PC is getting much slower!

Juventino_9 · Joined: Apr 30, 2005 Posts: 14

Hello, can someone help me with my problem please? Since a couple of days now, my pc is going very slow! I get a virus alert message all the the time, and when I click on cancel an internet browser window opens automaticly with advertisements for antivirus software...

Here is my hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:54:18, on 30/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.voetbalkrant.com/
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [e087299f] rundll32.exe "C:\WINDOWS\system32\fqshkmfr.dll",b
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 6464 bytes

Thank you in advance for your help!

Baby_Tux · Joined: Mar 06, 2007 Posts: 808

First turn off your "RESTORE POINT" this will prevent it from putting the "nasties" back (turn it back on when system is clean)

Then I suggest you throw some scanners at it, try;
Trend Micro online HOUSECALL (antivirus scanner)
Spybot search & destroy
Avast - as it will do a boot time scan, automatically if needed (you don't need to worry about the FREE REGISTRATION KEY to do this - unless you decide to keep it)

That ought to at least tell you if you have any "nasties" lurking. - if you DO, you will need to run the scans until it at least reports clean & then possibly a few more to make sure you got them all. Rotate through the last two. (run one then the other - back & forth) Tell it to DELETE as trying to "fix" will leave "JUNK" behind & without the virus code, usually scanners can't find it again.

Then you may have to do a repair install of your OS to fix any damage. Plus you may have to reinstall some of your apps for the same reason. Be aware of the APPS as you COULD reinstall the virus if it came from one of them.

NOTE, you can only have ONE antivirus running at at a time as they will "KILL" one another.

Also suggest moving your HIJACK listing to the HIJACK AREA. Here is the link:
LINK TO HIJACK AREA - CLICK ME

Please let me know if you need help with any of this.

greyknight17 · Joined: Feb 03, 2003 Posts: 5058 Location: Brooklyn, NY

Go to http://www.bleepingcomputer.com/combofix/how-to-use-combofix and follow the instructions on how to install the Recovery Console and run ComboFix. Go through all the steps until posting the log part. Post the combofix log here.

Juventino_9 · Joined: Apr 30, 2005 Posts: 14

ComboFix 08-07-01.3 - Nabilio 2008-07-02 15:42:11.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.444 [GMT 2:00]
Running from: C:\Documents and Settings\Nabilio\My Documents\Programmas\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Nabilio\Application Data\macromedia\Flash Player\#SharedObjects\N3JCTR4R\iforex.com
C:\Documents and Settings\Nabilio\Application Data\macromedia\Flash Player\#SharedObjects\N3JCTR4R\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\Nabilio\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\Nabilio\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\cdraixqj.dll
C:\WINDOWS\system32\ddCvwwTM.dll
C:\WINDOWS\system32\ecrqbasa.dll
C:\WINDOWS\system32\gcoowqph.ini
C:\WINDOWS\system32\gcoowqph.tmp
C:\WINDOWS\system32\hdbrmqev.dll
C:\WINDOWS\system32\hpqwoocg.dll
C:\WINDOWS\system32\JjQqAKkj.ini
C:\WINDOWS\system32\JjQqAKkj.ini2
C:\WINDOWS\system32\jkKAqQjJ.dll
C:\WINDOWS\system32\jqxiardc.ini
C:\WINDOWS\system32\llbdoijb.dll
C:\WINDOWS\system32\qXHjjmoq.ini
C:\WINDOWS\system32\qXHjjmoq.ini2
C:\WINDOWS\system32\rfmkhsqf.ini
C:\WINDOWS\system32\trqhioob.dll
C:\WINDOWS\system32\vbolcydg.ini
C:\WINDOWS\system32\wxerhllu.ini
C:\WINDOWS\system32\xveudlqn.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-02 to 2008-07-02 )))))))))))))))))))))))))))))))
.

2008-07-02 01:02 . 2008-07-02 01:02 106,240 --a------ C:\WINDOWS\system32\zghgrf.dll
2008-07-02 01:02 . 2008-07-02 01:02 106,240 --a------ C:\WINDOWS\system32\jymhcekv.dll
2008-07-02 00:02 . 2008-07-02 00:59 319 --a------ C:\WINDOWS\wininit.ini
2008-07-01 23:32 . 2008-07-01 23:32 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-01 23:32 . 2008-07-02 01:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-01 00:24 . 2008-07-01 00:24 105,872 --a------ C:\WINDOWS\system32\wqafuw.dll
2008-07-01 00:24 . 2008-07-01 00:24 105,872 --a------ C:\WINDOWS\system32\lgeeqpgp.dll
2008-06-30 14:29 . 2008-06-30 14:29 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-30 00:24 . 2008-06-30 00:24 105,856 --a------ C:\WINDOWS\system32\poxpjpdq.dll
2008-06-30 00:24 . 2008-06-30 00:24 105,856 --a------ C:\WINDOWS\system32\gorclq.dll
2008-06-28 23:26 . 2008-06-28 23:26 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-06-28 23:26 . 2008-06-28 23:33 <DIR> d-------- C:\Program Files\Norton AntiVirus
2008-06-28 23:25 . 2008-06-28 23:28 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-06-28 23:25 . 2008-06-28 23:28 60,808 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-06-28 23:25 . 2008-06-28 23:28 10,652 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-06-28 23:25 . 2008-06-28 23:28 806 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-06-28 23:21 . 2008-06-28 23:21 <DIR> d-------- C:\Documents and Settings\Nabilio\Application Data\Symantec
2008-06-28 14:21 . 2008-06-28 14:21 105,968 --a------ C:\WINDOWS\system32\tmwukv.dll
2008-06-28 14:21 . 2008-06-28 14:21 105,968 --a------ C:\WINDOWS\system32\qxsmfefv.dll
2008-06-26 20:12 . 2008-06-26 20:12 <DIR> d-------- C:\Documents and Settings\Mama\Application Data\Nokia
2008-06-26 16:54 . 2008-06-26 16:54 <DIR> d-------- C:\Documents and Settings\Mama\Application Data\BearShare
2008-06-22 17:13 . 2008-06-23 19:06 <DIR> d---s---- C:\Documents and Settings\Mama\UserData
2008-06-22 14:21 . 2008-07-01 12:52 <DIR> d-------- C:\Documents and Settings\Mama\Contacts
2008-06-22 14:20 . 2008-06-22 14:20 <DIR> d-------- C:\Documents and Settings\Mama\Application Data\PC Suite
2008-06-22 14:20 . 2008-06-22 14:20 <DIR> d-------- C:\Documents and Settings\Mama\Application Data\Logitech
2008-06-22 14:19 . 2008-07-01 19:32 <DIR> d-------- C:\Documents and Settings\Mama
2008-06-17 22:46 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-06-17 22:46 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-06-13 16:37 . 2003-11-04 15:11 159,744 --a------ C:\WINDOWS\system32\lfpng13n.dll
2008-06-11 12:52 . 2008-06-13 15:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 12:52 . 2008-06-13 15:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-02 13:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-01 22:58 --------- d-----w C:\Program Files\RegClean
2008-07-01 16:33 --------- d-----w C:\Documents and Settings\Nabilio\Application Data\BearShare
2008-07-01 15:33 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-29 22:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-28 22:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-28 21:28 --------- d-----w C:\Program Files\Symantec
2008-06-24 21:48 --------- d-----w C:\Documents and Settings\Nabilio\Application Data\LimeWire
2008-06-22 16:10 230,432 ----a-w C:\PA207.DAT
2008-06-05 13:08 --------- d-----w C:\Program Files\Java
2008-05-26 20:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-05-08 12:14 203,008 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-06-29 00:12 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 10:21 153136]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54 5674352]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-11 18:19 68856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 07:55 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 07:52 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 07:55 118784]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"WinampAgent"="C:\Program Files\Winamp\Winampa.exe" [2005-12-09 08:30 35328]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20 227328]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42 267064]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"Monitor"="C:\WINDOWS\PixArt\PAC207\Monitor.exe" [2006-11-03 12:01 319488]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-25 07:07 51048]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-08-25 06:53 714608]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:56 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-10-11 18:19:53 126136]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-10-11 18:13:05 438272]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-05-14 11:26]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60536214-ff68-11dc-b487-001a4d30c90f}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-06-30 18:10:53 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Nabilio.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
- - - - ORPHANS REMOVED - - - -

BHO-{3C9DFC0F-FAF8-4EC3-A512-C37F2E3CE9D1} - (no file)
BHO-{9FFE7CAB-EFBE-481F-8220-F770C1B50C95} - (no file)
HKLM-Run-e087299f - C:\WINDOWS\system32\hpqwoocg.dll
HKLM-Run-pdfSaver3 - (no file)

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-02 16:30:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
.
**************************************************************************
.
Completion time: 2008-07-02 16:33:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-02 14:33:52

Pre-Run: 153,422,581,760 bytes free
Post-Run: 155,260,301,312 bytes free

175 --- E O F --- 2008-06-20 22:38:48

greyknight17 · Joined: Feb 03, 2003 Posts: 5058 Location: Brooklyn, NY

I don't recommend using file sharing programs like BearShare or Limewire as they may contribute to malware infections. Go to your Add/Remove Programs panel and see if you can find WhenUSave listed.

Double click on C:\WINDOWS\wininit.ini to open it up in Notepad. Copy & paste the contents of that file here. Then go back and delete all those lines. Copy & paste the following two lines back: