Go Back   Cyber Tech Help Support Forums > Software > Malware Removal
Reload this Page Serious Issue with malware!!
Register FAQ Calendar Today's Active Topics Search

Notices

Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs

Reply
Page 1 of 2 1 2
 
Topic Tools
  #1  
Old October 19th, 2007, 02:50 AM
KronoSfear's Avatar
KronoSfear KronoSfear is offline
Member
  
Join Date: Apr 2005
Posts: 92
Serious Issue with malware!!
I have a serious problem, and I'm getting so mad right now it's not even something to smile over. My computer has been infected with some malware, spyware, and a trojan....I had removed one called Trojan_Vundo. It started to happen yesterday, system gave alerts about it and I don't know what could have happened.

So I checked the Symantec Security system, it was a big joke to me in a really bad way. There is no security anymore, it's missing the Symantec Client Security.msi file. I realized why it was that way cause of the fact it was deleted by accident, which one day I was trying to prevent. It's a really long story...

Now what p-sses me off the most is the fact, that the person who built it...really didn't leave anything behind. This isn't really my computer, but I try to treat it like it's mine...I'm bothered mostly because I had no CD to even try and re-install the anti-virus...so lately I had been carefully surfing the nets. I always try to keep away from areas I don't need to be, I stay near the clean zones.

But somehow it snagged something and started acting up yesterday. I even tried to restore it, but there was no use...since there was no checkpoint past the date. Right now I have this Security Toolbar on the IE...I get these pop ups that talk about the threats. I'm royaly p.oed and I really want to find away to fix this.

These are the noted harms I've come across:
NetWorm-1.Virus@fp
PSW.x-Virtrojan.
Trojan-Spy.win32@mx

Aside from that, here is my Hijackthis Log...please help me with this. I'm going to have to buy Symantec and re-install it to get things set up, I just want to remove the harm first before I can do anything else..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:23:54 PM, on 10/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitTorrent_DNA\dna.exe
C:\Program Files\Microsoft Office\Office10\OSA.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Collette\Desktop\HiJackThis.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\MsiExec.exe
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O1 - Hosts: 87.117.202.117 nprotect.roseonlinegame.com
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\igmtftmh.dll
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\pdkhbapr.dll",sitypnow
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\BitTorrent_DNA\dna.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Collette\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://fishingchamp.gamescampus.com/...amesCampus.cab
O16 - DPF: {0835BC90-6ABC-4F52-A103-4FC3A61F2C33} (A18X Control) - http://www.albatross18.com/season2/cabs/A18X.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {20050325-D35A-4233-926E-2E801AE25949} (NMJPStarter15 Class) - http://www.netmarble.jp/_common/cab/NMStarterJP6.cab
O16 - DPF: {207048D8-A40B-4505-AE24-92FF13BEB269} (myDancerCTL Class) - http://web.spaceillusion.com/help/myDancer1020.cab
O16 - DPF: {2CDD22B9-FC0F-46B9-A2FA-BCCFFA7F87F3} (ActiveJoy Control) - http://www.wydglobal.com/JKeySecret/ActiveJoy3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {377FF862-62E0-4F33-B6E5-F58E0BC0F209} (NlsComm Component Class) - http://login.hanbiton.com/cab/NLSnSSO.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - http://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by7fd.bay7.hotmail.msn.com/re...s/MsnPUpld.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/game...lugin11USA.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab
O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://file.netmarble.jp/Control/NMJTransX.cab
O16 - DPF: {7C564BC7-73BD-4750-A90A-8FF2D8C8C64B} (SysInfo Control) - http://www.cabal.co.kr/Include/SysInfo.cab
O16 - DPF: {7D1AC43C-FDD7-4F4D-8A74-BD315320569B} (GSystemInfo Control) - http://www.ragnarok2.co.kr/cab1/GSystemInfo.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/activex/d...rsion=1,0,0,10
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalgamecdn.com/dist/n...fyLauncher.cab
O16 - DPF: {AB4ADC0F-2B4B-4B08-8B5C-CA4D6188A180} (P3Xfer Loader Class) - http://config.hyosungcdn.com/download/p3xset.cab
O16 - DPF: {AEFD1FBF-F311-4A6F-A360-B5BCC74BE3EE} (SpriteCtrl Class) - http://www.mysprite.com/sprite/bin/Sprite.cab
O16 - DPF: {B3FE4217-1335-4D02-A7C0-9A5CE9E6640E} (MADanalCtrl Control) - http://www.ohdio.com/common/ctrl/MADanalCtrl2.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {BCA9A936-F557-408E-8301-D5B2B302EFD6} (SiUpdaterCtrl Class) - http://web.spaceillusion.com/help/iDanceUpdater1020.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} (HanSetupCtrl1010 Class) - http://gzs.hangame.com/common/HanSetup1010.cab
O16 - DPF: {C8F5F737-2683-40B8-BFB6-47B15AC20A79} (Game Starter Control) - https://service.gamania.co.jp/auth/c...1/lcjggame.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/contr...terActiveX.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://my.levelupgames.ph/keycrypt/npkcx.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.tricksteronline.com/contr...tComponent.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/game...lugin10USA.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
--
End of file - 14133 bytes

Reply With Quote
  #2  
Old October 19th, 2007, 02:59 AM
dahli's Avatar
dahli dahli is offline
CTH Subscriber
  
Join Date: Oct 2004
Location: in a van down by the river
Posts: 5,335
Hello KronoSfear,


Download combofix.exe to your Desktop.

Doubleclick on combofix.exe and follow the prompts. A window will open with a warning. Type "1" (and Enter) to start the fix. When the scan completes, Disk Cleanup will run and then a text window with your log will open. Please copy and paste that log back here.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.


Also go here and download Silent Runners.vbs (use IE to download it) to a new folder on your drive and run it. It generates a log too. It takes a minute or two and it will notify you with a popup when your log is ready (it will be in the new folder you created). Please post the information back in this thread. If your AV queries the script, allow it to run. It's not malicious.
Reply With Quote
  #3  
Old October 19th, 2007, 04:26 AM
KronoSfear's Avatar
KronoSfear KronoSfear is offline
Member
  
Join Date: Apr 2005
Posts: 92
Well I tried the first one, but this is what I get before it allows me to scan anything.


But I did the silent runner scan and here is the log for it.

"Silent Runners.vbs", revision 52, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run \ {++}
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"Yahoo! Pager" = ""C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet" ["Yahoo! Inc."]
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"BitTorrent DNA" = ""C:\Program Files\BitTorrent_DNA\dna.exe"" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run \ {++}
"AudioDeck" = "C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1" ["VIA Technologies, Inc."]
"zBrowser Launcher" = "C:\Program Files\Logitech\iTouch\iTouch.exe" ["Logitech Inc."]
"Logitech Utility" = "Logi_MwX.Exe" ["Logitech Inc."]
"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"RoxioDragToDisc" = ""C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"" ["Roxio"]
"ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"vptray" = "C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe" ["Symantec Corporation"]
"ATICCC" = ""C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay" [null data]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"IMJPMIG8.1" = ""C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32" [MS]
"MSPY2002" = "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC" [null data]
"PHIME2002ASync" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC" [MS]
"PHIME2002A" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName" [MS]
"Adobe Photo Downloader" = ""C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"" ["Adobe Systems Incorporated"]
"Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]
"Lexmark X1100 Series" = ""C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"" ["Lexmark International, Inc."]
"SearchIndexer" = "rundll32.exe "C:\WINDOWS\system32\oxycdjrm.dll",sitypnow" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\
{02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided)
-> {HKLM...CLSID} = "&Yahoo! Toolbar Helper"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll" ["Yahoo! Inc."]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\(Default) = (no title provided)
-> {HKLM...CLSID} = "UberButton Class"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Common\yiesrvc.dll" ["Yahoo! Inc."]
{65D886A2-7CA7-479B-BB95-14D1EFB7946A}\(Default) = (no title provided)
-> {HKLM...CLSID} = "YahooTaggedBM Class"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Common\YIeTagBm.dll" ["Yahoo! Inc."]
{6A68DF9A-2F18-4C0A-9D7F-F8596B1F535C}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\ddccy.dll" [null data]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]
{89AD4D75-2429-462e-BD4E-443F233F6033}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\beuebkqb.dll" [null data]
{A95B2816-1D7E-4561-A202-68C0DE02353A}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\igmtftmh.dll" [null data]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
{C92B957B-4767-4E53-A63C-1E547C35F0C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nnnkkhi.dll" [null data]
{CC59E0F9-7E43-44FA-9FAA-8377850BF205}\(Default) = (no title provided)
-> {HKLM...CLSID} = "FDMIECookiesBHO Class"
\InProcServer32\(Default) = "C:\Program Files\Free Download Manager\iefdmcks.dll" [null data]
{F4D76F01-7896-458a-890F-E1F05C46069F}\(Default) = "Ask Toolbar BHO"
-> {HKLM...CLSID} = "Ask Toolbar BHO"
\InProcServer32\(Default) = "C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL" ["Ask.com"]
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{0873D142-79EF-49fa-81B5-211AAC0B0A7F}" = "Target Finder Shell Extension"
-> {HKLM...CLSID} = "TargetFinderShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\Roxio\Easy Media Creator 7\Creator Classic\TargetFinder.dll" [empty string]
"{5E44E225-A408-11CF-B581-008029601108}" = "Roxio DragToDisc Shell Extension"
-> {HKLM...CLSID} = "Roxio DragToDisc Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\Shellex.dll" ["Roxio"]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{BDA77241-42F6-11d0-85E2-00AA001FE28C}" = "LDVP Shell Extensions"
-> {HKLM...CLSID} = "VpshellEx Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"]
"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"
-> {HKLM...CLSID} = "SimpleShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll" [empty string]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"
-> {HKLM...CLSID} = "YMailShellExt Class"
\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\Program Files\WinZip\wzshlstb.dll" ["WinZip Computing, S.L."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\Program Files\WinZip\wzshlstb.dll" ["WinZip Computing, S.L."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\Program Files\WinZip\wzshlstb.dll" ["WinZip Computing, S.L."]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\Program Files\WinZip\wzshlstb.dll" ["WinZip Computing, S.L."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks\
<<!>> "{C92B957B-4767-4E53-A63C-1E547C35F0C6}" = "*Z" (unwritable string)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nnnkkhi.dll" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\She llServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
<<!>> igmtftmh\DLLName = "igmtftmh.dll" [null data]
<<!>> NavLogon\DLLName = "C:\WINDOWS\System32\NavLogon.dll" ["Symantec Corporation"]
<<!>> nnnkkhi\DLLName = "nnnkkhi.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ColumnHandler s\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\Software\Classes\*\shellex\ContextMenuHandler s\
LDVPMenu\(Default) = "{BDA77241-42F6-11d0-85E2-00AA001FE28C}"
-> {HKLM...CLSID} = "VpshellEx Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\Program Files\WinZip\wzshlstb.dll" ["WinZip Computing, S.L."]
Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}"
-> {HKLM...CLSID} = "YMailShellExt Class"
\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]
HKLM\Software\Classes\Directory\shellex\ContextMen uHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\Program Files\WinZip\wzshlstb.dll" ["WinZip Computing, S.L."]
HKLM\Software\Classes\Folder\shellex\ContextMenuHa ndlers\
LDVPMenu\(Default) = "{BDA77241-42F6-11d0-85E2-00AA001FE28C}"
-> {HKLM...CLSID} = "VpshellEx Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\Program Files\WinZip\wzshlstb.dll" ["WinZip Computing, S.L."]

Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System\
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\My Documents\My Pictures\abandoned.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Collette\My Documents\My Pictures\abandoned.bmp"

Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\scrnsave.scr" [MS]

Startup items in "Collette" & "All Users" startup folders:
----------------------------------------------------------
C:\Documents and Settings\Collette\Start Menu\Programs\Startup
"Adobe Gamma" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]

Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll" ["Yahoo! Inc."]
"{F4D76F09-7896-458A-890F-E1F05C46069F}"
-> {HKLM...CLSID} = "Ask Toolbar"
\InProcServer32\(Default) = "C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL" ["Ask.com"]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"
-> {HKLM...CLSID} = "Security Toolbar"
\InProcServer32\(Default) = "C:\WINDOWS\system32\igmtftmh.dll" [null data]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll" ["Yahoo! Inc."]
"{F4D76F09-7896-458A-890F-E1F05C46069F}" = (no title provided)
-> {HKLM...CLSID} = "Ask Toolbar"
\InProcServer32\(Default) = "C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL" ["Ask.com"]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}" = (no title provided)
-> {HKLM...CLSID} = "Security Toolbar"
\InProcServer32\(Default) = "C:\WINDOWS\system32\igmtftmh.dll" [null data]
Explorer Bars
HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\(Default) = (no title provided)
-> {HKLM...CLSID} = "&Yahoo! Messenger"
\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll" ["Yahoo! Inc."]
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\(Default) = (no title provided)
-> {HKLM...CLSID} = "&Yahoo! Messenger"
\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll" ["Yahoo! Inc."]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_03"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_03"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll" ["Sun Microsystems, Inc."]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\
"ButtonText" = "Yahoo! Services"
"CLSIDExtension" = "{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}"
-> {HKLM...CLSID} = "UberButton Class"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Common\yiesrvc.dll" ["Yahoo! Inc."]
{D9288080-1BAA-4BC4-9CF8-A92D743DB949}\
"ButtonText" = "Run IMVU"
"Exec" = "C:\Documents and Settings\Collette\Start Menu\Programs\IMVU\Run IMVU.lnk" [file not found]
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]

Miscellaneous IE Hijack Points
------------------------------
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<<H>> "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "*Z" (unwritable string)
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll" ["Yahoo! Inc."]

HOSTS file
----------
C:\WINDOWS\System32\drivers\etc\HOSTS
maps: 2 domain names to IP addresses,
1 of the IP addresses is *not* localhost!

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
iPodService, iPodService, "C:\Program Files\iPod\bin\iPodService.exe" ["Apple Computer, Inc."]
IS Service, ISSVC, "C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe" ["Symantec Corporation"]
LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."]
Symantec AntiVirus, Symantec AntiVirus, ""C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe"" ["Symantec Corporation"]
Symantec AntiVirus Definition Watcher, DefWatch, ""C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe"" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Network Drivers Service, SNDSrvc, ""C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"" ["Symantec Corporation"]
Symantec SecurePort, SymSecurePort, ""C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe"" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]

Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monito rs\
Lexmark Network Port\Driver = "LEXLMPM.DLL" ["Lexmark International, Inc."]

---------- (launch time: 1899-12-30 00:00:00)
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 3401907585 seconds, including 24 seconds for message boxes)
Reply With Quote
  #4  
Old October 19th, 2007, 01:53 PM
dahli's Avatar
dahli dahli is offline
CTH Subscriber
  
Join Date: Oct 2004
Location: in a van down by the river
Posts: 5,335
Delete the previous copy of ComboFix and download a fresh copy from here
Reply With Quote
  #5  
Old October 19th, 2007, 09:34 PM
KronoSfear's Avatar
KronoSfear KronoSfear is offline
Member
  
Join Date: Apr 2005
Posts: 92
Here's the Log that I got from the ComboFix. I just want to do something about these stupid popups and...so forth...The Symantec Firewall that I have no longer works...guess it's cause of that missing file. It won't block ads or have it's firewall up...I don't know if thats the issue or not. So I may I have to talk to their tech support.
-----------------------------------------

ComboFix 07-10-19.1 - Collette 2007-10-19 15:00:55.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.126 [GMT -5:00]
Running from: C:\My Downloads\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\Guest\Application Data\macromedia\Flash Player\#SharedObjects\H297KQNA\www.broadcaster.com
C:\Documents and Settings\Guest\Application Data\macromedia\Flash Player\#SharedObjects\H297KQNA\www.broadcaster.com\played_list.sol
C:\Documents and Settings\Guest\Application Data\macromedia\Flash Player\#SharedObjects\H297KQNA\www.broadcaster.com\video_queue.sol
C:\Documents and Settings\Guest\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Guest\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Program Files\autorun.inf
C:\Program Files\Hammer.dll
C:\RECYCLER\winow.dll
C:\RECYCLER\winow.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\rising454.exe
C:\WINDOWS\rising736.exe
C:\WINDOWS\rising778.exe
C:\WINDOWS\system32\beuebkqb.dll
C:\WINDOWS\system32\incplhkv.dll
C:\WINDOWS\system32\launcher.exe
C:\WINDOWS\system32\mrjdcyxo.ini
C:\WINDOWS\system32\oxycdjrm.dll
C:\WINDOWS\system32\svch0st.exe
C:\WINDOWS\system32\vkhlpcni.ini
C:\WINDOWS\system32\yccdd.bak1
C:\WINDOWS\system32\yccdd.bak1
C:\WINDOWS\system32\yccdd.bak2
C:\WINDOWS\system32\yccdd.bak2
C:\WINDOWS\system32\yccdd.ini
C:\WINDOWS\system32\yccdd.ini
C:\WINDOWS\system32\yccdd.ini2
C:\WINDOWS\system32\yccdd.ini2
C:\WINDOWS\system32\yccdd.tmp
C:\WINDOWS\system32\yccdd.tmp
.
((((((((((((((((((((((((( Files Created from 2007-09-19 to 2007-10-19 )))))))))))))))))))))))))))))))
.
2007-10-19 14:04 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-18 03:05 389,184 --a------ C:\WINDOWS\system32\ofygotgt.exe
2007-10-18 01:42 389,184 --a------ C:\WINDOWS\system32\hfagcmia.exe
2007-10-18 01:42 339,968 --a------ C:\WINDOWS\system32\igmtftmh.dll
2007-10-18 00:38 339,968 --a------ C:\WINDOWS\system32\iglaivow.dll
2007-10-18 00:37 389,184 --a------ C:\WINDOWS\system32\uxgcuxaq.exe
2007-10-17 12:30 <DIR> d-------- C:\WINDOWS\system32\oTt02e
2007-10-17 12:30 <DIR> d-------- C:\Temp\fCOe
2007-10-17 00:53 <DIR> d-------- C:\AeriaGames
2007-10-14 16:46 <DIR> d-------- C:\Program Files\TribalGamingnet
2007-10-13 22:40 <DIR> d-------- C:\Program Files\NCSoft
2007-10-13 22:40 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-10-13 01:45 <DIR> d-------- C:\Program Files\MaxOn Soft
2007-10-12 03:57 <DIR> d-------- C:\Program Files\Neffy
2007-10-10 16:00 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\Free Download Manager
2007-10-09 14:59 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-08 01:24 <DIR> d-------- C:\Documents and Settings\Collette\Application Data\.BitZip
2007-10-08 01:23 <DIR> d-------- C:\Program Files\BitZip
2007-10-06 03:01 <DIR> d-------- C:\Program Files\BitComet
2007-10-05 23:32 43,712 --a------ C:\WINDOWS\system32\NavLogon.dll
2007-10-04 21:04 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2007-10-04 20:29 <DIR> d-------- C:\Program Files\ABBYY FineReader 5.0 Sprint
2007-10-04 20:24 <DIR> d-------- C:\Program Files\Lexmark X1100 Series
2007-10-04 01:52 <DIR> d-------- C:\Program Files\DANCE!ONLINE
2007-10-04 01:49 <DIR> d-------- C:\Fraps
2007-10-04 00:49 <DIR> d-------- C:\WINDOWS\system32\SolidStateNetworks
2007-10-03 04:18 <DIR> d-------- C:\Nexon
2007-09-28 23:06 128,488 --a------ C:\WINDOWS\system32\HGReport.dll
2007-09-28 23:06 124,360 --a------ C:\WINDOWS\system32\PubPlugin.dll
2007-09-28 01:02 <DIR> d-------- C:\Perfect World
2007-09-24 20:36 <DIR> d-------- C:\Program Files\FlashGet
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-10-19 20:21 --------- d-----w C:\Documents and Settings\Collette\Application Data\Free Download Manager
2007-10-19 20:16 --------- d-----w C:\Documents and Settings\Collette\Application Data\BitTorrent DNA
2007-10-19 18:48 --------- d-----w C:\Documents and Settings\Collette\Application Data\Azureus
2007-10-19 01:56 --------- d-----w C:\Documents and Settings\Collette\Application Data\Lavasoft
2007-10-19 01:53 --------- d-----w C:\Program Files\Symantec Client Security
2007-10-18 07:41 --------- d-----w C:\Documents and Settings\Collette\Application Data\uTorrent
2007-10-18 06:10 --------- d-----w C:\Documents and Settings\Collette\Application Data\.BitZip
2007-10-18 02:53 --------- d-----w C:\Program Files\Java
2007-10-18 02:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-17 21:34 --------- d-----w C:\Documents and Settings\Guest\Application Data\Skype
2007-10-08 05:24 --------- d-----w C:\Program Files\Azureus
2007-10-06 04:38 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-10-06 04:36 --------- d-----w C:\Program Files\Symantec
2007-10-06 04:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-06 04:27 --------- d-----w C:\Program Files\Triggersoft
2007-10-06 04:26 --------- d-----w C:\Program Files\Outspark
2007-10-04 07:01 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-03 03:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2007-09-25 21:46 --------- d-----w C:\Documents and Settings\Collette\Application Data\IGN_DLM
2007-09-25 01:36 --------- d-----w C:\Program Files\Google
2007-09-22 06:50 --------- d-----w C:\Program Files\IGN
2007-09-22 06:49 --------- d-----w C:\Program Files\DriftCity
2007-09-13 04:16 --------- d-----w C:\Program Files\GameTribe
2007-09-12 07:21 --------- d-----w C:\Program Files\DivX
2007-09-11 09:17 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll
2007-09-11 05:17 65,536 ----a-w C:\WINDOWS\IFinst27.exe
2007-09-06 23:08 --------- d-----w C:\Documents and Settings\Guest\Application Data\Roxio
2007-09-06 06:26 --------- d-----w C:\Program Files\AOA
2007-09-06 04:06 --------- d-----w C:\Documents and Settings\Collette\Application Data\NHN Corporation
2007-09-03 03:12 --------- d-----w C:\Program Files\AskPBar
2007-09-01 02:18 --------- d-----w C:\Program Files\SnailWeb
2007-08-30 00:24 --------- d-----w C:\Program Files\Deco Online
2007-08-29 02:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Outspark
2007-08-25 06:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2007-08-24 05:52 --------- d-----w C:\Program Files\Common Files\AOL
2007-08-24 05:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-08-21 08:52 --------- d-----w C:\Program Files\Common Files\Adobe
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 00:26 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-08-21 00:26 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-08-15 22:33 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-08-15 22:33 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-08-15 22:33 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-08-15 22:33 144,704 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-08-15 22:33 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2007-08-15 22:33 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2007-08-15 22:33 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2007-08-15 22:33 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-08-15 22:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-08-15 22:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-08-15 22:31 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-08-15 22:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-08-15 22:30 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-08-15 22:30 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-08-15 22:30 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-08-15 22:30 740,442 ----a-w C:\WINDOWS\system32\DivX.dll
2007-08-15 22:30 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-07-31 00:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-31 00:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-31 00:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-31 00:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-31 00:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-31 00:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-31 00:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-31 00:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-28 03:37 8,237,056 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-07-28 03:31 344,064 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-07-28 03:30 269,312 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-07-28 03:24 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-07-28 03:23 143,360 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-07-28 03:23 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-07-28 03:22 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-07-28 03:22 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-07-28 03:22 118,784 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-07-28 03:21 483,328 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-07-28 03:20 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-07-28 03:12 3,067,712 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-07-28 03:06 176,128 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-07-28 03:01 1,550,208 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-07-28 02:50 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-07-28 02:47 266,240 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-07-28 02:46 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-07-28 02:40 450,560 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-07-28 02:05 593,920 ----a-w C:\WINDOWS\system32\ati2sgag.exe
2007-06-29 08:36 88 ----a-w C:\Program Files\GayoList_MyDancer.xml_.md5
2007-02-09 21:38 3,240 ----a-w C:\Program Files\install.ini
2007-02-09 21:37 629,147,559 ----a-w C:\Program Files\data1.pck
2007-02-09 21:37 478,630,326 ----a-w C:\Program Files\data4.pck
2007-02-09 21:37 1,070,496 ----a-w C:\Program Files\check.md
2007-02-09 21:36 629,099,481 ----a-w C:\Program Files\data3.pck
2007-02-09 21:34 629,192,227 ----a-w C:\Program Files\data2.pck
2007-01-23 17:15 9,598 ----a-w C:\Program Files\CopyRight.txt
2006-09-17 04:17 47,248 ----a-w C:\Documents and Settings\Collette\Application Data\GDIPFONTCACHEV1.DAT
2005-10-29 01:59 88 ----a-w C:\Program Files\GayoList_MyDancer.xml.md5
2005-10-29 01:59 126 ----a-w C:\Program Files\GayoList_MyDancer.xml
2005-05-10 23:54 258,352 ----a-w C:\Program Files\unicows.dll
2002-08-16 04:58 28,672 ----a-w C:\Program Files\JPGI.dll
2000-09-15 20:51 372,736 ----a-w C:\Program Files\ijl15.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6A68DF9A-2F18-4C0A-9D7F-F8596B1F535C}]
C:\WINDOWS\system32\ddccy.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-10-18 01:42 339968 --a------ C:\WINDOWS\system32\igmtftmh.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C92B957B-4767-4E53-A63C-1E547C35F0C6}]
C:\WINDOWS\system32\nnnkkhi.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\igmtftmh.dll [2007-10-18 01:42 339968]
[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\igmtftmh.dll [2007-10-18 01:42 339968]
[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2004-06-23 21:28]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 10:33]
"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 05:50 C:\WINDOWS\LOGI_MWX.EXE]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-22 21:05]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2004-09-25 01:37]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 09:21]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe " [2005-06-23 19:27]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-07-07 10:55]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 16:24]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-08 03:51]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.e xe" [2004-08-04 00:31]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScI nst.exe" [2004-08-04 00:31]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT \TINTSETP.exe" [2004-08-04 00:32]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TIN TSETP.exe" [2004-08-04 00:32]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 05:43]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 22:49]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"BitTorrent DNA"="C:\Program Files\BitTorrent_DNA\dna.exe" [2007-07-25 23:42]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{C92B957B-4767-4E53-A63C-1E547C35F0C6}"= C:\WINDOWS\system32\nnnkkhi.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igmtftmh]
igmtftmh.dll 2007-10-18 01:42 339968 C:\WINDOWS\system32\igmtftmh.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnkkhi]
nnnkkhi.dll
R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viam raid.sys
R1 DVDVRRdr_xp;DVDVRRdr_xp;C:\WINDOWS\system32\driver s\DVDVRRdr_xp.sys
R1 UDFReadr;UDFReadr;C:\WINDOWS\system32\drivers\UDFR eadr.sys
R3 GETNDIS;VIA Networking Velocity Family Giga-bit Ethernet Adapter Driver;C:\WINDOWS\system32\DRIVERS\getnd5b.sys
R3 SRS_SSCFilter;SRS Labs Audio Sandbox (WDM);C:\WINDOWS\system32\drivers\srs_sscfilter_i3 86.sys
S3 AmdTools;AMD Special Tools Driver;C:\WINDOWS\system32\DRIVERS\AmdTools.sys
S3 ASPI;Advanced SCSI Programming Interface Driver;\??\C:\WINDOWS\System32\DRIVERS\ASPI32.sys
S3 IPN2120;Instant Wireless-B PCI Adapter Driver;C:\WINDOWS\system32\DRIVERS\LSIPNDS.sys
S3 jlock101;jlock101;\??\C:\WINDOWS\system32\jlock101 .sys
S3 npkycryp;npkycryp;\??\C:\Program Files\Gravity\RO\npkycryp.sys
S3 SetupNTGLM7X;SetupNTGLM7X;\??\D:\NTGLM7X.sys
S3 XDva005;XDva005;\??\C:\WINDOWS\system32\XDva005.sy s
S3 XDva007;XDva007;\??\C:\WINDOWS\system32\XDva007.sy s
S3 XDva008;XDva008;\??\C:\WINDOWS\system32\XDva008.sy s
S3 XDva009;XDva009;\??\C:\WINDOWS\system32\XDva009.sy s
S3 XDva020;XDva020;\??\C:\WINDOWS\system32\XDva020.sy s
S3 XDva021;XDva021;\??\C:\WINDOWS\system32\XDva021.sy s
S3 XDva025;XDva025;\??\C:\WINDOWS\system32\XDva025.sy s
S3 XDva026;XDva026;\??\C:\WINDOWS\system32\XDva026.sy s
S3 XDva028;XDva028;\??\C:\WINDOWS\system32\XDva028.sy s
.
Contents of the 'Scheduled Tasks' folder
"2005-07-01 13:07:30 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
************************************************** ************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-19 15:23:25
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
Completion time: 2007-10-19 15:25:39
.
--- E O F ---
Reply With Quote
  #6  
Old October 20th, 2007, 04:13 AM
dahli's Avatar
dahli dahli is offline
CTH Subscriber
  
Join Date: Oct 2004
Location: in a van down by the river
Posts: 5,335
Disable your antivirus program and go here (http://www.eset.com/onlinescan/) and run an online scan using ESET Online Scanner (you will need to use Internet Explorer for this scan). If you accept the Terms of Use, check the box and click Start. After the ActiveX Control has loaded, it will take a couple minutes for the scanner to get ready. Next, check the following boxes:

Remove found threats
Scan unwanted applications

Click Start. This scan may take a while, so please be patient. Go to C:\Program Files\EsetOnlineScanner\ and open the file log.txt. Click Edit - Select All then copy/paste that log back here.
Reply With Quote
  #7  
Old October 20th, 2007, 06:41 AM
KronoSfear's Avatar
KronoSfear KronoSfear is offline
Member
  
Join Date: Apr 2005
Posts: 92
Okay here's my log for that. And as an update I turned on windows firewall, since it was off for some reason...I thought I turned it on to replace the other. So thats on, I had Lavasoft Adware Removal installed so I used it to clean away somethings so far...hmm worked alittle. I even tried to do a virus scan and again I found the Trojan_Vundo...I don't know if it's still there, but I'll wait for your reply on this report. Thank you for trying to help me though.

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=2604 (20071019)
# vers_arch_module=1.058 (20070906)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=8537f618d9229245ae8b2c36d28a61b2
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2007-10-20 05:36:01
# local_time=2007-10-20 12:36:01 (-0600, Central Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=280102
# found=12
# scan_time=4835
C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk Win32/Adware.SecToolbar application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk Win32/Adware.SecToolbar application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Collette\Desktop\Live Safety Center.lnk Win32/Adware.SecToolbar application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Collette\Desktop\Online Security Guide.lnk Win32/Adware.SecToolbar application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Collette\Favorites\Online Security Guide.lnk Win32/Adware.SecToolbar application (unable to clean - deleted) 00000000000000000000000000000000
C:\qoobox\Quarantine\C\Program Files\Hammer.dll.vir Win32/Adware.SecToolbar application (unable to clean - deleted) 00000000000000000000000000000000
C:\qoobox\Quarantine\C\WINDOWS\system32\oxycdjrm.d ll.vir Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\hfagcmia.exe Win32/Adware.SecToolbar application (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\iglaivow.dll Win32/Adware.SecToolbar application (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\igmtftmh.dll Win32/Adware.SecToolbar application (unable to clean - deleted (after the next restart)) 650E83AE6756865B0570EF2C52A2507D
C:\WINDOWS\system32\ofygotgt.exe Win32/Adware.SecToolbar application (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\uxgcuxaq.exe Win32/Adware.SecToolbar application (unable to clean - deleted) 00000000000000000000000000000000
Reply With Quote
  #8  
Old October 20th, 2007, 03:23 PM
dahli's Avatar
dahli dahli is offline
CTH Subscriber
  
Join Date: Oct 2004
Location: in a van down by the river
Posts: 5,335
Please download VundoFix.exe to your desktop.

* Double-click VundoFix.exe to run it.
* Click the Scan for Vundo button.
* Once it's done scanning, click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will reboot your computer, click OK.
* Please post the contents of C:\vundofix.txt.


Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.


After the reboot, Disable your antivirus program and go here and run an online scan with BitDefender (you will need to use Internet Explorer for this scan). When the ActiveX Control has loaded, click on "Click here to scan" and grab a coffee.

When BitDefender completes the scan, select the "Detected Problems" tab. Click on "Click here to export scan". Save the file as an HTML to your Desktop. Then click on the saved file and allow it to open with your browser. Go to Edit - Select All. Then copy/paste that log back here, along with the contents of C:\vundofix.txt and a new HijackThis log please.
Reply With Quote
  #9  
Old October 20th, 2007, 11:06 PM
KronoSfear's Avatar
KronoSfear KronoSfear is offline
Member
  
Join Date: Apr 2005
Posts: 92
VundoFix V6.5.10
Checking Java version...
Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Scan started at 2:49:30 PM 10/20/2007
Listing files found while scanning....
C:\WINDOWS\system32\igmtftmh.dll
Beginning removal...
Performing Repairs to the registry.
Done!

---------------------------------------------

BitDefender Online Scanner


Scan report generated at: Sat, Oct 20, 2007 - 16:42:17



Scan path: A:\;C:\;D:\;E:\;





Statistics
Time
01:39:05
Files
257278
Folders
6813
Boot Sectors
2
Archives
1177
Packed Files
8614


Results
Identified Viruses
7
Infected Files
20
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
25


Engines Info
Virus Definitions
853480
Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Scan plugins
14
Archive plugins
38
Unpack plugins
7
E-mail plugins
6
System plugins
1


Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions

Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes


Scanned File
Status
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\085C0000\4F5C3EF3.VBN=>(Qua rantine-PE)
Infected with: Trojan.Clicker.Agent.NP
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\085C0000\4F5C3EF3.VBN=>(Qua rantine-PE)
Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\085C0000\4F5C3EF3.VBN=>(Qua rantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\091C0000.VBN=>(Quarantine-PE)
Detected with: Adware.Virtumonde.GGZ
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\091C0000.VBN=>(Quarantine-PE)
Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\091C0000.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C940000\4F96FA7D.VBN=>(Qua rantine-PE)
Infected with: Trojan.Clicker.Agent.NP
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C940000\4F96FA7D.VBN=>(Qua rantine-PE)
Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C940000\4F96FA7D.VBN=>(Qua rantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E540000.VBN=>(Quarantine-PE)
Infected with: Trojan.Clicker.Agent.NP
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E540000.VBN=>(Quarantine-PE)
Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E540000.VBN=>(Quarantine-PE)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300000\4FB7A50C.VBN=>(Qua rantine-PE)
Infected with: Trojan.FakeAlert.DO
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300000\4FB7A50C.VBN=>(Qua rantine-PE)
Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300000\4FB7A50C.VBN=>(Qua rantine-PE)
Deleted
C:\qoobox\Quarantine\C\RECYCLER\winow.dll.vir
Infected with: Generic.PWS.WoW.0B0BEBD9
C:\qoobox\Quarantine\C\RECYCLER\winow.dll.vir
Disinfection failed
C:\qoobox\Quarantine\C\RECYCLER\winow.dll.vir
Deleted
C:\qoobox\Quarantine\C\RECYCLER\winow.exe.vir
Infected with: DeepScan:Generic.PWS.WoW.B5FA72DA
C:\qoobox\Quarantine\C\RECYCLER\winow.exe.vir
Disinfection failed
C:\qoobox\Quarantine\C\RECYCLER\winow.exe.vir
Deleted
C:\qoobox\Quarantine\C\WINDOWS\rising454.exe.vir
Infected with: DeepScan:Generic.PWS.WoW.B5FA72DA
C:\qoobox\Quarantine\C\WINDOWS\rising454.exe.vir
Disinfection failed
C:\qoobox\Quarantine\C\WINDOWS\rising454.exe.vir
Deleted
C:\qoobox\Quarantine\C\WINDOWS\rising736.exe.vir
Infected with: DeepScan:Generic.PWS.WoW.B5FA72DA
C:\qoobox\Quarantine\C\WINDOWS\rising736.exe.vir
Disinfection failed
C:\qoobox\Quarantine\C\WINDOWS\rising736.exe.vir
Deleted
C:\qoobox\Quarantine\C\WINDOWS\rising778.exe.vir
Infected with: DeepScan:Generic.PWS.WoW.B5FA72DA
C:\qoobox\Quarantine\C\WINDOWS\rising778.exe.vir
Disinfection failed
C:\qoobox\Quarantine\C\WINDOWS\rising778.exe.vir
Deleted
C:\qoobox\Quarantine\C\WINDOWS\system32\incplhkv.d ll.vir
Infected with: Trojan.Vundo.DNR
C:\qoobox\Quarantine\C\WINDOWS\system32\incplhkv.d ll.vir
Disinfection failed
C:\qoobox\Quarantine\C\WINDOWS\system32\incplhkv.d ll.vir
Deleted
C:\qoobox\Quarantine\C\WINDOWS\system32\SVCH0ST.EX E.vir
Infected with: Generic.Rincux.D49D5F2D
C:\qoobox\Quarantine\C\WINDOWS\system32\SVCH0ST.EX E.vir
Disinfection failed
C:\qoobox\Quarantine\C\WINDOWS\system32\SVCH0ST.EX E.vir
Deleted
C:\System Volume Information\_restore{D78B07B9-C615-45ED-AF01-B38B6ACBB3A8}\RP2\A0000007.exe
Infected with: DeepScan:Generic.PWS.WoW.B5FA72DA
C:\System Volume Information\_restore{D78B07B9-C615-45ED-AF01-B38B6ACBB3A8}\RP2\A0000007.exe
Disinfection failed
C:\System Volume Information\_restore{D78B07B9-C615-45ED-AF01-B38B6ACBB3A8}\RP2\A0000007.exe
Deleted
C:\System Volume Information\_restore{D78B07B9-C615-45ED-AF01-B38B6ACBB3A8}\RP2\A0000008.exe
Infected with: DeepScan:Generic.PWS.WoW.B5FA72DA
C:\System Volume Information\_restore{D78B07B9-C615-45ED-AF01-B38B6ACBB3A8}\RP2\A0000008.exe
Disinfection failed
C:\System Volume Information\_restore{D78B07B9-C615-45ED-AF01-B38B6ACBB3A8}\RP2\A0000008.exe
Deleted
C:\System Volume Information\_restore{D78B07B9-C615-45ED-AF01-B38B6ACBB3A8}\RP2\A0000009.exe
Infected with: DeepScan:Generic.PWS.WoW.B5FA72DA
C:\System Volume Information\_restore{D78B07B9-C615-45ED-AF01-B38B6ACBB3A8}\RP2\A0000009.exe
Disinfection failed
C:\System Volume Information\_restore{D78B07B9-C615-45ED-AF01-B38B6ACBB3A8}\RP2\A0000009.exe
Deleted
C:\System Volume Information\_restore{D78B07B9-C615-45ED-AF01-B38B6ACBB3A8}\RP2\A0000010.dll
Infected with: Generic.PWS.WoW.0B0BEBD9
C:\System Volume Information\_restore{D78B07B9-C615-45ED-AF01-B38B6ACBB3A8}\RP2\A0000010.dll
Disinfection failed
C:\System Volume Information\_restore{D78B07B9-C615-45ED-AF01-B38B6ACBB3A8}\RP2\A0000010.dll
Deleted
C:\System Volume Information\_restore{D78B07B9-C615-45ED-AF01-B38B6ACBB3A8}\RP2\A0000011.exe
Infected with: DeepScan:Generic.PWS.WoW.B5FA72DA
C:\System Volume Information\_restore{D78B07B9-C615-45ED-AF01-B38B6ACBB3A8}\RP2\A0000011.exe
Disinfection failed
C:\System Volume Information\_restore{D78B07B9-C615-45ED-AF01-B38B6ACBB3A8}\RP2\A0000011.exe
Deleted
C:\System Volume Information\_restore{D78B07B9-C615-45ED-AF01-B38B6ACBB3A8}\RP2\A0000013.dll
Infected with: Trojan.Vundo.DNR
C:\System Volume Information\_restore{D78B07B9-C615-45ED-AF01-B38B6ACBB3A8}\RP2\A0000013.dll
Disinfection failed
C:\System Volume Information\_restore{D78B07B9-C615-45ED-AF01-B38B6ACBB3A8}\RP2\A0000013.dll
Deleted
C:\System Volume Information\_restore{D78B07B9-C615-45ED-AF01-B38B6ACBB3A8}\RP2\A0000014.dll
Infected with: Trojan.Vundo.DNR
C:\System Volume Information\_restore{D78B07B9-C615-45ED-AF01-B38B6ACBB3A8}\RP2\A0000014.dll
Disinfection failed
C:\System Volume Information\_restore{D78B07B9-C615-45ED-AF01-B38B6ACBB3A8}\RP2\A0000014.dll
Deleted
C:\System Volume Information\_restore{D78B07B9-C615-45ED-AF01-B38B6ACBB3A8}\RP2\A0000021.EXE
Infected with: Generic.Rincux.D49D5F2D
C:\System Volume Information\_restore{D78B07B9-C615-45ED-AF01-B38B6ACBB3A8}\RP2\A0000021.EXE
Disinfection failed
C:\System Volume Information\_restore{D78B07B9-C615-45ED-AF01-B38B6ACBB3A8}\RP2\A0000021.EXE
Deleted

-----------------------------------------------
Reply With Quote
  #10  
Old October 20th, 2007, 11:07 PM
KronoSfear's Avatar
KronoSfear KronoSfear is offline
Member
  
Join Date: Apr 2005
Posts: 92
The computer seems to be feeling a lot better now, this is a really good thing. I'm glad I stayed sane through all of this =), I hope things are fixed so far. Sorry for the double post, it wouldn't let me put this all together with the others since there were too many characters.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:04:17 PM, on 10/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitTorrent_DNA\dna.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe
C:\DOCUME~1\Collette\LOCALS~1\Temp\Adobelm_Cleanup .0001
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\Collette\LOCALS~1\Temp\Adobelm_Cleanup .0001
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Collette\Desktop\HiJackThis.exe
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O1 - Hosts: 87.117.202.117 nprotect.roseonlinegame.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: (no name) - {6A68DF9A-2F18-4C0A-9D7F-F8596B1F535C} - C:\WINDOWS\system32\ddccy.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {C92B957B-4767-4E53-A63C-1E547C35F0C6} - C:\WINDOWS\system32\nnnkkhi.dll (file missing)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\BitTorrent_DNA\dna.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Collette\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://fishingchamp.gamescampus.com/...amesCampus.cab
O16 - DPF: {0835BC90-6ABC-4F52-A103-4FC3A61F2C33} (A18X Control) - http://www.albatross18.com/season2/cabs/A18X.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {20050325-D35A-4233-926E-2E801AE25949} (NMJPStarter15 Class) - http://www.netmarble.jp/_common/cab/NMStarterJP6.cab
O16 - DPF: {207048D8-A40B-4505-AE24-92FF13BEB269} (myDancerCTL Class) - http://web.spaceillusion.com/help/myDancer1020.cab
O16 - DPF: {2CDD22B9-FC0F-46B9-A2FA-BCCFFA7F87F3} (ActiveJoy Control) - http://www.wydglobal.com/JKeySecret/ActiveJoy3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {377FF862-62E0-4F33-B6E5-F58E0BC0F209} (NlsComm Component Class) - http://login.hanbiton.com/cab/NLSnSSO.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - http://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by7fd.bay7.hotmail.msn.com/re...s/MsnPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/game...lugin11USA.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab
O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://file.netmarble.jp/Control/NMJTransX.cab
O16 - DPF: {7C564BC7-73BD-4750-A90A-8FF2D8C8C64B} (SysInfo Control) - http://www.cabal.co.kr/Include/SysInfo.cab
O16 - DPF: {7D1AC43C-FDD7-4F4D-8A74-BD315320569B} (GSystemInfo Control) - http://www.ragnarok2.co.kr/cab1/GSystemInfo.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/activex/d...rsion=1,0,0,10
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalgamecdn.com/dist/n...fyLauncher.cab
O16 - DPF: {AB4ADC0F-2B4B-4B08-8B5C-CA4D6188A180} (P3Xfer Loader Class) - http://config.hyosungcdn.com/download/p3xset.cab
O16 - DPF: {AEFD1FBF-F311-4A6F-A360-B5BCC74BE3EE} (SpriteCtrl Class) - http://www.mysprite.com/sprite/bin/Sprite.cab
O16 - DPF: {B3FE4217-1335-4D02-A7C0-9A5CE9E6640E} (MADanalCtrl Control) - http://www.ohdio.com/common/ctrl/MADanalCtrl2.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {BCA9A936-F557-408E-8301-D5B2B302EFD6} (SiUpdaterCtrl Class) - http://web.spaceillusion.com/help/iDanceUpdater1020.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} (HanSetupCtrl1010 Class) - http://gzs.hangame.com/common/HanSetup1010.cab
O16 - DPF: {C8F5F737-2683-40B8-BFB6-47B15AC20A79} (Game Starter Control) - https://service.gamania.co.jp/auth/c...1/lcjggame.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/contr...terActiveX.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://my.levelupgames.ph/keycrypt/npkcx.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.tricksteronline.com/contr...tComponent.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/game...lugin10USA.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O20 - Winlogon Notify: igmtftmh - igmtftmh.dll (file missing)
O20 - Winlogon Notify: nnnkkhi - nnnkkhi.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
--
End of file - 15907 bytes
Reply With Quote
  #11  
Old October 21st, 2007, 03:36 AM
dahli's Avatar
dahli dahli is offline
CTH Subscriber
  
Join Date: Oct 2004
Location: in a van down by the river
Posts: 5,335
Open Hijackthis.
Click Config - Misc Tools - Open Uninstall Manager.
A list of the entries in Add/Remove programs will appear.
Click on Save List...
The list will be saved as 'Uninstall_list.txt'
Copy & Paste the contents back here for review.
Reply With Quote
  #12  
Old October 21st, 2007, 04:43 AM
KronoSfear's Avatar
KronoSfear KronoSfear is offline
Member
  
Join Date: Apr 2005
Posts: 92
??? ?? ????
ABBYY FineReader 5.0 Sprint
AC3Filter (remove only)
Ad-Aware 2007
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 8.1.0
Adobe Shockwave Player
Adobe Stock Photos 1.0
Adobe® Photoshop® Album Starter Edition 3.2
Ares 2.0.9
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Control Panel
ATI Display Driver
ATI HYDRAVISION
Azureus Vuze
BitZip (remove only)
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
ESET Online Scanner
Fraps
Free Download Manager 2.1
getPlus(R)_ocx
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB926239)
IGN Download Manager 2.3.2
InfernoRose
iTunes
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1
KSignAccessToolkit v1.0
Lexmark X1100 Series
LiveUpdate 2.6 (Symantec Corporation)
Logitech iTouch Software
Logitech MouseWare 9.75
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office XP Professional
Microsoft Speech SDK 5.1
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft XML Parser and SDK
Mozilla Firefox (2.0.0.6)
MP3 Remix Player Standalone
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
nProtect KeyCrypt
Project64 1.6
QuickTime
RealPlayer
Rose Online Evolution
Roxio Easy Media Creator 7 Basic VCD Edition
Rumble Fighter
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Solid State ION Internet Explorer Plugin
SpywareBlaster v3.5.1
SRS Audio Sandbox
Symantec Client Security
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
VIA Audio Driver Setup Program
Viewpoint Media Player
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
WinZip 11.1
XviD 1.1 final uninstall
Yahoo! Anti-Spy
Yahoo! Browser Services
Yahoo! Mail
Yahoo! Messenger
Yahoo! Toolbar
Zuma Deluxe 1.0
Reply With Quote
  #13  
Old October 21st, 2007, 04:59 AM
dahli's Avatar
dahli dahli is offline
CTH Subscriber
  
Join Date: Oct 2004
Location: in a van down by the river
Posts: 5,335
Click Start>Control Panel>Add/Remove Programs
Uninstall the following programs:


J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1

REBOOT

Install the latest version of java from here

Post a new HijackThis log.
Reply With Quote
  #14  
Old October 24th, 2007, 02:59 AM
KronoSfear's Avatar
KronoSfear KronoSfear is offline
Member
  
Join Date: Apr 2005
Posts: 92
Sorry for the delay, net has been down for a day and a half around where I live.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:57:55 PM, on 10/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitTorrent_DNA\dna.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\WgaTray.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Collette\Desktop\HiJackThis.exe
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O1 - Hosts: 87.117.202.117 nprotect.roseonlinegame.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: (no name) - {6A68DF9A-2F18-4C0A-9D7F-F8596B1F535C} - C:\WINDOWS\system32\ddccy.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {C92B957B-4767-4E53-A63C-1E547C35F0C6} - C:\WINDOWS\system32\nnnkkhi.dll (file missing)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\BitTorrent_DNA\dna.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Collette\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://fishingchamp.gamescampus.com/...amesCampus.cab
O16 - DPF: {0835BC90-6ABC-4F52-A103-4FC3A61F2C33} (A18X Control) - http://www.albatross18.com/season2/cabs/A18X.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {20050325-D35A-4233-926E-2E801AE25949} (NMJPStarter15 Class) - http://www.netmarble.jp/_common/cab/NMStarterJP6.cab
O16 - DPF: {207048D8-A40B-4505-AE24-92FF13BEB269} (myDancerCTL Class) - http://web.spaceillusion.com/help/myDancer1020.cab
O16 - DPF: {2CDD22B9-FC0F-46B9-A2FA-BCCFFA7F87F3} (ActiveJoy Control) - http://www.wydglobal.com/JKeySecret/ActiveJoy3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {377FF862-62E0-4F33-B6E5-F58E0BC0F209} (NlsComm Component Class) - http://login.hanbiton.com/cab/NLSnSSO.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - http://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by7fd.bay7.hotmail.msn.com/re...s/MsnPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/game...lugin11USA.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab
O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://file.netmarble.jp/Control/NMJTransX.cab
O16 - DPF: {7C564BC7-73BD-4750-A90A-8FF2D8C8C64B} (SysInfo Control) - http://www.cabal.co.kr/Include/SysInfo.cab
O16 - DPF: {7D1AC43C-FDD7-4F4D-8A74-BD315320569B} (GSystemInfo Control) - http://www.ragnarok2.co.kr/cab1/GSystemInfo.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/activex/d...rsion=1,0,0,10
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalgamecdn.com/dist/n...fyLauncher.cab
O16 - DPF: {AB4ADC0F-2B4B-4B08-8B5C-CA4D6188A180} (P3Xfer Loader Class) - http://config.hyosungcdn.com/download/p3xset.cab
O16 - DPF: {AEFD1FBF-F311-4A6F-A360-B5BCC74BE3EE} (SpriteCtrl Class) - http://www.mysprite.com/sprite/bin/Sprite.cab
O16 - DPF: {B3FE4217-1335-4D02-A7C0-9A5CE9E6640E} (MADanalCtrl Control) - http://www.ohdio.com/common/ctrl/MADanalCtrl2.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {BCA9A936-F557-408E-8301-D5B2B302EFD6} (SiUpdaterCtrl Class) - http://web.spaceillusion.com/help/iDanceUpdater1020.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} (HanSetupCtrl1010 Class) - http://gzs.hangame.com/common/HanSetup1010.cab
O16 - DPF: {C8F5F737-2683-40B8-BFB6-47B15AC20A79} (Game Starter Control) - https://service.gamania.co.jp/auth/c...1/lcjggame.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/contr...terActiveX.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://my.levelupgames.ph/keycrypt/npkcx.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.tricksteronline.com/contr...tComponent.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/game...lugin10USA.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O20 - Winlogon Notify: igmtftmh - igmtftmh.dll (file missing)
O20 - Winlogon Notify: nnnkkhi - nnnkkhi.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
--
End of file - 15617 bytes
Reply With Quote
  #15  
Old October 25th, 2007, 05:43 AM
dahli's Avatar
dahli dahli is offline
CTH Subscriber
  
Join Date: Oct 2004
Location: in a van down by the river
Posts: 5,335
Run HijackThis and check the following:

O2 - BHO: (no name) - {6A68DF9A-2F18-4C0A-9D7F-F8596B1F535C} - C:\WINDOWS\system32\ddccy.dll (file missing)
O2 - BHO: (no name) - {C92B957B-4767-4E53-A63C-1E547C35F0C6} - C:\WINDOWS\system32\nnnkkhi.dll (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O20 - Winlogon Notify: igmtftmh - igmtftmh.dll (file missing)
O20 - Winlogon Notify: nnnkkhi - nnnkkhi.dll (file missing)

Click FIX CHECKED

Post a new HijackThis log and let me know how your system is running.
Reply With Quote
Reply
Page 1 of 2 1 2

Bookmarks

« Previous Topic | Next Topic »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Topics
Topic Topic Starter Forum Replies Last Post
Malware issue? werkshop Malware Removal 12 February 18th, 2014 11:30 AM
Malware issue Quetzal59 Windows XP 6 April 19th, 2011 12:04 PM
Possible Malware Issue sylphie Malware Removal 6 December 7th, 2010 01:10 PM
Firewall issue? Malware issue? Dave441 Malware Removal 1 June 10th, 2009 05:16 AM
HJT possible malware issue... Ora Malware Removal 13 October 5th, 2007 01:11 AM


All times are GMT +1. The time now is 04:59 AM.