Help! Virus on Laptop

J

Jinny

New Member
Sorry for long first post!!!

I got a 2004, Dell Latitude D400 laptop, to use while I am stuck in bed unable to sit up for a while. It was given to me by a friend a few months ago, who got it from another friend. He has no disks available for this laptop.

I'm running Windows XP - Version 2002 Service Pack 2.
Mozilla version 5.0 (Firefox 3.5.1)
I have on it AVIRA - Anti-Virus
Firewall
Malwarebytes
SpywareDoctor
Spybot
CCleaner

It had on it AVG 8.5, who picked up a Virus. I also had Norton Security Scan, so I downloaded Malwarebytes, and it found a Trojan Horse.Vundo virus. And also I had several tracking cookies. Moved everything to a virus vault.

I treated that as per instructions on the internet, got rid of AVG as I was told it isn't reliable, and also Norton Security Scan. Replaced it with Avira and Malware, and CCleaner

*AVG Scanned and moved things to Virus Vault
*Norton Scanned and done as instructed by on screen
*Run Malware scans in safe and unsafe modes (no more infections found)
*Run another AVG Full Scan
*Uninstalled AVG
*Uninstalled Norton Security Scan
*Installed Avira and CCleaner and
*Turned off System Restore
*Cleared Cookies
*Run CCleaner
*Run Avira Scan - in both Safe Mode and Normal Mode
*Re-run Malware - in both Safe Mode and Normal Mode
*Done Disk Defragment
*Bought a USB stick and lifted the few Word Docs and JPEGs I want to keep.
*Continued to clear cookies after every Firefox shutdown

Everything was coming up clear, and the machine was running faster.

Then went and installed Spybot-Search&Destroy as someone else said I should have it on here, its all slow again, and now tells me there was 'an important change to the registry' and would I allow changes? Do I? :confused:

Then - Avira Scan comes up with 11 hidden objects and 1 warning (something about unable to check a windows file?), I don't know what to do about these - much less what they are?

Then next thing comes up is Spyware Doctor pops up and says there are 22 viruses - 8 Viruses and some Adware things - I have removed these things...I think.

Its taken me 3 days - Anything I can do? Is it Game Over for the laptop?

Please note - I am COMPLETELY I.T. ILLITERATE! The last 3 days have been a crash course in computing for me, but right now I am just frustrated and upset and don't know what to do next.
 
Last edited:
Well... From what you've said there seems to be a lot of malware cleaners, viruses and God knows what on it. At that point, I'd just say you have to reformat it; wipe the drive clean. Maybe a friend has an XP CD he can give you or something? You might have to just buy one and take the hit. :|
 
:( So you think it can't be saved without doing that?

The only reason there is so many thingys on it - is that I have been reading internet websites, and as I can't find a 'Total Dummies' guide on what to do, I just followed all the references I could find, and then picked the most highly reccommended ones.... is that a bad thing? Should I take some off? Will it actually make a difference, and how can I stop thing happening to me again?

I really haven't a clue what to do as you can tell. Lol - all I know is being stuck in bed, in a room, where the only entertainment is a walkman, or books, sucks. My laptop provided a much needed lifeline, and one I'm keen to rescue.

I haven't emailed or done anything major on this in the last week. When sending just a standard email with no attachments, or using messengers like googlechat, or MSN, can I infect others now too?
 
Well it's not necessarily a bad thing. Too many programs can slow your computer down tremendously. There really isn't a need for that many anyway. To prevent this from happening again, I would recommend AVAST free edition. It's very good (free!) just got to www.avast.com to get it. It will prevent a lot of things, but it's mainly of what you do on the internet and what you download. You really have to be cautious as to what you download on the internet and as to who you can trust.

You can't infect others by chatting or sending an email, however if you send a file to your friend from your computer, there is a chance that the file could be infected, but servers and email providers now days are pretty good at not letting you send things that are infected (things that the servers and email providers pick up on). They also scan it first. Try downloading malwarebytes http://download.cnet.com/3001-8022_4-10804572.html?spi=f41cb31ae5ed37111d4e6eb83e5c63af&part=dl-10804572 and scan.
 
Last edited:
OK - done the logs thing.
________________________________
Malware says:

Mbam-log-2009-08-01 (16-46-14).txt

Malwarebytes' Anti-Malware 1.39
Database version: 2530
Windows 5.1.2600 Service Pack 3

01/08/2009 16:46:14
mbam-log-2009-08-01 (16-46-14).txt

Scan type: Full Scan (C:\|)
Objects scanned: 130068
Time elapsed: 41 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)





__________________________________

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:37:13, on 02/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1094251794681
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c9d647416bd320) (gupdate1c9d647416bd320) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8783 bytes
 
I'm so utterly confused. Someone who used to work on an IT helpline, told me last night to install ZoneAlarm too, so that you have to grant permission to everything, and he said don't say yes to anything I don't know what it is. So got that too now - but it keeps asking me to allow things - and to be honest - I recognised Google - but not something called Bonjour Service, or something with Java in it or a million other things - so now am worried that Im screwing things up even more by denying them.

So on top of all that I've added HijackThis as advised here. Friend last night also told me to get rid of Spyware Doctor, and Firewall as it will slow everything down. Haven't done this yet as I am completely lost with all this. I did put Avast on here too at one point - but it seemed soooo confusing to me, when the log came up and wasn't at all clear to use for a computer dimwit like me, and everything slowed right down so badly - I took it off again and things went up a gear again.

I guess by researching I have done the equivelent of standing in the middle of a busy high street and yelled "What is the best make of car" because everyone will give their own personal preference...there is no definative answer. At least I find Avira's display easy to read - shame it doesn't come with an idiots guide glossary.

My laptop took around 20mins+ to allow me to get on the internet today, and my poor lappy is making weird grinding sounds while it thinks. Lots of Not Responding waiting patches on the internet too.

Im so confused - So many people and friends, are saying install different programmes because they are the best, so I'm installing them all in hope to get somewhere. Avira now tells me that I have one warning and 11 Hidden Items, but I haven't a clue what they are or what they mean.

The only one 4 people now, have told me is that I am safe to use googlemail email now, as long as I don't send attachments until I've resolved this. YAY !!!!

I wasn't aware I'd downloaded anything, haven't opened unknown emails - only thing I did do was use Skype with a friend who last night told me she had a TrojanHorse Virus as few days ago. Mine first showed up under a AVG scan as a Ipod address - which is strange as I don't own an ipod and don't have itunes on here. Things went downhill from there. :(

Thanks for all your help, time and patience.
 
Avira Log:


Avira AntiVir Personal
Report file date: 01 August 2009 17:52

Scanning for 1584543 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : COMPUTER-BRHV87

Version information:
BUILD.DAT : 9.0.0.403 17961 Bytes 6/3/2009 17:05:00
AVSCAN.EXE : 9.0.3.6 466689 Bytes 5/11/2009 09:14:47
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 10:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 11:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 10:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 12:30:36
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 6/24/2009 20:01:42
ANTIVIR2.VDF : 7.1.4.253 1779200 Bytes 7/19/2009 20:01:52
ANTIVIR3.VDF : 7.1.5.57 445952 Bytes 7/31/2009 20:01:55
Engineversion : 8.2.0.238
AEVDF.DLL : 8.1.1.1 106868 Bytes 4/30/2009 11:52:04
AESCRIPT.DLL : 8.1.2.22 450938 Bytes 7/31/2009 20:02:06
AESCN.DLL : 8.1.2.4 127348 Bytes 7/31/2009 20:02:05
AERDL.DLL : 8.1.2.4 430452 Bytes 7/31/2009 20:02:04
AEPACK.DLL : 8.1.3.18 401783 Bytes 5/27/2009 16:07:20
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 7/31/2009 20:02:03
AEHEUR.DLL : 8.1.0.147 1884536 Bytes 7/31/2009 20:02:02
AEHELP.DLL : 8.1.5.3 233846 Bytes 7/31/2009 20:01:57
AEGEN.DLL : 8.1.1.53 356724 Bytes 7/31/2009 20:01:57
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/2008 14:32:40
AECORE.DLL : 8.1.7.6 184694 Bytes 7/31/2009 20:01:56
AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 14:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 08:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 10:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 14:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 10:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 15:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 10:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 15:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 08:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 10:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 15:39:58
RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/2009 10:19:48

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: 01 August 2009 17:52

Starting search for hidden objects.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCTCore\Settings\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCTCore\Settings\hookinggroups
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCTCore\Settings\HookingGroups\FileMonitor\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCTCore\Settings\HookingGroups\FileMonitor\postoperations
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCTCore\Settings\HookingGroups\FileMonitor\preoperations
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCTCore\Settings\HookingGroups\ProcessMonitor\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCTCore\Settings\HookingGroups\ProcessMonitor\postoperations
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCTCore\Settings\HookingGroups\ProcessMonitor\preoperations
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCTCore\Settings\HookingGroups\RegistryMonitor\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCTCore\Settings\HookingGroups\RegistryMonitor\postoperations
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCTCore\Settings\HookingGroups\RegistryMonitor\preoperations
[INFO] The registry entry is invisible.
'41007' objects were checked, '11' hidden objects were found.

The scan of running processes will be started
Scan process 'pctsGui.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'pctsSvc.exe' - '1' Module(s) have been scanned
Scan process 'pctsAuxs.exe' - '1' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'AdobeUpdater.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'googletalk.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'scardsvr.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'Monitor.exe' - '1' Module(s) have been scanned
Scan process 'pctsTray.exe' - '1' Module(s) have been scanned
Scan process 'PRONoMgr.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ZCfgSvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
46 processes with 46 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '54' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.


End of the scan: 01 August 2009 20:17
Used time: 2:25:23 Hour(s)

The scan has been done completely.

4439 Scanned directories
250847 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
1 Files cannot be scanned
250846 Files not concerned
1064 Archives were scanned
1 Warnings
1 Notes
41007 Objects were scanned with rootkit scan
11 Hidden objects were found

__________________________________________________

Can't find the log of the Spyware Doctor. That said about the viruses and things.
 
Ok - so Spybot-Search and Destroy, just kicked in while I was afk.... now that says I have 14 problems found:
DoubleClick - 1 entry found Browser
Myway.Mywebsearch - 11 entries found PUPSC
Statcounter - 1 entry found
Win32.VB.dn - 1 entry found Browser


Haven't done anything as I don't know what they all - just closing the window and hiding my head in the sand.... I just don't understand what it all means and if I 'fix' them am I screwing something else up! :(

Should I do the Combo-Fix thing too ? I'm completely at you guy's mercy with this. If you all think Im clear and safe - I will love you all forever and trot off happily, but if the above are anything to worry about then I'd appreciate the guidance. Thank you thank you thank you. :)
 
Last edited:
Thank you Johnb35!!!!

That's just it. I don't know if it is or isn't, and I don't know if it is because there are too many programmes now, or what, because one programme says Im clear, and the next says my laptop has issues.

I wish there was a non-technical simple to understand, all singing-all dancing, laptop, bug buster/Virus Protector/Superhero with a Glossary of terms, type programme, that simply said -
Click here to check out your entire machine - Y or N
Virus? Y or N
Other stuff - Worry? Y or N
You will find full technical details in the Logs History Tab, but for now - Click here if the above are highlighted Y

and after thats done its thing, you get the message - " :D OK, Your machine is Virus free and problem free - you are good to go! Have a nice day!" LOL.
 
Thats the thing with malware programs. There isn't one program that will catch everything, But Malwarebytes is probably the best program out there right now. Combofix is a better program but only ran in certain instances. Go ahead and run Combofix and post the log that it displays at the end back here.
 
EEEK! :eek: Ok - tried to run the Combofix...But the warning message it comes up with is alarming!

Combofix has detected the following real time scanner(s) to be active:
antivirus: Antivir Desktop

Antivirus and intrusion prevention programmes are known to interfere with Combofix's running. This may lead to unpredictable results or possible machine damage.

Please disable these scanners before clicking 'OK'

Haven't a clue how to disable Antivir! And I don't want to damage my machine! :eek:

Advice please!
 
The only thing you can do is stop it from running at bootup but i've tried stopping my avg and it still says its running when i try to run it. I've run combofix without disabling and everything is fine.
 
Re:

First of all u have install a new window, after installing the window before opening any drive of your hard disk, and also before double clicking if any drive, install the anti virus of AVG or NOD32 and upgrade it with internet, and after upgrading the anti virus star scanning.
 
You must log in or register to reply here.
Back
Top