|
| ||
| CKVO.exe virus Hey there! I was hoping some of you can help me with this problem i have. I was recently infected by a virus that showed up as a process named CKVO.exe. I was able to remove it through the online scanner of BitDefender but some problems still remained. All my antivirus programs suddenly had one day left before they expired, I couldn't change the folder options to view hidden files, and startup would be really slow. The icons and the start menu would take forever to show up after the welcome screen. Before this they showed up almost instantly even with all the VAIO bloatware. Thank you so much for taking time to look at this! ________________________________________________ Here's the Hijackthis Logfile Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:41:46 PM, on 9/10/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Sony\VAIO Event Service\VESMgr.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Sony\ISB Utility\ISBMgr.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Trend Micro\Tmas\Tmas.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [PartSeal] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab O16 - DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC} (CamRegCleanControl Object) - http://www.amustsoft.com/onlineregistryscan/onlineRegCleaner.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Avlib\SSScsiSV.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- End of file - 12136 bytes |
| ||
| Re: CKVO.exe virus Hi robertcarl, welcome to daniweb. One definite reason for slowness on the computer is your log shows you are running TWO antivirus programs. This is an absolute No-No. The absolute rule is ONE antivirus program and ONE firewall running on a computer. Your log shows both Norton and Avast fully running on the computer. Your choice, but you MUST uninstall one of them immediately. Once you do the uninstall then reboot the system. Next do the following; Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop. * DoubleClick mbam-setup.exe and follow the prompts to install MBA-M. * Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform full scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt. Reboot the system. Then run a new HJT scan and post back here with the MBA-M log and the new HJT log. Judy |
| ||
| Re: CKVO.exe virus Hey Judy! Thanks for the reply! I did as you told, i uninstalled Avast since I paid for the Norton antivirus. I proceeded with doing the Malware scan and It found three things. While scanning with Malwarebytes, Norton also found this virus called Dc8.exe but was unable to do anything about it. I'm not sure if Malwarebytes was unable to pick up on it. Here's the Log file. ------------------------------------------ Malwarebytes' Anti-Malware 1.28 Database version: 1138 Windows 5.1.2600 Service Pack 2 9/11/2008 8:53:27 PM mbam-log-2008-09-11 (20-53-23).txt Scan type: Full Scan (C:\|) Objects scanned: 96111 Time elapsed: 28 minute(s), 28 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted succesfully Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\serauth1.dll (Trojan.Agent) -> Quarantined and deleted succesfully C:\WINDOWS\system32\serauth2.dll (Trojan.Agent) -> Quarantined and deleted succesfully ------------------------------------------------ The problem about viewing hidden files have now been resolved. Unfortunately the slow startup and Norton subscription still remains expired even though before the virus it was far from expiring. I'm guessing that the only solution to this is to renew the subscription but here's the HJT logfile just in case there's a problem you guys are seeing. I really appreciate this. Thanks! ------------------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:05:10 PM, on 9/11/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Sony\VAIO Event Service\VESMgr.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Sony\ISB Utility\ISBMgr.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Trend Micro\Tmas\Tmas.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [PartSeal] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab O16 - DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC} (CamRegCleanControl Object) - http://www.amustsoft.com/onlineregistryscan/onlineRegCleaner.cab O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Avlib\SSScsiSV.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- End of file - 11570 bytes |
| ||
| Re: CKVO.exe virus Hi robertcarl, Malwarebytes's did remove some nasty items. The two you mention in your posts CKVO.exe and now the Dc8.exe both appear to be game related in some way. Dc8.exe is from GameSpyArcade GameSpyArcade can be installed when you install a Game. A lot of games now give you the option to install GameSpyArcade Older Games did not give you an option and GameSpyArcade was installed without your knowledge. While the CKVO.exe also has been called, from what I could find, Trojan.Win32.Vaklik.cdj Trojan-PSW.Win32.OnLineGames.rxtk Trojan-GameThief.Win32.OnLineGames.sitj Now as far as your Norton showing as expired, as long as you have all the information regarding this...your current registration number and such, you should be able to uninstall it and reinstall it without purchasing a new copy and the expiration date would be restored. But we will get to that shortly, as long as it is still working right now let's leave it there and continue to be certain the computer is totally free of infection before doing that reinstall. You don't want the reinstall possibly damaged by anything still remaining. I would like you now to do the following; Download ComboFix Click on the Save button and then when it asks you where to save it, make sure you save it directly to your Windows Desktop. Once the download is complete you will see the Combofix on the desktop. * Close all open Windows including this one. * Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Doubleclick the combofix icon on the desktop to run the program. Windows will issue a prompt asking whether you wish to run the program, click Run You will then see a Disclaimer screen asking you to agree to the disclaimer. Press the number 1 key to accept the disclaimer. Now just sit back and allow the program to run Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete. When ComboFix has finished running, you will see a screen stating that it is preparing the log report. This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt. When all is complete then please post back here with that log. |
| ||
| Re: CKVO.exe virus Hello again, Judy! It's nice to hear that Malwarebytes got rid of the viruses. Start-up has become noticeable faster now. Here is the ComboFix log file you asked for. Does it show anything that I need to deal with? Thank you so much! ComboFix 08-09-10.04 - Carla 2008-09-11 22:43:06.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.559 [GMT 8:00] Running from: C:\Documents and Settings\Carla\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Autorun.inf C:\WINDOWS\setup.exe C:\WINDOWS\system32\lsprst7.dll C:\WINDOWS\system32\nsprs.dll C:\WINDOWS\system32\ssprs.dll . ((((((((((((((((((((((((( Files Created from 2008-08-11 to 2008-09-11 ))))))))))))))))))))))))))))))) . 2008-09-11 20:10 . 2008-09-11 20:53 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-09-11 20:10 . 2008-09-11 20:10 <DIR> d-------- C:\Documents and Settings\Carla\Application Data\Malwarebytes 2008-09-11 20:10 . 2008-09-11 20:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-09-11 20:10 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-11 20:10 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-09-10 22:15 . 2008-09-10 22:15 1,024 --a------ C:\WINDOWS\system32\clauth2.dll 2008-09-10 22:15 . 2008-09-10 22:15 1,024 --a------ C:\WINDOWS\system32\clauth1.dll 2008-09-10 22:15 . 2008-09-10 22:34 14 --a------ C:\WINDOWS\system32\ssprs.tgz 2008-09-10 22:15 . 2008-09-10 22:15 0 --a------ C:\WINDOWS\system32\nsprs.tgz 2008-09-10 22:13 . 2008-09-10 22:34 <DIR> d-------- C:\Program Files\SPSS Evaluation 2008-09-10 22:13 . 2008-09-10 22:13 1,025 --a------ C:\WINDOWS\system32\sysprs7.tgz 2008-09-10 22:13 . 2008-09-10 22:13 1,025 --a------ C:\WINDOWS\system32\sysprs7.dll 2008-09-10 22:13 . 2008-09-10 22:34 219 --a------ C:\WINDOWS\system32\lsprst7.tgz 2008-09-10 22:13 . 2008-09-10 22:34 16 ---h----- C:\WINDOWS\system32\servdat.slm 2008-08-26 17:29 . 2008-08-26 17:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia 2008-08-23 21:05 . 2008-08-23 21:05 <DIR> d-------- C:\Documents and Settings\Carla\Application Data\GlarySoft 2008-08-23 20:40 . 2008-08-23 20:40 <DIR> d-------- C:\Documents and Settings\Carla\Application Data\Uniblue 2008-08-23 19:40 . 2008-08-23 19:44 <DIR> d-------- C:\Program Files\Windows Live Safety Center 2008-08-14 20:38 . 2008-08-23 20:27 <DIR> d-------- C:\WINDOWS\BDOSCAN8 2008-08-14 20:37 . 2008-05-01 22:30 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-11 12:15 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-09-10 14:40 --------- d-----w C:\Program Files\Trend Micro 2008-08-23 11:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-07-26 14:26 --------- d-----w C:\Program Files\Norton Internet Security 2008-07-15 09:16 229,376 ----a-w C:\Documents and Settings\Carla\cwshredder.dll 2008-07-12 11:36 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2008-07-12 11:36 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL 2008-07-12 11:36 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-07-12 11:36 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2008-07-12 11:36 --------- d-----w C:\Program Files\Symantec 2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 15:38 659,456 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 1694208] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-06-23 171448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VAIOCameraUtility"="C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-01 69632] "VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-12 151552] "VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672] "URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [2007-01-16 23168] "SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2005-10-20 184320] "PartSeal"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672] "ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2004-02-21 32768] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-08-06 94208] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-08-06 114688] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-08-06 77824] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 52840] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-11-18 118784] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048] "RTHDCPL"="RTHDCPL.EXE" [2005-08-10 C:\WINDOWS\RTHDCPL.EXE] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Trend Micro Anti-Spyware.lnk - C:\Program Files\Trend Micro\Tmas\Tmas.exe [2008-06-10 1310720] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"= "C:\Program Files\Trend Micro\Tmas\sshook.dll" [2008-06-10 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2005-05-21 09:42 73728 C:\WINDOWS\system32\VESWinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.dvsd"= C:\PROGRA~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel] --a------ 2005-06-12 10:51 53248 C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExecAfterFirstBoot] --a------ 2005-03-17 03:22 204800 C:\WINDOWS\SONYSYS\EFlyer\ExecAfterFirstBoot.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] --a------ 2005-11-05 05:25 159832 C:\Program Files\Common Files\AOL\1213081842\ee\AOLHostManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-10-14 00:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2005-08-27 10:14 36975 C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2008-06-23 15:31 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey] --a------ 2005-06-14 06:42 258048 c:\Program Files\Sony\VAIO Survey\SurveySA.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Sony Pictures Games\\JEOPARDY!\\JEOPARDY!.exe"= R3 SonyImgF;Sony Image Conversion Filter Driver;C:\WINDOWS\system32\DRIVERS\SonyImgF.sys [2005-12-01 28800] S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [2005-07-15 32768] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35225c8c-52d6-11dd-acb3-00014af93d20}] \Shell\AutoRun\command - F:\t.com \Shell\explore\Command - F:\t.com \Shell\open\Command - F:\t.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38718874-5782-11dd-acb9-00014af93d20}] \Shell\Auto\command - Recycled/dllcache32.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled/dllcache32.exe \Shell\explore\Command - Recycled/dllcache32.exe \Shell\open\Command - Recycled/dllcache32.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b864f37a-678d-11dd-accf-00014af93d20}] \Shell\AutoRun\command - F:\tyktjfww.exe \Shell\explore\Command - F:\tyktjfww.exe \Shell\open\Command - F:\tyktjfww.exe *Newly Created Service* - COMHOST *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder . - - - - ORPHANS REMOVED - - - - HKLM-Run-Mouse Suite 98 Daemon - ICO.EXE . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.sony.com/vaiopeople R0 -: HKCU-Main,Search Page = hxxp://www.google.com R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O16 -: {BDEE1959-AB6B-4745-A29B-F492861102CC} - hxxp://www.amustsoft.com/onlineregistryscan/onlineRegCleaner.cab C:\WINDOWS\Downloaded Program Files\onlineRegCleaner.inf C:\WINDOWS\Downloaded Program Files\regengine.dll C:\WINDOWS\Downloaded Program Files\ignores.dat C:\WINDOWS\Downloaded Program Files\amguires.ama C:\WINDOWS\Downloaded Program Files\amControl.dll C:\WINDOWS\Downloaded Program Files\onlineRegCleaner2.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-11 22:45:11 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-09-11 22:46:14 ComboFix-quarantined-files.txt 2008-09-11 14:46:10 Pre-Run: 83,840,294,912 bytes free Post-Run: 84,026,474,496 bytes free 166 --- E O F --- 2008-08-23 11:29:17 |
| ||
| Re: CKVO.exe virus I have to leave for awhile but will get back here ASAP. One thing, do you have Linux installed on the computer? |
| ||
| Re: CKVO.exe virus Sure, no hurry. Nope, no linux installed on this computer. It's been on Windows XP ever since. |
| ||
| Re: CKVO.exe virus Do you use any type of license management software? Did you install an Evaluation version of a program by SPSS? Some files removed by combofix and some showing in your combofix log are noted in some places as being malware and in others as being related to valid software related to a license manager. Sometime they are related to the LinuX OS but you are not running Linux. All of the files I am questioning were installed Sept. 10 at around 10:13 p.m. to 10:35 p.m., including this SPSS Evaluation program. Do you know what these are or what that particular program is? |
| ||
| Re: CKVO.exe virus No, i haven't used any license management software. SPSS Evaluation Program is installed on this laptop but i wasn't the one who installed it. It is a program to process statistical information for my schooling. |
| ||
| Re: CKVO.exe virus Quote:
Have you been able to correct the expired Norton program? Is the computer running any better? |
| All times are GMT -4. The time now is 6:13 pm. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC