

Regards,
Crush

MorgothErmis · 10-25-2008

Originally Posted by Crush

Can you please complete the prework link in my signature, then come back and post the requested logs? Once those logs are here it will help me assist you in getting your computer back to its old self once more.

If you have any questions feel free to post here or shoot me a PM

Regards,
Crush

Good evening.
I did the prework and here's what the log says :

Malwarebytes' Anti-Malware 1.30
Database version: 1316
Windows 5.1.2600 Service Pack 3

10/25/2008 12:51:45 PM
mbam-log-2008-10-25 (12-51-45).txt

Scan type: Quick Scan
Objects scanned: 50898
Time elapsed: 6 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Originally Posted by Hijack this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:56:46 PM, on 10/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Intel\IntelDH\CCU\AlertService.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS\eHome\ehRecvr.exe
D:\WINDOWS\eHome\ehSched.exe
D:\Program Files\Google\Update\GoogleUpdate.exe
D:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
D:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
D:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
D:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
D:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\system32\dllhost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\ehome\ehtray.exe
D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
D:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
D:\WINDOWS\eHome\ehmsas.exe
D:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
D:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
D:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
D:\WINDOWS\vsnpstd3.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\morgoth\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - D:\Program Files\Google\Google Gears\Internet Explorer\0.4.24.0\gears.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - D:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - D:\Program Files\BS.Player ControlBar\BSToolbar.dll
O4 - HKLM\..\Run: [ehTray] D:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] D:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [CCUTRAYICON] D:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [NMSSupport] "D:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] D:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] D:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM] "D:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [snpstd3] D:\WINDOWS\vsnpstd3.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "c:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - D:\Program Files\Google\Google Gears\Internet Explorer\0.4.24.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - D:\Program Files\Google\Google Gears\Internet Explorer\0.4.24.0\gears.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab3.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O23 - Service: Intel(R) Alert Service (AlertService) - Intel Corporation - D:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - D:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Google Update Service (gupdate1c91d89aa017b9e) (gupdate1c91d89aa017b9e) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - D:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel Corporation - D:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: IviRegMgr - InterVideo - D:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - D:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel Corporation - D:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - D:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel Corporation - D:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - c:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10419 bytes

If there is anything else I must do that I didn't, please tell me

Crush · 10-25-2008

Looks clean to me. Could you post the error message you get upon opening messenger?

MorgothErmis · 10-25-2008

i performed a full scan and it found one virus, some "zango" toolbar thing I had downloaded.
I hope that fixed it
thanks anyhow

10-24-2008	#1
MorgothErmis Bronze Member Join Date: Oct 2006 Posts: 7	Virus again Hello all I've been troubled lately from a virus I got from - God knows where, and of course avast finds nothing, as usual. The virus slows my PC down after a while of using it actively , and renders use of any programs unavailable. For example when I try to open win messenger, it says "dll error" its like someone deleted my system 32 folder , but when I reboot it's ok. So I know it's a virus. So I know it's a virus. Yes I know this seems childish, but I believe I am right. Apart from that, when I do get to reboot properly, it immediately tries to close a program called "scratch". I am thinking this one is at fault. I tried searching for such a file/folder in both my three hard drives with no luck. Any clues on how to clean my poor vulnerable PC from this virus? I have avast antivirus and zonealarm firewall. (both free versions) Any help will be gladly accepted. Here's a bird for your entertainment (and making this thread look better) :4-dontkno

10-24-2008	#2
Crush PC Security Analyst Join Date: Sep 2008 Location: Caldwell, New Jersey Posts: 10,103 PC Experience: Always Learning New Things	Re: Virus again Can you please complete the prework link in my signature, then come back and post the requested logs? Once those logs are here it will help me assist you in getting your computer back to its old self once more. If you have any questions feel free to post here or shoot me a PM Regards, Crush __________________ Crush aka Chris [Prework][Afterwork][PCHF Rules][BSOD's][SFC][Screenshots][PC Specs][Donate] I am in fact, quite cool. My graphing calculator confirms this

10-25-2008	#3
MorgothErmis Bronze Member Join Date: Oct 2006 Posts: 7	Re: Virus again Originally Posted by Crush Can you please complete the prework link in my signature, then come back and post the requested logs? Once those logs are here it will help me assist you in getting your computer back to its old self once more. If you have any questions feel free to post here or shoot me a PM Regards, Crush Good evening. I did the prework and here's what the log says : Malwarebytes' Anti-Malware 1.30 Database version: 1316 Windows 5.1.2600 Service Pack 3 10/25/2008 12:51:45 PM mbam-log-2008-10-25 (12-51-45).txt Scan type: Quick Scan Objects scanned: 50898 Time elapsed: 6 minute(s), 42 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Originally Posted by Hijack this Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:56:46 PM, on 10/25/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Intel\IntelDH\CCU\AlertService.exe D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe D:\Program Files\Bonjour\mDNSResponder.exe D:\WINDOWS\eHome\ehRecvr.exe D:\WINDOWS\eHome\ehSched.exe D:\Program Files\Google\Update\GoogleUpdate.exe D:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe D:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe D:\WINDOWS\system32\nvsvc32.exe c:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe D:\WINDOWS\system32\svchost.exe D:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe D:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe D:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe D:\WINDOWS\system32\dllhost.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\ehome\ehtray.exe D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe D:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe D:\WINDOWS\eHome\ehmsas.exe D:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe D:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe D:\WINDOWS\RTHDCPL.EXE D:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe D:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe D:\Program Files\Winamp\winampa.exe C:\Program Files\iTunes\iTunesHelper.exe D:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe D:\WINDOWS\vsnpstd3.exe C:\Program Files\DAEMON Tools Lite\daemon.exe D:\WINDOWS\system32\ctfmon.exe D:\Program Files\iPod\bin\iPodService.exe D:\Program Files\Mozilla Firefox\firefox.exe D:\Documents and Settings\morgoth\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - D:\Program Files\Google\Google Gears\Internet Explorer\0.4.24.0\gears.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - D:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - D:\Program Files\BS.Player ControlBar\BSToolbar.dll O4 - HKLM\..\Run: [ehTray] D:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [IAAnotif] D:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe O4 - HKLM\..\Run: [CCUTRAYICON] D:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe O4 - HKLM\..\Run: [NMSSupport] "D:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [IMEKRMIG6.1] D:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] D:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ISUSPM] "D:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKLM\..\Run: [snpstd3] D:\WINDOWS\vsnpstd3.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe O4 - HKCU\..\Run: [AlcoholAutomount] "c:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - D:\Program Files\Google\Google Gears\Internet Explorer\0.4.24.0\gears.dll O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - D:\Program Files\Google\Google Gears\Internet Explorer\0.4.24.0\gears.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab3.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O23 - Service: Intel(R) Alert Service (AlertService) - Intel Corporation - D:\Program Files\Intel\IntelDH\CCU\AlertService.exe O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - D:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe O23 - Service: Google Update Service (gupdate1c91d89aa017b9e) (gupdate1c91d89aa017b9e) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - D:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel Corporation - D:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe O23 - Service: IviRegMgr - InterVideo - D:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - D:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel Corporation - D:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe O23 - Service: PCLEPCI - Pinnacle Systems GmbH - D:\WINDOWS\system32\drivers\pclepci.sys O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel Corporation - D:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - c:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 10419 bytes If there is anything else I must do that I didn't, please tell me

10-25-2008	#4
Crush PC Security Analyst Join Date: Sep 2008 Location: Caldwell, New Jersey Posts: 10,103 PC Experience: Always Learning New Things	Re: Virus again Looks clean to me. Could you post the error message you get upon opening messenger? __________________ Crush aka Chris [Prework][Afterwork][PCHF Rules][BSOD's][SFC][Screenshots][PC Specs][Donate] I am in fact, quite cool. My graphing calculator confirms this

10-25-2008	#5
MorgothErmis Bronze Member Join Date: Oct 2006 Posts: 7	Re: Virus again i performed a full scan and it found one virus, some "zango" toolbar thing I had downloaded. I hope that fixed it thanks anyhow

Similar discussions...
Thread	Thread Starter	Forum	Replies	Last Post
virus help	Budboys	[Pending] HJT Logs	2	04-03-2009 07:42 AM
Pending: Virus won't let me open or run any anti-virus	luna	[Pending] HJT Logs	8	04-02-2009 06:11 AM
Answered: virus question about win32.ctx virus	Chucky3008	Spyware / AdWare	1	12-15-2007 06:19 PM
What virus is this?	ash182	Windows XP/2000	9	01-27-2006 03:01 PM
[Fixed] Norton Anti virus won't remove virus	kloud	Anti-Virus	3	01-21-2005 10:42 AM

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode