Karl`s PC Help Forums

MSN- 'Myspace pics' virus, please help!
carolinep - 24-12-2007 at 00:45

Hi,
Ive caught a virus through MSN from a friend- sorry if there are already loads of posts on this, but ive spent so long trying to sort it! Their instant message basically said "check out these pics, im going to put them on myspace" and it was followed by an attachment which I opened... and now every time I sign in to MSN, the same is happening from me, to all my online friends. Im sure most of you will be familiar with it..?
Ive done a virus scan, etc, and have looked at various 'help' sites on the net, but cant really understand them! Can anyone give me any simple/step-by-step advice on how to remove the virus please?

Any help is greatly appreciated!


Daz - 24-12-2007 at 01:52

I think you might want post a Hijack This log for our resident expert to check over for you...

Download Hijack This from HERE...

Then follow the info here....

http://www.karlsforums.com/forums/viewthread.php?tid=12362

Welcome to KF, and I'm sure Pancake will sort you out...


LSemmens - 24-12-2007 at 12:40

Hi caroline, welcome. As Daz has suggested, a HJT log will go a long way to helping us sort your problem out. Meantime, have a read here: An ounce of prevention, and Why did I get infected in the first place, and lastly Dealing with spyware/adwares/trojans etc


carolinep - 24-12-2007 at 13:04

Im going to post two HJT logs... as I have two computers, and on one, im pretty sure I have the virus, but im not sure about the other, since I didnt open the actual zip file.


carolinep - 24-12-2007 at 13:05

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:46:30, on 23/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAcerAcer eConsoleMediaServerService.exe
C:Program FilesCAeTrust AntivirusInoRpc.exe
C:Program FilesCAeTrust AntivirusInoRT.exe
C:Program FilesCAeTrust AntivirusInoTask.exe
C:Program FilesCASharedComponentsCA_LICLogWatNT.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesLinksys Wireless-G PCI Wireless Network MonitorWLService.exe
C:Program FilesLinksys Wireless-G PCI Wireless Network MonitorWMP54Gv4.exe
C:Program FilesCanonCALCALMAIN.exe
C:WINDOWSExplorer.EXE
C:Program FilesCyberLinkPowerDVDPDVDServ.exe
C:WINDOWSAGRSMMSG.exe
C:AcerEmpowering TechnologyeRecoveryMonitor.exe
C:Program FilesAcerAcer eMode ManagementAspireService.exe
C:Program FilesAcerAcer eConsoleMediaSync.exe
C:Program FilesLogitechVideoLogiTray.exe
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe
C:Program FilesiTunesiTunesHelper.exe
C:WINDOWSSOUNDMAN.EXE
C:Program FilesSpybot - Search & DestroyTeaTimer.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:WINDOWSsystem32LVComS.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesLogitechDesktop Messenger8876480ProgramLogitechDesktopMessenger.exe
C:Program FilesiPodbiniPodService.exe
C:Program FilesMSN Messengermsnmsgr.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLLoginProxy.exe
C:Program FilesCAeTrust AntivirusInocIT.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
C:Program FilesCommon FilesRealUpdate_OBRealOneMessageCenter.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.co.uk/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar4.dll
O4 - HKLM..Run: [LaunchApp] Alaunch
O4 - HKLM..Run: [RemoteControl] "C:Program FilesCyberLinkPowerDVDPDVDServ.exe"
O4 - HKLM..Run: [MSPY2002] C:WINDOWSsystem32IMEPINTLGNTImScInst.exe /SYNC
O4 - HKLM..Run: [PHIME2002ASync] C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /SYNC
O4 - HKLM..Run: [PHIME2002A] C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /IMEName
O4 - HKLM..Run: [ntiMUI] C:Program FilesNewTech InfosystemsNTI CD & DVD-Maker 7ntiMUI.exe
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM..Run: [AspireService] C:Program FilesAcerAcer eMode ManagementAspireService.exe
O4 - HKLM..Run: [MediaSync] C:Program FilesAcerAcer eConsoleMediaSync.exe
O4 - HKLM..Run: [eRecoveryService] C:AcerEmpowering TechnologyeRecoveryMonitor.exe
O4 - HKLM..Run: [NAV CfgWiz] "C:Program FilesNorton AntiVirusCfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 - HKLM..Run: [SSC_UserPrompt] C:Program FilesCommon FilesSymantec SharedSecurity CenterUsrPrmpt.exe
O4 - HKLM..Run: [LogitechVideoTray] C:Program FilesLogitechVideoLogiTray.exe
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.5.0_09binjusched.exe"
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [MSConfig] C:WINDOWSPCHealthHelpCtrBinariesMSConfig.exe /auto
O4 - HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot - Search & DestroyTeaTimer.exe
O4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [LDM] C:Program FilesLogitechDesktop Messenger8876480ProgramLogitechDesktopMessenger.exe
O4 - HKCU..Run: [SUPERAntiSpyware] C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:Program FilesLogitechDesktop Messenger8876480ProgramLogitechDesktopMessenger.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:Program FilesCommon FilesMicrosoft SharedEncarta Search BarENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {82FFA573-38AA-482A-99AD-91F697B91631} (Installer.InstallControl) - http://static.35mb.com/applet/applet_o.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:Program FilesLogitechDesktop Messenger8876480ProgramGAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:Program FilesSUPERAntiSpywareSASWINLO.dll
O21 - SSODL: neobus - {0F4DEFE0-1316-45BB-909F-ADEC2888D54A} - C:WINDOWSneobus.dll
O23 - Service: Acer Media Server - Acer Inc. - C:Program FilesAcerAcer eConsoleMediaServerService.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:Program FilesCASharedComponentsCA_LIClic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:Program FilesCASharedComponentsCA_LIClic98rmtd.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:Program FilesCanonCALCALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:Program FilesCAeTrust AntivirusInoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:Program FilesCAeTrust AntivirusInoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:Program FilesCAeTrust AntivirusInoTask.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:Program FilesCASharedComponentsCA_LICLogWatNT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:Program FilesCommon FilesMacromedia SharedServiceMacromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:Program FilesLinksys Wireless-G PCI Wireless Network MonitorWLService.exe

--
End of file - 9104 bytes


carolinep - 24-12-2007 at 13:08

heres the other log for the other computer:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:05:03, on 24/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:WINDOWSehomeehtray.exe
C:WINDOWSRTHDCPL.EXE
C:Program FilesCyberLinkPowerDVDPDVDServ.exe
C:Program FilesAcereRecoveryMonitor.exe
C:Program FilesJavajre1.6.0_01binjusched.exe
C:PROGRA~1CAETRUST~1realmon.exe
C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe
C:Program FilesHPHP Software UpdateHPWuSchd2.exe
C:Program FilesPhilipsAuto Run Software for Photo FramePhotoManager.exe
C:WINDOWSeHomeehRecvr.exe
C:WINDOWSeHomeehSched.exe
C:Program FilesCAeTrust AntivirusInoRpc.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:Program FilesSpybot - Search & DestroyTeaTimer.exe
C:Program FilesWireless 802.11g USB AdapterZDWlan.exe
C:Program FilesHPDigital Imagingbinhpqtra08.exe
C:Program FilesCAeTrust AntivirusInoRT.exe
C:Program FilesCAeTrust AntivirusInoTask.exe
C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32moiofew.exe
C:Program FilesHPDigital Imagingbinhpqimzone.exe
C:Program FilesHPDigital ImagingbinhpqSTE08.exe
C:WINDOWSeHomeehmsas.exe
C:WINDOWSsystem32dllhost.exe
C:Program FilesMSN Messengermsnmsgr.exe
C:WINDOWSsystem32HPZipm12.exe
C:Program FilesCAeTrust AntivirusInocIT.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.co.uk/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_03binssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O4 - HKLM..Run: [ehTray] C:WINDOWSehomeehtray.exe
O4 - HKLM..Run: [LaunchApp] Alaunch
O4 - HKLM..Run: [ntiMUI] c:Program FilesNewTech InfosystemsNTI CD & DVD-Maker 7ntiMUI.exe
O4 - HKLM..Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM..Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM..Run: [RemoteControl] "C:Program FilesCyberLinkPowerDVDPDVDServ.exe"
O4 - HKLM..Run: [IMJPMIG8.1] "C:WINDOWSIMEimjp8_1IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM..Run: [MSPY2002] C:WINDOWSsystem32IMEPINTLGNTImScInst.exe /SYNC
O4 - HKLM..Run: [PHIME2002ASync] C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /SYNC
O4 - HKLM..Run: [PHIME2002A] C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /IMEName
O4 - HKLM..Run: [eRecoveryService] C:Program FilesAcereRecoveryMonitor.exe
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.6.0_01binjusched.exe"
O4 - HKLM..Run: [Realtime Monitor] C:PROGRA~1CAETRUST~1realmon.exe -s
O4 - HKLM..Run: [Google Desktop Search] "C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe" /startup
O4 - HKLM..Run: [HP Software Update] C:Program FilesHPHP Software UpdateHPWuSchd2.exe
O4 - HKLM..Run: [Auto Run Software for Photo Frame] "C:Program FilesPhilipsAuto Run Software for Photo FramePhotoManager.exe" /autorun
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 - HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot - Search & DestroyTeaTimer.exe
O4 - HKCU..Run: [updateMgr] C:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user')
O4 - Global Startup: Wireless 802.11g USB Adapter.lnk = C:Program FilesWireless 802.11g USB AdapterZDWlan.exe
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:Program FilesHPDigital Imagingbinhpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:Program FilesHPDigital Imagingbinhpqthb08.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03binssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145918483156
O16 - DPF: {9E7203CF-B852-4089-9F09-772FD6DBB849} (VaxBroadcastClientCAB Control) - http://stampauctionnetwork.com/VaxBroadCastClientCAB.cab
O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} (Image Uploader 3.0 Control) - http://www.tescophoto.com/wpp/tesco/app/opcuploader.cab
O20 - AppInit_DLLs: C:PROGRA~1GoogleGOOGLE~2GOEC62~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:WINDOWSsystem32spooldriversw32x863HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:WINDOWSsystem32spooldriversw32x863HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:Program FilesCAeTrust AntivirusInoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:Program FilesCAeTrust AntivirusInoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:Program FilesCAeTrust AntivirusInoTask.exe
O23 - Service: iPod Service - Unknown owner - C:Program FilesiPodbiniPodService.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe

--
End of file - 8622 bytes


LSemmens - 24-12-2007 at 14:07

Pancake is our resident expert, so I'll leave it to him.


carolinep - 24-12-2007 at 14:47

okay, thanks very much :)


Katzy - 24-12-2007 at 16:23

At a glance, it appears that you're running Norton Antivirus AND eTrust Antivirus, too.

Not good. Dump Norton.

If it's not Norton Antivirus, just ignore me...



neobus.dll is a nasty.

Have you done a full scan with an up-to-date "Super Anti-Spyware"?


carolinep - 24-12-2007 at 18:15

yeah, ive done a full scan, but it didnt come up with anything nasty.. any problems were all 'secure'. Any idea how to get rid of the neobus.dll ??

We only really use the Etrust antivirus, i didnt realise we had Norton too... ill delete it


Katzy - 24-12-2007 at 18:49

http://www.spywareremove.com/removeneobusdll.html

Not terribly simple, for a noob, I'd imagine.

It's not too bad, though.

Might be best to wait for Pancake, though, coz that file might go along with some others.


carolinep - 24-12-2007 at 19:28

thanks


Katzy - 24-12-2007 at 20:41

Another one for the armoury is "Spyware Blaster".

http://www.javacoolsoftware.com/spywareblaster.html

Just install it, block everything and forget it, except for updating it, once a month.


Pancake - 24-12-2007 at 22:20

JUst this one to fix in the first log.The other one is fine..Did I see this log on the Kaspersky forum ? I cant find any info on this file C:WINDOWSsystem32moiofew.exe do you know where it has come from ?




Please download the http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe

Save it to your desktop.

Please double-click OTMoveIt.exe to run it

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):


C:WINDOWSneobus.dll




Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.

Click the red Moveit! button.

Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


carolinep - 24-12-2007 at 23:12

I havent any idea what C:WINDOWSsystem32moiofew.exe is....

Okay, thanks so much for your help!


Pancake - 26-12-2007 at 00:03

Use OTMoveIt and remove C:WINDOWSsystem32moiofew.exe post a new HJT log then let me know if you still have the problem.