|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
|
Topic Tools |
#1
|
||||
|
||||
Serious Issue with malware!!
I have a serious problem, and I'm getting so mad right now it's not even something to smile over. My computer has been infected with some malware, spyware, and a trojan....I had removed one called Trojan_Vundo. It started to happen yesterday, system gave alerts about it and I don't know what could have happened.
So I checked the Symantec Security system, it was a big joke to me in a really bad way. There is no security anymore, it's missing the Symantec Client Security.msi file. I realized why it was that way cause of the fact it was deleted by accident, which one day I was trying to prevent. It's a really long story... Now what p-sses me off the most is the fact, that the person who built it...really didn't leave anything behind. This isn't really my computer, but I try to treat it like it's mine...I'm bothered mostly because I had no CD to even try and re-install the anti-virus...so lately I had been carefully surfing the nets. I always try to keep away from areas I don't need to be, I stay near the clean zones. But somehow it snagged something and started acting up yesterday. I even tried to restore it, but there was no use...since there was no checkpoint past the date. Right now I have this Security Toolbar on the IE...I get these pop ups that talk about the threats. I'm royaly p.oed and I really want to find away to fix this. These are the noted harms I've come across: NetWorm-1.Virus@fp PSW.x-Virtrojan. Trojan-Spy.win32@mx Aside from that, here is my Hijackthis Log...please help me with this. I'm going to have to buy Symantec and re-install it to get things set up, I just want to remove the harm first before I can do anything else.. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:23:54 PM, on 10/18/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe C:\Program Files\VIAudioi\SBADeck\ADeck.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\BitTorrent_DNA\dna.exe C:\Program Files\Microsoft Office\Office10\OSA.EXE C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\msiexec.exe C:\Documents and Settings\Collette\Desktop\HiJackThis.exe C:\WINDOWS\system32\MsiExec.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\system32\MsiExec.exe R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O1 - Hosts: 87.117.202.117 nprotect.roseonlinegame.com O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\igmtftmh.dll O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1 O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\pdkhbapr.dll",sitypnow O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\BitTorrent_DNA\dna.exe" O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Collette\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://fishingchamp.gamescampus.com/...amesCampus.cab O16 - DPF: {0835BC90-6ABC-4F52-A103-4FC3A61F2C33} (A18X Control) - http://www.albatross18.com/season2/cabs/A18X.ocx O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://pcpitstop.com/internet/pcpConnCheck.cab O16 - DPF: {20050325-D35A-4233-926E-2E801AE25949} (NMJPStarter15 Class) - http://www.netmarble.jp/_common/cab/NMStarterJP6.cab O16 - DPF: {207048D8-A40B-4505-AE24-92FF13BEB269} (myDancerCTL Class) - http://web.spaceillusion.com/help/myDancer1020.cab O16 - DPF: {2CDD22B9-FC0F-46B9-A2FA-BCCFFA7F87F3} (ActiveJoy Control) - http://www.wydglobal.com/JKeySecret/ActiveJoy3.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {377FF862-62E0-4F33-B6E5-F58E0BC0F209} (NlsComm Component Class) - http://login.hanbiton.com/cab/NLSnSSO.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - http://www.e-games.com.my/com/EGamesPlugin.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by7fd.bay7.hotmail.msn.com/re...s/MsnPUpld.cab O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/game...lugin11USA.cab O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://file.netmarble.jp/Control/NMJTransX.cab O16 - DPF: {7C564BC7-73BD-4750-A90A-8FF2D8C8C64B} (SysInfo Control) - http://www.cabal.co.kr/Include/SysInfo.cab O16 - DPF: {7D1AC43C-FDD7-4F4D-8A74-BD315320569B} (GSystemInfo Control) - http://www.ragnarok2.co.kr/cab1/GSystemInfo.cab O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/activex/d...rsion=1,0,0,10 O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalgamecdn.com/dist/n...fyLauncher.cab O16 - DPF: {AB4ADC0F-2B4B-4B08-8B5C-CA4D6188A180} (P3Xfer Loader Class) - http://config.hyosungcdn.com/download/p3xset.cab O16 - DPF: {AEFD1FBF-F311-4A6F-A360-B5BCC74BE3EE} (SpriteCtrl Class) - http://www.mysprite.com/sprite/bin/Sprite.cab O16 - DPF: {B3FE4217-1335-4D02-A7C0-9A5CE9E6640E} (MADanalCtrl Control) - http://www.ohdio.com/common/ctrl/MADanalCtrl2.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab O16 - DPF: {BCA9A936-F557-408E-8301-D5B2B302EFD6} (SiUpdaterCtrl Class) - http://web.spaceillusion.com/help/iDanceUpdater1020.cab O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} (HanSetupCtrl1010 Class) - http://gzs.hangame.com/common/HanSetup1010.cab O16 - DPF: {C8F5F737-2683-40B8-BFB6-47B15AC20A79} (Game Starter Control) - https://service.gamania.co.jp/auth/c...1/lcjggame.cab O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/contr...terActiveX.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://my.levelupgames.ph/keycrypt/npkcx.cab O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.tricksteronline.com/contr...tComponent.cab O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/game...lugin10USA.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab O18 - Filter hijack: text/html - (no CLSID) - (no file) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe -- End of file - 14133 bytes |
#2
|
||||
|
||||
Hello KronoSfear,
Download combofix.exe to your Desktop. Doubleclick on combofix.exe and follow the prompts. A window will open with a warning. Type "1" (and Enter) to start the fix. When the scan completes, Disk Cleanup will run and then a text window with your log will open. Please copy and paste that log back here. A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Also go here and download Silent Runners.vbs (use IE to download it) to a new folder on your drive and run it. It generates a log too. It takes a minute or two and it will notify you with a popup when your log is ready (it will be in the new folder you created). Please post the information back in this thread. If your AV queries the script, allow it to run. It's not malicious. |
#3
|
||||
|
||||
Well I tried the first one, but this is what I get before it allows me to scan anything.
But I did the silent runner scan and here is the log for it. "Silent Runners.vbs", revision 52, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run \ {++} "MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS] "Yahoo! Pager" = ""C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet" ["Yahoo! Inc."] "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "BitTorrent DNA" = ""C:\Program Files\BitTorrent_DNA\dna.exe"" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Run \ {++} "AudioDeck" = "C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1" ["VIA Technologies, Inc."] "zBrowser Launcher" = "C:\Program Files\Logitech\iTouch\iTouch.exe" ["Logitech Inc."] "Logitech Utility" = "Logi_MwX.Exe" ["Logitech Inc."] "ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."] "RoxioDragToDisc" = ""C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"" ["Roxio"] "ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"] "vptray" = "C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe" ["Symantec Corporation"] "ATICCC" = ""C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay" [null data] "SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"" ["Sun Microsystems, Inc."] "TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."] "iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."] "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."] "IMJPMIG8.1" = ""C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32" [MS] "MSPY2002" = "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC" [null data] "PHIME2002ASync" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC" [MS] "PHIME2002A" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName" [MS] "Adobe Photo Downloader" = ""C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"" ["Adobe Systems Incorporated"] "Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"] "Lexmark X1100 Series" = ""C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"" ["Lexmark International, Inc."] "SearchIndexer" = "rundll32.exe "C:\WINDOWS\system32\oxycdjrm.dll",sitypnow" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\ {02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided) -> {HKLM...CLSID} = "&Yahoo! Toolbar Helper" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll" ["Yahoo! Inc."] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\(Default) = (no title provided) -> {HKLM...CLSID} = "UberButton Class" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Common\yiesrvc.dll" ["Yahoo! Inc."] {65D886A2-7CA7-479B-BB95-14D1EFB7946A}\(Default) = (no title provided) -> {HKLM...CLSID} = "YahooTaggedBM Class" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Common\YIeTagBm.dll" ["Yahoo! Inc."] {6A68DF9A-2F18-4C0A-9D7F-F8596B1F535C}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\ddccy.dll" [null data] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."] {89AD4D75-2429-462e-BD4E-443F233F6033}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\beuebkqb.dll" [null data] {A95B2816-1D7E-4561-A202-68C0DE02353A}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\igmtftmh.dll" [null data] {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided) -> {HKLM...CLSID} = "Google Toolbar Helper" \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."] {C92B957B-4767-4E53-A63C-1E547C35F0C6}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nnnkkhi.dll" [null data] {CC59E0F9-7E43-44FA-9FAA-8377850BF205}\(Default) = (no title provided) -> {HKLM...CLSID} = "FDMIECookiesBHO Class" \InProcServer32\(Default) = "C:\Program Files\Free Download Manager\iefdmcks.dll" [null data] {F4D76F01-7896-458a-890F-E1F05C46069F}\(Default) = "Ask Toolbar BHO" -> {HKLM...CLSID} = "Ask Toolbar BHO" \InProcServer32\(Default) = "C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL" ["Ask.com"] HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension" -> {HKLM...CLSID} = "Display Panning CPL Extension" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{0873D142-79EF-49fa-81B5-211AAC0B0A7F}" = "Target Finder Shell Extension" -> {HKLM...CLSID} = "TargetFinderShlExt Class" \InProcServer32\(Default) = "C:\Program Files\Roxio\Easy Media Creator 7\Creator Classic\TargetFinder.dll" [empty string] "{5E44E225-A408-11CF-B581-008029601108}" = "Roxio DragToDisc Shell Extension" -> {HKLM...CLSID} = "Roxio DragToDisc Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\Shellex.dll" ["Roxio"] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook File Icon Extension" \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS] "{BDA77241-42F6-11d0-85E2-00AA001FE28C}" = "LDVP Shell Extensions" -> {HKLM...CLSID} = "VpshellEx Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"] "{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension" -> {HKLM...CLSID} = "SimpleShlExt Class" \InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll" [empty string] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."] "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes" -> {HKLM...CLSID} = "iTunes" \InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."] "{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail" -> {HKLM...CLSID} = "YMailShellExt Class" \InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."] "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\Program Files\WinZip\wzshlstb.dll" ["WinZip Computing, S.L."] "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\Program Files\WinZip\wzshlstb.dll" ["WinZip Computing, S.L."] "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\Program Files\WinZip\wzshlstb.dll" ["WinZip Computing, S.L."] "{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\Program Files\WinZip\wzshlstb.dll" ["WinZip Computing, S.L."] HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks\ <<!>> "{C92B957B-4767-4E53-A63C-1E547C35F0C6}" = "*Z" (unwritable string) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nnnkkhi.dll" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\She llServiceObjectDelayLoad\ "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] <<!>> igmtftmh\DLLName = "igmtftmh.dll" [null data] <<!>> NavLogon\DLLName = "C:\WINDOWS\System32\NavLogon.dll" ["Symantec Corporation"] <<!>> nnnkkhi\DLLName = "nnnkkhi.dll" [null data] HKLM\Software\Classes\Folder\shellex\ColumnHandler s\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandler s\ LDVPMenu\(Default) = "{BDA77241-42F6-11d0-85E2-00AA001FE28C}" -> {HKLM...CLSID} = "VpshellEx Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\Program Files\WinZip\wzshlstb.dll" ["WinZip Computing, S.L."] Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}" -> {HKLM...CLSID} = "YMailShellExt Class" \InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."] HKLM\Software\Classes\Directory\shellex\ContextMen uHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\Program Files\WinZip\wzshlstb.dll" ["WinZip Computing, S.L."] HKLM\Software\Classes\Folder\shellex\ContextMenuHa ndlers\ LDVPMenu\(Default) = "{BDA77241-42F6-11d0-85E2-00AA001FE28C}" -> {HKLM...CLSID} = "VpshellEx Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\Program Files\WinZip\wzshlstb.dll" ["WinZip Computing, S.L."] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System\ "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\My Documents\My Pictures\abandoned.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\Collette\My Documents\My Pictures\abandoned.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\System32\scrnsave.scr" [MS] Startup items in "Collette" & "All Users" startup folders: ---------------------------------------------------------- C:\Documents and Settings\Collette\Start Menu\Programs\Startup "Adobe Gamma" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."] C:\Documents and Settings\All Users\Start Menu\Programs\Startup "Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" -> {HKLM...CLSID} = "Yahoo! Toolbar" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll" ["Yahoo! Inc."] "{F4D76F09-7896-458A-890F-E1F05C46069F}" -> {HKLM...CLSID} = "Ask Toolbar" \InProcServer32\(Default) = "C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL" ["Ask.com"] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."] "{11A69AE4-FBED-4832-A2BF-45AF82825583}" -> {HKLM...CLSID} = "Security Toolbar" \InProcServer32\(Default) = "C:\WINDOWS\system32\igmtftmh.dll" [null data] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided) -> {HKLM...CLSID} = "Yahoo! Toolbar" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll" ["Yahoo! Inc."] "{F4D76F09-7896-458A-890F-E1F05C46069F}" = (no title provided) -> {HKLM...CLSID} = "Ask Toolbar" \InProcServer32\(Default) = "C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL" ["Ask.com"] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided) -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."] "{11A69AE4-FBED-4832-A2BF-45AF82825583}" = (no title provided) -> {HKLM...CLSID} = "Security Toolbar" \InProcServer32\(Default) = "C:\WINDOWS\system32\igmtftmh.dll" [null data] Explorer Bars HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\ {4528BBE0-4E08-11D5-AD55-00010333D0AD}\(Default) = (no title provided) -> {HKLM...CLSID} = "&Yahoo! Messenger" \InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll" ["Yahoo! Inc."] HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ {4528BBE0-4E08-11D5-AD55-00010333D0AD}\(Default) = (no title provided) -> {HKLM...CLSID} = "&Yahoo! Messenger" \InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll" ["Yahoo! Inc."] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.6.0_03" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.6.0_03" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll" ["Sun Microsystems, Inc."] {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\ "ButtonText" = "Yahoo! Services" "CLSIDExtension" = "{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}" -> {HKLM...CLSID} = "UberButton Class" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Common\yiesrvc.dll" ["Yahoo! Inc."] {D9288080-1BAA-4BC4-9CF8-A92D743DB949}\ "ButtonText" = "Run IMVU" "Exec" = "C:\Documents and Settings\Collette\Start Menu\Programs\IMVU\Run IMVU.lnk" [file not found] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ <<H>> "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "*Z" (unwritable string) -> {HKLM...CLSID} = "Yahoo! Toolbar" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll" ["Yahoo! Inc."] HOSTS file ---------- C:\WINDOWS\System32\drivers\etc\HOSTS maps: 2 domain names to IP addresses, 1 of the IP addresses is *not* localhost! Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."] iPodService, iPodService, "C:\Program Files\iPod\bin\iPodService.exe" ["Apple Computer, Inc."] IS Service, ISSVC, "C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe" ["Symantec Corporation"] LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."] Symantec AntiVirus, Symantec AntiVirus, ""C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe"" ["Symantec Corporation"] Symantec AntiVirus Definition Watcher, DefWatch, ""C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe"" ["Symantec Corporation"] Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"] Symantec Network Drivers Service, SNDSrvc, ""C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"" ["Symantec Corporation"] Symantec SecurePort, SymSecurePort, ""C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe"" ["Symantec Corporation"] Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monito rs\ Lexmark Network Port\Driver = "LEXLMPM.DLL" ["Lexmark International, Inc."] ---------- (launch time: 1899-12-30 00:00:00) <<!>>: Suspicious data at a malware launch point. <<H>>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 3401907585 seconds, including 24 seconds for message boxes) |
#5
|
||||
|
||||
Here's the Log that I got from the ComboFix. I just want to do something about these stupid popups and...so forth...The Symantec Firewall that I have no longer works...guess it's cause of that missing file. It won't block ads or have it's firewall up...I don't know if thats the issue or not. So I may I have to talk to their tech support.
----------------------------------------- ComboFix 07-10-19.1 - Collette 2007-10-19 15:00:55.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.126 [GMT -5:00] Running from: C:\My Downloads\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\Documents and Settings\Guest\Application Data\macromedia\Flash Player\#SharedObjects\H297KQNA\www.broadcaster.com C:\Documents and Settings\Guest\Application Data\macromedia\Flash Player\#SharedObjects\H297KQNA\www.broadcaster.com\played_list.sol C:\Documents and Settings\Guest\Application Data\macromedia\Flash Player\#SharedObjects\H297KQNA\www.broadcaster.com\video_queue.sol C:\Documents and Settings\Guest\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com C:\Documents and Settings\Guest\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol C:\Program Files\autorun.inf C:\Program Files\Hammer.dll C:\RECYCLER\winow.dll C:\RECYCLER\winow.exe C:\WINDOWS\cookies.ini C:\WINDOWS\rising454.exe C:\WINDOWS\rising736.exe C:\WINDOWS\rising778.exe C:\WINDOWS\system32\beuebkqb.dll C:\WINDOWS\system32\incplhkv.dll C:\WINDOWS\system32\launcher.exe C:\WINDOWS\system32\mrjdcyxo.ini C:\WINDOWS\system32\oxycdjrm.dll C:\WINDOWS\system32\svch0st.exe C:\WINDOWS\system32\vkhlpcni.ini C:\WINDOWS\system32\yccdd.bak1 C:\WINDOWS\system32\yccdd.bak1 C:\WINDOWS\system32\yccdd.bak2 C:\WINDOWS\system32\yccdd.bak2 C:\WINDOWS\system32\yccdd.ini C:\WINDOWS\system32\yccdd.ini C:\WINDOWS\system32\yccdd.ini2 C:\WINDOWS\system32\yccdd.ini2 C:\WINDOWS\system32\yccdd.tmp C:\WINDOWS\system32\yccdd.tmp . ((((((((((((((((((((((((( Files Created from 2007-09-19 to 2007-10-19 ))))))))))))))))))))))))))))))) . 2007-10-19 14:04 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-18 03:05 389,184 --a------ C:\WINDOWS\system32\ofygotgt.exe 2007-10-18 01:42 389,184 --a------ C:\WINDOWS\system32\hfagcmia.exe 2007-10-18 01:42 339,968 --a------ C:\WINDOWS\system32\igmtftmh.dll 2007-10-18 00:38 339,968 --a------ C:\WINDOWS\system32\iglaivow.dll 2007-10-18 00:37 389,184 --a------ C:\WINDOWS\system32\uxgcuxaq.exe 2007-10-17 12:30 <DIR> d-------- C:\WINDOWS\system32\oTt02e 2007-10-17 12:30 <DIR> d-------- C:\Temp\fCOe 2007-10-17 00:53 <DIR> d-------- C:\AeriaGames 2007-10-14 16:46 <DIR> d-------- C:\Program Files\TribalGamingnet 2007-10-13 22:40 <DIR> d-------- C:\Program Files\NCSoft 2007-10-13 22:40 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll 2007-10-13 01:45 <DIR> d-------- C:\Program Files\MaxOn Soft 2007-10-12 03:57 <DIR> d-------- C:\Program Files\Neffy 2007-10-10 16:00 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\Free Download Manager 2007-10-09 14:59 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2007-10-08 01:24 <DIR> d-------- C:\Documents and Settings\Collette\Application Data\.BitZip 2007-10-08 01:23 <DIR> d-------- C:\Program Files\BitZip 2007-10-06 03:01 <DIR> d-------- C:\Program Files\BitComet 2007-10-05 23:32 43,712 --a------ C:\WINDOWS\system32\NavLogon.dll 2007-10-04 21:04 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys 2007-10-04 20:29 <DIR> d-------- C:\Program Files\ABBYY FineReader 5.0 Sprint 2007-10-04 20:24 <DIR> d-------- C:\Program Files\Lexmark X1100 Series 2007-10-04 01:52 <DIR> d-------- C:\Program Files\DANCE!ONLINE 2007-10-04 01:49 <DIR> d-------- C:\Fraps 2007-10-04 00:49 <DIR> d-------- C:\WINDOWS\system32\SolidStateNetworks 2007-10-03 04:18 <DIR> d-------- C:\Nexon 2007-09-28 23:06 128,488 --a------ C:\WINDOWS\system32\HGReport.dll 2007-09-28 23:06 124,360 --a------ C:\WINDOWS\system32\PubPlugin.dll 2007-09-28 01:02 <DIR> d-------- C:\Perfect World 2007-09-24 20:36 <DIR> d-------- C:\Program Files\FlashGet . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2007-10-19 20:21 --------- d-----w C:\Documents and Settings\Collette\Application Data\Free Download Manager 2007-10-19 20:16 --------- d-----w C:\Documents and Settings\Collette\Application Data\BitTorrent DNA 2007-10-19 18:48 --------- d-----w C:\Documents and Settings\Collette\Application Data\Azureus 2007-10-19 01:56 --------- d-----w C:\Documents and Settings\Collette\Application Data\Lavasoft 2007-10-19 01:53 --------- d-----w C:\Program Files\Symantec Client Security 2007-10-18 07:41 --------- d-----w C:\Documents and Settings\Collette\Application Data\uTorrent 2007-10-18 06:10 --------- d-----w C:\Documents and Settings\Collette\Application Data\.BitZip 2007-10-18 02:53 --------- d-----w C:\Program Files\Java 2007-10-18 02:52 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-10-17 21:34 --------- d-----w C:\Documents and Settings\Guest\Application Data\Skype 2007-10-08 05:24 --------- d-----w C:\Program Files\Azureus 2007-10-06 04:38 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-10-06 04:36 --------- d-----w C:\Program Files\Symantec 2007-10-06 04:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2007-10-06 04:27 --------- d-----w C:\Program Files\Triggersoft 2007-10-06 04:26 --------- d-----w C:\Program Files\Outspark 2007-10-04 07:01 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2007-10-03 03:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip 2007-09-25 21:46 --------- d-----w C:\Documents and Settings\Collette\Application Data\IGN_DLM 2007-09-25 01:36 --------- d-----w C:\Program Files\Google 2007-09-22 06:50 --------- d-----w C:\Program Files\IGN 2007-09-22 06:49 --------- d-----w C:\Program Files\DriftCity 2007-09-13 04:16 --------- d-----w C:\Program Files\GameTribe 2007-09-12 07:21 --------- d-----w C:\Program Files\DivX 2007-09-11 09:17 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll 2007-09-11 05:17 65,536 ----a-w C:\WINDOWS\IFinst27.exe 2007-09-06 23:08 --------- d-----w C:\Documents and Settings\Guest\Application Data\Roxio 2007-09-06 06:26 --------- d-----w C:\Program Files\AOA 2007-09-06 04:06 --------- d-----w C:\Documents and Settings\Collette\Application Data\NHN Corporation 2007-09-03 03:12 --------- d-----w C:\Program Files\AskPBar 2007-09-01 02:18 --------- d-----w C:\Program Files\SnailWeb 2007-08-30 00:24 --------- d-----w C:\Program Files\Deco Online 2007-08-29 02:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Outspark 2007-08-25 06:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus 2007-08-24 05:52 --------- d-----w C:\Program Files\Common Files\AOL 2007-08-24 05:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL 2007-08-21 08:52 --------- d-----w C:\Program Files\Common Files\Adobe 2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-08-21 00:26 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-08-21 00:26 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2007-08-15 22:33 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2007-08-15 22:33 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-08-15 22:33 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-08-15 22:33 144,704 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2007-08-15 22:33 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll 2007-08-15 22:33 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe 2007-08-15 22:33 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe 2007-08-15 22:33 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2007-08-15 22:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2007-08-15 22:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2007-08-15 22:31 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2007-08-15 22:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2007-08-15 22:30 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2007-08-15 22:30 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2007-08-15 22:30 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2007-08-15 22:30 740,442 ----a-w C:\WINDOWS\system32\DivX.dll 2007-08-15 22:30 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2007-07-31 00:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-07-31 00:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-07-31 00:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-07-31 00:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-07-31 00:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-07-31 00:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-07-31 00:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-07-31 00:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-07-28 03:37 8,237,056 ----a-w C:\WINDOWS\system32\atioglx2.dll 2007-07-28 03:31 344,064 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll 2007-07-28 03:30 269,312 ----a-w C:\WINDOWS\system32\ati2dvag.dll 2007-07-28 03:24 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll 2007-07-28 03:23 143,360 ----a-w C:\WINDOWS\system32\atipdlxx.dll 2007-07-28 03:23 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll 2007-07-28 03:22 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll 2007-07-28 03:22 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe 2007-07-28 03:22 118,784 ----a-w C:\WINDOWS\system32\ati2evxx.dll 2007-07-28 03:21 483,328 ----a-w C:\WINDOWS\system32\ati2evxx.exe 2007-07-28 03:20 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL 2007-07-28 03:12 3,067,712 ----a-w C:\WINDOWS\system32\ati3duag.dll 2007-07-28 03:06 176,128 ----a-w C:\WINDOWS\system32\atiok3x2.dll 2007-07-28 03:01 1,550,208 ----a-w C:\WINDOWS\system32\ativvaxx.dll 2007-07-28 02:50 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll 2007-07-28 02:47 266,240 ----a-w C:\WINDOWS\system32\atikvmag.dll 2007-07-28 02:46 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll 2007-07-28 02:40 450,560 ----a-w C:\WINDOWS\system32\ati2cqag.dll 2007-07-28 02:05 593,920 ----a-w C:\WINDOWS\system32\ati2sgag.exe 2007-06-29 08:36 88 ----a-w C:\Program Files\GayoList_MyDancer.xml_.md5 2007-02-09 21:38 3,240 ----a-w C:\Program Files\install.ini 2007-02-09 21:37 629,147,559 ----a-w C:\Program Files\data1.pck 2007-02-09 21:37 478,630,326 ----a-w C:\Program Files\data4.pck 2007-02-09 21:37 1,070,496 ----a-w C:\Program Files\check.md 2007-02-09 21:36 629,099,481 ----a-w C:\Program Files\data3.pck 2007-02-09 21:34 629,192,227 ----a-w C:\Program Files\data2.pck 2007-01-23 17:15 9,598 ----a-w C:\Program Files\CopyRight.txt 2006-09-17 04:17 47,248 ----a-w C:\Documents and Settings\Collette\Application Data\GDIPFONTCACHEV1.DAT 2005-10-29 01:59 88 ----a-w C:\Program Files\GayoList_MyDancer.xml.md5 2005-10-29 01:59 126 ----a-w C:\Program Files\GayoList_MyDancer.xml 2005-05-10 23:54 258,352 ----a-w C:\Program Files\unicows.dll 2002-08-16 04:58 28,672 ----a-w C:\Program Files\JPGI.dll 2000-09-15 20:51 372,736 ----a-w C:\Program Files\ijl15.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6A68DF9A-2F18-4C0A-9D7F-F8596B1F535C}] C:\WINDOWS\system32\ddccy.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}] 2007-10-18 01:42 339968 --a------ C:\WINDOWS\system32\igmtftmh.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C92B957B-4767-4E53-A63C-1E547C35F0C6}] C:\WINDOWS\system32\nnnkkhi.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\igmtftmh.dll [2007-10-18 01:42 339968] [HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\igmtftmh.dll [2007-10-18 01:42 339968] [HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2004-06-23 21:28] "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 10:33] "Logitech Utility"="Logi_MwX.Exe" [2002-11-08 05:50 C:\WINDOWS\LOGI_MWX.EXE] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-22 21:05] "RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2004-09-25 01:37] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 09:21] "vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe " [2005-06-23 19:27] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-07-07 10:55] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 16:24] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-08 03:51] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.e xe" [2004-08-04 00:31] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScI nst.exe" [2004-08-04 00:31] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT \TINTSETP.exe" [2004-08-04 00:32] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TIN TSETP.exe" [2004-08-04 00:32] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 05:43] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 22:49] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56] "BitTorrent DNA"="C:\Program Files\BitTorrent_DNA\dna.exe" [2007-07-25 23:42] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks] "{C92B957B-4767-4E53-A63C-1E547C35F0C6}"= C:\WINDOWS\system32\nnnkkhi.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igmtftmh] igmtftmh.dll 2007-10-18 01:42 339968 C:\WINDOWS\system32\igmtftmh.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnkkhi] nnnkkhi.dll R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viam raid.sys R1 DVDVRRdr_xp;DVDVRRdr_xp;C:\WINDOWS\system32\driver s\DVDVRRdr_xp.sys R1 UDFReadr;UDFReadr;C:\WINDOWS\system32\drivers\UDFR eadr.sys R3 GETNDIS;VIA Networking Velocity Family Giga-bit Ethernet Adapter Driver;C:\WINDOWS\system32\DRIVERS\getnd5b.sys R3 SRS_SSCFilter;SRS Labs Audio Sandbox (WDM);C:\WINDOWS\system32\drivers\srs_sscfilter_i3 86.sys S3 AmdTools;AMD Special Tools Driver;C:\WINDOWS\system32\DRIVERS\AmdTools.sys S3 ASPI;Advanced SCSI Programming Interface Driver;\??\C:\WINDOWS\System32\DRIVERS\ASPI32.sys S3 IPN2120;Instant Wireless-B PCI Adapter Driver;C:\WINDOWS\system32\DRIVERS\LSIPNDS.sys S3 jlock101;jlock101;\??\C:\WINDOWS\system32\jlock101 .sys S3 npkycryp;npkycryp;\??\C:\Program Files\Gravity\RO\npkycryp.sys S3 SetupNTGLM7X;SetupNTGLM7X;\??\D:\NTGLM7X.sys S3 XDva005;XDva005;\??\C:\WINDOWS\system32\XDva005.sy s S3 XDva007;XDva007;\??\C:\WINDOWS\system32\XDva007.sy s S3 XDva008;XDva008;\??\C:\WINDOWS\system32\XDva008.sy s S3 XDva009;XDva009;\??\C:\WINDOWS\system32\XDva009.sy s S3 XDva020;XDva020;\??\C:\WINDOWS\system32\XDva020.sy s S3 XDva021;XDva021;\??\C:\WINDOWS\system32\XDva021.sy s S3 XDva025;XDva025;\??\C:\WINDOWS\system32\XDva025.sy s S3 XDva026;XDva026;\??\C:\WINDOWS\system32\XDva026.sy s S3 XDva028;XDva028;\??\C:\WINDOWS\system32\XDva028.sy s . Contents of the 'Scheduled Tasks' folder "2005-07-01 13:07:30 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE . ************************************************** ************************ catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-19 15:23:25 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ . Completion time: 2007-10-19 15:25:39 . --- E O F --- |
#6
|
||||
|
||||
Disable your antivirus program and go here (http://www.eset.com/onlinescan/) and run an online scan using ESET Online Scanner (you will need to use Internet Explorer for this scan). If you accept the Terms of Use, check the box and click Start. After the ActiveX Control has loaded, it will take a couple minutes for the scanner to get ready. Next, check the following boxes:
Remove found threats Scan unwanted applications Click Start. This scan may take a while, so please be patient. Go to C:\Program Files\EsetOnlineScanner\ and open the file log.txt. Click Edit - Select All then copy/paste that log back here. |
#7
|
||||
|
||||
Okay here's my log for that. And as an update I turned on windows firewall, since it was off for some reason...I thought I turned it on to replace the other. So thats on, I had Lavasoft Adware Removal installed so I used it to clean away somethings so far...hmm worked alittle. I even tried to do a virus scan and again I found the Trojan_Vundo...I don't know if it's still there, but I'll wait for your reply on this report. Thank you for trying to help me though.
# version=4 # OnlineScanner.ocx=1.0.0.56 # OnlineScannerDLLA.dll=1, 0, 0, 51 # OnlineScannerDLLW.dll=1, 0, 0, 51 # OnlineScannerUninstaller.exe=1, 0, 0, 49 # vers_standard_module=2604 (20071019) # vers_arch_module=1.058 (20070906) # vers_adv_heur_module=1.066 (20070917) # EOSSerial=8537f618d9229245ae8b2c36d28a61b2 # end=finished # remove_checked=true # unwanted_checked=true # utc_time=2007-10-20 05:36:01 # local_time=2007-10-20 12:36:01 (-0600, Central Daylight Time) # country="United States" # osver=5.1.2600 NT Service Pack 2 # scanned=280102 # found=12 # scan_time=4835 C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk Win32/Adware.SecToolbar application (unable to clean - deleted) 00000000000000000000000000000000 C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk Win32/Adware.SecToolbar application (unable to clean - deleted) 00000000000000000000000000000000 C:\Documents and Settings\Collette\Desktop\Live Safety Center.lnk Win32/Adware.SecToolbar application (unable to clean - deleted) 00000000000000000000000000000000 C:\Documents and Settings\Collette\Desktop\Online Security Guide.lnk Win32/Adware.SecToolbar application (unable to clean - deleted) 00000000000000000000000000000000 C:\Documents and Settings\Collette\Favorites\Online Security Guide.lnk Win32/Adware.SecToolbar application (unable to clean - deleted) 00000000000000000000000000000000 C:\qoobox\Quarantine\C\Program Files\Hammer.dll.vir Win32/Adware.SecToolbar application (unable to clean - deleted) 00000000000000000000000000000000 C:\qoobox\Quarantine\C\WINDOWS\system32\oxycdjrm.d ll.vir Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000 C:\WINDOWS\system32\hfagcmia.exe Win32/Adware.SecToolbar application (unable to clean - deleted) 00000000000000000000000000000000 C:\WINDOWS\system32\iglaivow.dll Win32/Adware.SecToolbar application (unable to clean - deleted) 00000000000000000000000000000000 C:\WINDOWS\system32\igmtftmh.dll Win32/Adware.SecToolbar application (unable to clean - deleted (after the next restart)) 650E83AE6756865B0570EF2C52A2507D C:\WINDOWS\system32\ofygotgt.exe Win32/Adware.SecToolbar application (unable to clean - deleted) 00000000000000000000000000000000 C:\WINDOWS\system32\uxgcuxaq.exe Win32/Adware.SecToolbar application (unable to clean - deleted) 00000000000000000000000000000000 |
#8
|
||||
|
||||
Please download VundoFix.exe to your desktop.
* Double-click VundoFix.exe to run it. * Click the Scan for Vundo button. * Once it's done scanning, click the Remove Vundo button. * You will receive a prompt asking if you want to remove the files, click YES * Once you click yes, your desktop will go blank as it starts removing Vundo. * When completed, it will prompt that it will reboot your computer, click OK. * Please post the contents of C:\vundofix.txt. Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot. After the reboot, Disable your antivirus program and go here and run an online scan with BitDefender (you will need to use Internet Explorer for this scan). When the ActiveX Control has loaded, click on "Click here to scan" and grab a coffee. When BitDefender completes the scan, select the "Detected Problems" tab. Click on "Click here to export scan". Save the file as an HTML to your Desktop. Then click on the saved file and allow it to open with your browser. Go to Edit - Select All. Then copy/paste that log back here, along with the contents of C:\vundofix.txt and a new HijackThis log please. |
#9
|
||||
|
||||
VundoFix V6.5.10
Checking Java version... Java version is 1.5.0.3 Old versions of java are exploitable and should be removed. Java version is 1.5.0.6 Old versions of java are exploitable and should be removed. Java version is 1.5.0.9 Old versions of java are exploitable and should be removed. Scan started at 2:49:30 PM 10/20/2007 Listing files found while scanning.... C:\WINDOWS\system32\igmtftmh.dll Beginning removal... Performing Repairs to the registry. Done! --------------------------------------------- BitDefender Online Scanner Scan report generated at: Sat, Oct 20, 2007 - 16:42:17 Scan path: A:\;C:\;D:\;E:\; Statistics Time 01:39:05 Files 257278 Folders 6813 Boot Sectors 2 Archives 1177 Packed Files 8614 Results Identified Viruses 7 Infected Files 20 Suspect Files 0 Warnings 0 Disinfected 0 Deleted Files 25 Engines Info Virus Definitions 853480 Engine build AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36) Scan plugins 14 Archive plugins 38 Unpack plugins 7 E-mail plugins 6 System plugins 1 Scan Settings First Action Disinfect Second Action Delete Heuristics Yes Enable Warnings Yes Scanned Extensions *; Exclude Extensions Scan Emails Yes Scan Archives Yes Scan Packed Yes Scan Files Yes Scan Boot Yes Scanned File Status C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\085C0000\4F5C3EF3.VBN=>(Qua rantine-PE)Infected with: Trojan.Clicker.Agent.NP C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\085C0000\4F5C3EF3.VBN=>(Qua rantine-PE) Disinfection failed C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\085C0000\4F5C3EF3.VBN=>(Qua rantine-PE) Deleted C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\091C0000.VBN=>(Quarantine-PE) Detected with: Adware.Virtumonde.GGZ C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\091C0000.VBN=>(Quarantine-PE) Disinfection failed C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\091C0000.VBN=>(Quarantine-PE) Deleted C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C940000\4F96FA7D.VBN=>(Qua rantine-PE) Infected with: Trojan.Clicker.Agent.NP C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C940000\4F96FA7D.VBN=>(Qua rantine-PE) Disinfection failed C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C940000\4F96FA7D.VBN=>(Qua rantine-PE) Deleted C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E540000.VBN=>(Quarantine-PE) Infected with: Trojan.Clicker.Agent.NP C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E540000.VBN=>(Quarantine-PE) Disinfection failed C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E540000.VBN=>(Quarantine-PE) Deleted C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300000\4FB7A50C.VBN=>(Qua rantine-PE) Infected with: Trojan.FakeAlert.DO C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300000\4FB7A50C.VBN=>(Qua rantine-PE) Disinfection failed C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300000\4FB7A50C.VBN=>(Qua rantine-PE) Deleted C:\qoobox\Quarantine\C\RECYCLER\winow.dll.vir Infected with: Generic.PWS.WoW.0B0BEBD9 C:\qoobox\Quarantine\C\RECYCLER\winow.dll.vir Disinfection failed C:\qoobox\Quarantine\C\RECYCLER\winow.dll.vir Deleted C:\qoobox\Quarantine\C\RECYCLER\winow.exe.vir Infected with: DeepScan:Generic.PWS.WoW.B5FA72DA C:\qoobox\Quarantine\C\RECYCLER\winow.exe.vir Disinfection failed C:\qoobox\Quarantine\C\RECYCLER\winow.exe.vir Deleted C:\qoobox\Quarantine\C\WINDOWS\rising454.exe.vir Infected with: DeepScan:Generic.PWS.WoW.B5FA72DA C:\qoobox\Quarantine\C\WINDOWS\rising454.exe.vir Disinfection failed C:\qoobox\Quarantine\C\WINDOWS\rising454.exe.vir Deleted C:\qoobox\Quarantine\C\WINDOWS\rising736.exe.vir Infected with: DeepScan:Generic.PWS.WoW.B5FA72DA C:\qoobox\Quarantine\C\WINDOWS\rising736.exe.vir Disinfection failed C:\qoobox\Quarantine\C\WINDOWS\rising736.exe.vir Deleted C:\qoobox\Quarantine\C\WINDOWS\rising778.exe.vir Infected with: DeepScan:Generic.PWS.WoW.B5FA72DA C:\qoobox\Quarantine\C\WINDOWS\rising778.exe.vir Disinfection failed C:\qoobox\Quarantine\C\WINDOWS\rising778.exe.vir Deleted C:\qoobox\Quarantine\C\WINDOWS\system32\incplhkv.d ll.vir Infected with: Trojan.Vundo.DNR C:\qoobox\Quarantine\C\WINDOWS\system32\incplhkv.d ll.vir Disinfection failed C:\qoobox\Quarantine\C\WINDOWS\system32\incplhkv.d ll.vir Deleted C:\qoobox\Quarantine\C\WINDOWS\system32\SVCH0ST.EX E.vir Infected with: Generic.Rincux.D49D5F2D C:\qoobox\Quarantine\C\WINDOWS\system32\SVCH0ST.EX E.vir Disinfection failed C:\qoobox\Quarantine\C\WINDOWS\system32\SVCH0ST.EX E.vir Deleted C:\System Volume Information\_restore{D78B07B9-C615-45ED-AF01-B38B6ACBB3A8}\RP2\A0000007.exe Infected with: DeepScan:Generic.PWS.WoW.B5FA72DA C:\System Volume Information\_restore{D78B07B9-C615-45ED-AF01-B38B6ACBB3A8}\RP2\A0000007.exe Disinfection failed C:\System Volume Information\_restore{D78B07B9-C615-45ED-AF01-B38B6ACBB3A8}\RP2\A0000007.exe Deleted C:\System Volume Information\_restore{D78B07B9-C615-45ED-AF01-B38B6ACBB3A8}\RP2\A0000008.exe Infected with: DeepScan:Generic.PWS.WoW.B5FA72DA C:\System Volume Information\_restore{D78B07B9-C615-45ED-AF01-B38B6ACBB3A8}\RP2\A0000008.exe Disinfection failed C:\System Volume Information\_restore{D78B07B9-C615-45ED-AF01-B38B6ACBB3A8}\RP2\A0000008.exe Deleted C:\System Volume Information\_restore{D78B07B9-C615-45ED-AF01-B38B6ACBB3A8}\RP2\A0000009.exe Infected with: DeepScan:Generic.PWS.WoW.B5FA72DA C:\System Volume Information\_restore{D78B07B9-C615-45ED-AF01-B38B6ACBB3A8}\RP2\A0000009.exe Disinfection failed C:\System Volume Information\_restore{D78B07B9-C615-45ED-AF01-B38B6ACBB3A8}\RP2\A0000009.exe Deleted C:\System Volume Information\_restore{D78B07B9-C615-45ED-AF01-B38B6ACBB3A8}\RP2\A0000010.dll Infected with: Generic.PWS.WoW.0B0BEBD9 C:\System Volume Information\_restore{D78B07B9-C615-45ED-AF01-B38B6ACBB3A8}\RP2\A0000010.dll Disinfection failed C:\System Volume Information\_restore{D78B07B9-C615-45ED-AF01-B38B6ACBB3A8}\RP2\A0000010.dll Deleted C:\System Volume Information\_restore{D78B07B9-C615-45ED-AF01-B38B6ACBB3A8}\RP2\A0000011.exe Infected with: DeepScan:Generic.PWS.WoW.B5FA72DA C:\System Volume Information\_restore{D78B07B9-C615-45ED-AF01-B38B6ACBB3A8}\RP2\A0000011.exe Disinfection failed C:\System Volume Information\_restore{D78B07B9-C615-45ED-AF01-B38B6ACBB3A8}\RP2\A0000011.exe Deleted C:\System Volume Information\_restore{D78B07B9-C615-45ED-AF01-B38B6ACBB3A8}\RP2\A0000013.dll Infected with: Trojan.Vundo.DNR C:\System Volume Information\_restore{D78B07B9-C615-45ED-AF01-B38B6ACBB3A8}\RP2\A0000013.dll Disinfection failed C:\System Volume Information\_restore{D78B07B9-C615-45ED-AF01-B38B6ACBB3A8}\RP2\A0000013.dll Deleted C:\System Volume Information\_restore{D78B07B9-C615-45ED-AF01-B38B6ACBB3A8}\RP2\A0000014.dll Infected with: Trojan.Vundo.DNR C:\System Volume Information\_restore{D78B07B9-C615-45ED-AF01-B38B6ACBB3A8}\RP2\A0000014.dll Disinfection failed C:\System Volume Information\_restore{D78B07B9-C615-45ED-AF01-B38B6ACBB3A8}\RP2\A0000014.dll Deleted C:\System Volume Information\_restore{D78B07B9-C615-45ED-AF01-B38B6ACBB3A8}\RP2\A0000021.EXE Infected with: Generic.Rincux.D49D5F2D C:\System Volume Information\_restore{D78B07B9-C615-45ED-AF01-B38B6ACBB3A8}\RP2\A0000021.EXE Disinfection failed C:\System Volume Information\_restore{D78B07B9-C615-45ED-AF01-B38B6ACBB3A8}\RP2\A0000021.EXE Deleted ----------------------------------------------- |
#10
|
||||
|
||||
The computer seems to be feeling a lot better now, this is a really good thing. I'm glad I stayed sane through all of this =), I hope things are fixed so far. Sorry for the double post, it wouldn't let me put this all together with the others since there were too many characters.
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:04:17 PM, on 10/20/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\Program Files\VIAudioi\SBADeck\ADeck.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\BitTorrent_DNA\dna.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Free Download Manager\fdm.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe C:\DOCUME~1\Collette\LOCALS~1\Temp\Adobelm_Cleanup .0001 C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe C:\DOCUME~1\Collette\LOCALS~1\Temp\Adobelm_Cleanup .0001 C:\WINDOWS\system32\msiexec.exe C:\Documents and Settings\Collette\Desktop\HiJackThis.exe R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O1 - Hosts: 87.117.202.117 nprotect.roseonlinegame.com O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll O2 - BHO: (no name) - {6A68DF9A-2F18-4C0A-9D7F-F8596B1F535C} - C:\WINDOWS\system32\ddccy.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: (no name) - {C92B957B-4767-4E53-A63C-1E547C35F0C6} - C:\WINDOWS\system32\nnnkkhi.dll (file missing) O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file) O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1 O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\BitTorrent_DNA\dna.exe" O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Collette\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://fishingchamp.gamescampus.com/...amesCampus.cab O16 - DPF: {0835BC90-6ABC-4F52-A103-4FC3A61F2C33} (A18X Control) - http://www.albatross18.com/season2/cabs/A18X.ocx O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://pcpitstop.com/internet/pcpConnCheck.cab O16 - DPF: {20050325-D35A-4233-926E-2E801AE25949} (NMJPStarter15 Class) - http://www.netmarble.jp/_common/cab/NMStarterJP6.cab O16 - DPF: {207048D8-A40B-4505-AE24-92FF13BEB269} (myDancerCTL Class) - http://web.spaceillusion.com/help/myDancer1020.cab O16 - DPF: {2CDD22B9-FC0F-46B9-A2FA-BCCFFA7F87F3} (ActiveJoy Control) - http://www.wydglobal.com/JKeySecret/ActiveJoy3.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {377FF862-62E0-4F33-B6E5-F58E0BC0F209} (NlsComm Component Class) - http://login.hanbiton.com/cab/NLSnSSO.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - http://www.e-games.com.my/com/EGamesPlugin.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by7fd.bay7.hotmail.msn.com/re...s/MsnPUpld.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/game...lugin11USA.cab O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://file.netmarble.jp/Control/NMJTransX.cab O16 - DPF: {7C564BC7-73BD-4750-A90A-8FF2D8C8C64B} (SysInfo Control) - http://www.cabal.co.kr/Include/SysInfo.cab O16 - DPF: {7D1AC43C-FDD7-4F4D-8A74-BD315320569B} (GSystemInfo Control) - http://www.ragnarok2.co.kr/cab1/GSystemInfo.cab O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/activex/d...rsion=1,0,0,10 O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalgamecdn.com/dist/n...fyLauncher.cab O16 - DPF: {AB4ADC0F-2B4B-4B08-8B5C-CA4D6188A180} (P3Xfer Loader Class) - http://config.hyosungcdn.com/download/p3xset.cab O16 - DPF: {AEFD1FBF-F311-4A6F-A360-B5BCC74BE3EE} (SpriteCtrl Class) - http://www.mysprite.com/sprite/bin/Sprite.cab O16 - DPF: {B3FE4217-1335-4D02-A7C0-9A5CE9E6640E} (MADanalCtrl Control) - http://www.ohdio.com/common/ctrl/MADanalCtrl2.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab O16 - DPF: {BCA9A936-F557-408E-8301-D5B2B302EFD6} (SiUpdaterCtrl Class) - http://web.spaceillusion.com/help/iDanceUpdater1020.cab O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} (HanSetupCtrl1010 Class) - http://gzs.hangame.com/common/HanSetup1010.cab O16 - DPF: {C8F5F737-2683-40B8-BFB6-47B15AC20A79} (Game Starter Control) - https://service.gamania.co.jp/auth/c...1/lcjggame.cab O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/contr...terActiveX.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://my.levelupgames.ph/keycrypt/npkcx.cab O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.tricksteronline.com/contr...tComponent.cab O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/game...lugin10USA.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab O20 - Winlogon Notify: igmtftmh - igmtftmh.dll (file missing) O20 - Winlogon Notify: nnnkkhi - nnnkkhi.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe -- End of file - 15907 bytes |
#11
|
||||
|
||||
Open Hijackthis.
Click Config - Misc Tools - Open Uninstall Manager. A list of the entries in Add/Remove programs will appear. Click on Save List... The list will be saved as 'Uninstall_list.txt' Copy & Paste the contents back here for review. |
#12
|
||||
|
||||
??? ?? ????
ABBYY FineReader 5.0 Sprint AC3Filter (remove only) Ad-Aware 2007 Adobe Bridge 1.0 Adobe Common File Installer Adobe Flash Player ActiveX Adobe Flash Player Plugin Adobe Help Center 1.0 Adobe Photoshop CS2 Adobe Reader 8.1.0 Adobe Shockwave Player Adobe Stock Photos 1.0 Adobe® Photoshop® Album Starter Edition 3.2 Ares 2.0.9 ATI - Software Uninstall Utility ATI Catalyst Control Center ATI Control Panel ATI Display Driver ATI HYDRAVISION Azureus Vuze BitZip (remove only) DivX Codec DivX Content Uploader DivX Converter DivX Player DivX Web Player ESET Online Scanner Fraps Free Download Manager 2.1 getPlus(R)_ocx Google Toolbar for Internet Explorer Google Toolbar for Internet Explorer HijackThis 2.0.2 Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows XP (KB926239) IGN Download Manager 2.3.2 InfernoRose iTunes J2SE Runtime Environment 5.0 Update 3 J2SE Runtime Environment 5.0 Update 6 J2SE Runtime Environment 5.0 Update 9 Java(TM) 6 Update 2 Java(TM) 6 Update 3 Java(TM) SE Runtime Environment 6 Update 1 KSignAccessToolkit v1.0 Lexmark X1100 Series LiveUpdate 2.6 (Symantec Corporation) Logitech iTouch Software Logitech MouseWare 9.75 Microsoft .NET Framework 1.1 Microsoft .NET Framework 2.0 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Office XP Professional Microsoft Speech SDK 5.1 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable Microsoft Windows XP Video Decoder Checkup Utility Microsoft XML Parser and SDK Mozilla Firefox (2.0.0.6) MP3 Remix Player Standalone MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) nProtect KeyCrypt Project64 1.6 QuickTime RealPlayer Rose Online Evolution Roxio Easy Media Creator 7 Basic VCD Edition Rumble Fighter Security Update for Microsoft .NET Framework 2.0 (KB928365) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893066) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB896688) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899588) Security Update for Windows XP (KB899589) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901190) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB905915) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB908531) Security Update for Windows XP (KB911280) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912812) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913446) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB916281) Security Update for Windows XP (KB917159) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB918899) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920214) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB921503) Security Update for Windows XP (KB921883) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB922760) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923694) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925454) Security Update for Windows XP (KB925486) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928090) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB929969) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931768) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB933566) Security Update for Windows XP (KB933729) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Security Update for Windows XP (KB936021) Security Update for Windows XP (KB937143) Security Update for Windows XP (KB938127) Security Update for Windows XP (KB938829) Security Update for Windows XP (KB939653) Security Update for Windows XP (KB941202) Solid State ION Internet Explorer Plugin SpywareBlaster v3.5.1 SRS Audio Sandbox Symantec Client Security Update for Windows XP (KB894391) Update for Windows XP (KB896727) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB910437) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB927891) Update for Windows XP (KB929338) Update for Windows XP (KB930916) Update for Windows XP (KB931836) Update for Windows XP (KB933360) Update for Windows XP (KB938828) VIA Audio Driver Setup Program Viewpoint Media Player Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) Windows Installer 3.1 (KB893803) Windows Media Format 11 runtime Windows Media Format 11 runtime Windows XP Hotfix - KB873333 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB885884 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 Windows XP Hotfix - KB893086 Windows XP Service Pack 2 WinRAR archiver WinZip 11.1 XviD 1.1 final uninstall Yahoo! Anti-Spy Yahoo! Browser Services Yahoo! Mail Yahoo! Messenger Yahoo! Toolbar Zuma Deluxe 1.0 |
#13
|
||||
|
||||
Click Start>Control Panel>Add/Remove Programs
Uninstall the following programs: J2SE Runtime Environment 5.0 Update 3 J2SE Runtime Environment 5.0 Update 6 J2SE Runtime Environment 5.0 Update 9 Java(TM) 6 Update 2 Java(TM) 6 Update 3 Java(TM) SE Runtime Environment 6 Update 1 REBOOT Install the latest version of java from here Post a new HijackThis log. |
#14
|
||||
|
||||
Sorry for the delay, net has been down for a day and a half around where I live.
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:57:55 PM, on 10/23/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\VIAudioi\SBADeck\ADeck.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\BitTorrent_DNA\dna.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\WgaTray.exe C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Windows Media Player\wmplayer.exe C:\Documents and Settings\Collette\Desktop\HiJackThis.exe R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O1 - Hosts: 87.117.202.117 nprotect.roseonlinegame.com O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll O2 - BHO: (no name) - {6A68DF9A-2F18-4C0A-9D7F-F8596B1F535C} - C:\WINDOWS\system32\ddccy.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: (no name) - {C92B957B-4767-4E53-A63C-1E547C35F0C6} - C:\WINDOWS\system32\nnnkkhi.dll (file missing) O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file) O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1 O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\BitTorrent_DNA\dna.exe" O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Collette\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://fishingchamp.gamescampus.com/...amesCampus.cab O16 - DPF: {0835BC90-6ABC-4F52-A103-4FC3A61F2C33} (A18X Control) - http://www.albatross18.com/season2/cabs/A18X.ocx O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://pcpitstop.com/internet/pcpConnCheck.cab O16 - DPF: {20050325-D35A-4233-926E-2E801AE25949} (NMJPStarter15 Class) - http://www.netmarble.jp/_common/cab/NMStarterJP6.cab O16 - DPF: {207048D8-A40B-4505-AE24-92FF13BEB269} (myDancerCTL Class) - http://web.spaceillusion.com/help/myDancer1020.cab O16 - DPF: {2CDD22B9-FC0F-46B9-A2FA-BCCFFA7F87F3} (ActiveJoy Control) - http://www.wydglobal.com/JKeySecret/ActiveJoy3.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {377FF862-62E0-4F33-B6E5-F58E0BC0F209} (NlsComm Component Class) - http://login.hanbiton.com/cab/NLSnSSO.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - http://www.e-games.com.my/com/EGamesPlugin.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by7fd.bay7.hotmail.msn.com/re...s/MsnPUpld.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/game...lugin11USA.cab O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://file.netmarble.jp/Control/NMJTransX.cab O16 - DPF: {7C564BC7-73BD-4750-A90A-8FF2D8C8C64B} (SysInfo Control) - http://www.cabal.co.kr/Include/SysInfo.cab O16 - DPF: {7D1AC43C-FDD7-4F4D-8A74-BD315320569B} (GSystemInfo Control) - http://www.ragnarok2.co.kr/cab1/GSystemInfo.cab O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/activex/d...rsion=1,0,0,10 O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalgamecdn.com/dist/n...fyLauncher.cab O16 - DPF: {AB4ADC0F-2B4B-4B08-8B5C-CA4D6188A180} (P3Xfer Loader Class) - http://config.hyosungcdn.com/download/p3xset.cab O16 - DPF: {AEFD1FBF-F311-4A6F-A360-B5BCC74BE3EE} (SpriteCtrl Class) - http://www.mysprite.com/sprite/bin/Sprite.cab O16 - DPF: {B3FE4217-1335-4D02-A7C0-9A5CE9E6640E} (MADanalCtrl Control) - http://www.ohdio.com/common/ctrl/MADanalCtrl2.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab O16 - DPF: {BCA9A936-F557-408E-8301-D5B2B302EFD6} (SiUpdaterCtrl Class) - http://web.spaceillusion.com/help/iDanceUpdater1020.cab O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} (HanSetupCtrl1010 Class) - http://gzs.hangame.com/common/HanSetup1010.cab O16 - DPF: {C8F5F737-2683-40B8-BFB6-47B15AC20A79} (Game Starter Control) - https://service.gamania.co.jp/auth/c...1/lcjggame.cab O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/contr...terActiveX.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://my.levelupgames.ph/keycrypt/npkcx.cab O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.tricksteronline.com/contr...tComponent.cab O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/game...lugin10USA.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab O20 - Winlogon Notify: igmtftmh - igmtftmh.dll (file missing) O20 - Winlogon Notify: nnnkkhi - nnnkkhi.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe -- End of file - 15617 bytes |
#15
|
||||
|
||||
Run HijackThis and check the following:
O2 - BHO: (no name) - {6A68DF9A-2F18-4C0A-9D7F-F8596B1F535C} - C:\WINDOWS\system32\ddccy.dll (file missing) O2 - BHO: (no name) - {C92B957B-4767-4E53-A63C-1E547C35F0C6} - C:\WINDOWS\system32\nnnkkhi.dll (file missing) O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file) O20 - Winlogon Notify: igmtftmh - igmtftmh.dll (file missing) O20 - Winlogon Notify: nnnkkhi - nnnkkhi.dll (file missing) Click FIX CHECKED Post a new HijackThis log and let me know how your system is running. |
Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
Malware issue? | werkshop | Malware Removal | 12 | February 18th, 2014 11:30 AM |
Malware issue | Quetzal59 | Windows XP | 6 | April 19th, 2011 12:04 PM |
Possible Malware Issue | sylphie | Malware Removal | 6 | December 7th, 2010 01:10 PM |
Firewall issue? Malware issue? | Dave441 | Malware Removal | 1 | June 10th, 2009 05:16 AM |
HJT possible malware issue... | Ora | Malware Removal | 13 | October 5th, 2007 01:11 AM |
All times are GMT +1. The time now is 08:05 PM.