Need Lots Of Help Please

Forum Guidelines

Read this topic before posting a log.

DO NOT post a ComboFix log unless requested to.

Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

Need Lots Of Help Please

Options

pcdome View Member Profile	Jul 3 2006, 11:13 PM Post #1
Member Group: Members Posts: 39 Joined: 3-July 06 Member No.: 74,474	Hello, I'm far from being an expert, and I've tried to ask some of my more knowlegeable friends but I'm not getting anywhere with them. My original problem was that I have a BF Ghost (is that correct) running on my computer called conime.exe. I found a way to get rid of it on this forum once before but stupidly I closed that page without saving it as a favorite. Anyhow, I'm glad I did lose that page because I have found several other problems thanks to your pinned topic on what I have to do before posting an HJT log. Now, I don't know how to fix those problems either, and I haven't noticed them come up in my HJT log, so I'm going to type those problems in first and then list my HJT log. (I will title each new problem in red and italicized. Please don't think I'm rude, I just thought it easier that way. Okay? Thanks. I'm sorry that this is going to be such a long post. First Problem: This is the report from the Trend Micro page, after cleaning: Detected grayware/spyware Note: Complete removal of the grayware listed below failed! If you require general hints and tips to solve the problem please click here. (My personal side note: I tried this and was told they have no solution for this problem. Back to Trend Micro report.) Grayware specific information is available from the relevant grayware section. TSPY_CLICKER.CP 1 infections There is no more information available for this grayware/spyware... General information about this type of grayware/spyware. Some of this grayware/spyware could not be removed automatically! Click here to receive instructions on how to remove this infection manually. (My personal side note: I tried this and received a message box that says: There is currently no information available on how to remove this malware/grayware manually. Please contact HouseCall Support (via the "Support" link) and describe your problem. (My personal side note: I'll do this, if the problem can't be solved here.)) Cleanup Options (radio button) Clean all detected infections automatically (My personal side note: This doesn't work.) (radio button) Select an individual action for each detected infection (Checkbox with no logo above) Checked (Checkbox with broom above) Checking Not Allowed (Checkbox with a red "x"a above) Can be checked (Reason box) The current platform does not support cleanup (Files infected by this grayware/spyware) Files infected by this grayware/spyware Second Problem: From Stinger: Scan initiated on Tue Jul 04 01:33:40 2006 C:\Documents and Settings\Robb\MyDocuments\h0ya\CDmage.exe Found the W32/Pate.dam virus !!! C:\Documents and Settings\Robb\MyDocuments\h0ya\CDmage.exe could not be repaired. Number of Clean Files: 239106 Number of infected Files: 1 Third Problem: ZoneLabs ZoneAlarm Firewall Download According to the File Download Box the whole file is finished but the File Download box won't stop downloading and close the dialog box. I have it set to automatically close when finished but it won't close, I only have an option to cancel. I also don't see the file in my save location. Actually, I just recevied a message box that said the operation timed out. Anyhow, I don't know if this is a problem for this forum or not, but I thought I would tell you, just in case. Fourth & Last Problem: (at least that I'm aware of ) This is my original problem conime.exe Here is my HJT log: Logfile of HijackThis v1.99.1 Scan saved at 1:10:44 PM, on 7/4/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\SIGMA\TV\sigmatv.exe C:\Program Files\Sigma\common\SMBM.EXE C:\WINDOWS\SnoopFreeUI.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\System32\rundll32.exe C:\CFusionMX7\runtime\bin\jrunsvc.exe C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe C:\CFusionMX7\runtime\bin\jrun.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\SnoopFreeSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\CFusionMX7\verity\k2\_nti40\bin\k2server.exe C:\CFusionMX7\verity\k2\_nti40\bin\k2index.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\System32\conime.exe C:\Program Files\HijackThis\HijackThis.exe R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ADSpider] C:\Program Files\ADSPider\ADSpider.exe /start O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [TV_Path] C:\Program Files\SIGMA\TV\sigmatv.exe /t O4 - HKLM\..\Run: [SMBM] C:\Program Files\Sigma\common\SMBM.EXE /D O4 - HKLM\..\Run: [SnoopFreeUI] SnoopFreeUI.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\RunOnce: [NAVNT 2005Seq] C:\DOCUME~1\Robb\LOCALS~1\Temp\LUProdRg.exe /f:C:\DOCUME~1\Robb\LOCALS~1\Temp\2005LU~1.INI /s:SPW_Set_Sequence O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: 799BB2EC-572A-42A9-84AD-112806F4F551 - O16 - DPF: DCD7F1D9-8E57-45F8-8C0C-4400CD84C8BF - O16 - DPF: {091CDD73-1401-4643-9B9C-65B091C88685} (MyLinker Control) - http://kherald.contents.mylinker.co.kr/module/MyLinker.cab O16 - DPF: {18D63578-EA2F-4A59-A49A-7F62E6B3DF3E} (ImP3 Control) - http://activexdown.paran.com/paranactivex/data/ImP3.cab O16 - DPF: {240F0899-15BB-49AE-B820-62CEB9116C0F} (SkyCom Control) - http://www.skylove.com/connect/skycom.cab O16 - DPF: {247D3068-ABDA-4A56-A48A-112183AC08B5} (GK_YH_Launcher Control) - http://kr.wbgames.yahoo.com/GK_YH_Launcher.cab O16 - DPF: {27E4B2A9-D554-40DE-B6CD-F11E9B44FBD0} (SimFileControl Control) - http://simfile.chol.com/down/SimFileControl.cab O16 - DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} (INISAFEWeb6 V6 Class) - http://www.hanabank.com/plugin/INIS60.cab O16 - DPF: {2882C368-D508-11D4-A2AB-000102598CE4} (LProtect Control) - http://www.livecall.co.kr/pds/module/livecall.cab O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://file.nx.com/activex/public_new/nxpm.cab O16 - DPF: {36F46B1E-11B7-4221-B4F7-F1FC9687E7F6} (MBox Control) - http://kr.music.yahoo.com/m_box/component/mbox.cab O16 - DPF: {3E59D482-6ABF-4560-A0C7-F90ACC0DC6BC} (MOHAAStarterX Control) - http://www.mohonline.co.kr/up/cab/MOHAAStarterX.cab O16 - DPF: {4A55BA7E-0379-4DB5-BDEF-70454A548AB2} (AgentReal Control) - http://kr.baduk.yahoo.com/cab/YahooBaduk.cab O16 - DPF: {4B48CEDD-EB09-4FD3-AA22-5BDE98EDEF90} (EZXSActiveX Control) - http://www.buykorea.org/buykorea/front/ezx...ezxsactivex.cab O16 - DPF: {4BF107D8-CFB8-4BC8-B54D-375CA564A33B} (EAJamDn Control) - http://www.mohonline.co.kr/up/cab/EADownloader.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {52A5D8F2-7C23-42AB-B6BF-5E7840CB1F27} (BxPopHandler Control) - http://www.netian.com/lib/BxPopHandler.cab O16 - DPF: {5CBED04F-42E6-4BEC-A087-C20012B6308B} (SCLiveUp Class) - http://www.metlife.co.kr/cs/scCab/scLiveUp.cab O16 - DPF: {6359EFB8-A988-4572-976B-3BA42C3A6177} (PMViewerX Control) - http://www.wholsee.com/Web/Scripts/Common/Map/PMapX.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1106110171734 O16 - DPF: {6FE760D3-7851-4879-8838-62D9881D7177} (IniMasHandler Class) - http://emailimg.sktelecom.com/inimas/autoc...niMasPlugin.cab O16 - DPF: {70EE0AA4-5A3A-4052-8FFA-2EEDA43F7942} (Innotive Cibrowser Control 1.1) - http://www.myipq.com/hosting/cibrowser/cib...r_1_1_1_119.cab O16 - DPF: {799BB2EC-572A-42A9-84AD-112806F4F551} (Imweb Control) - http://activexdown.paran.com/paranactivex/data/imweb.cab O16 - DPF: {79C871A6-F9C8-44DA-B2C9-CD9438D9642C} (EZXSInstaller Control) - http://www.buykorea.org/buykorea/front/ezx...xsinstaller.cab O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://download.softforum.co.kr/Published/.../xw_install.cab O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.vrboard.co.kr/bin/cortvrml.cab O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/cab9/dmcc2.cab O16 - DPF: {93F79C47-F414-4EEE-95C5-A0F0ACE59A0E} (ALDx Class) - http://www.altools.co.kr/ALDX.cab O16 - DPF: {97745861-F1A6-45B2-8AD1-0C17334550E6} (YahooCabinet Control) - http://img.yahoo.co.kr/ycabinet/cab/YahooCabinet.cab O16 - DPF: {9BDBC41E-C335-4263-83C0-ECE78EE28A33} (SysMonOCX Control) - http://ahnlabdownload.nefficient.co.kr/plu...yfirewall20.cab O16 - DPF: {9DD4E0E8-2CED-4064-BF11-DDB2196CEC40} (SOLWeB4SIB Class) - http://www.solomonbank.com/cab/SOLWeB4SIB.cab O16 - DPF: {A099920B-630C-426B-91EC-737685CEEE17} (AxCrossCert Class) - http://www.solomonbank.com/cab/AxCrossCert_2.5.0.1.cab O16 - DPF: {A671DC03-71D0-4CF0-895C-7D4A248FC1F1} (skcbgmset Class) - http://cyimg7.cyworld.nate.com/cymusic/package/skcbgmset.cab O16 - DPF: {B0A75875-3622-48BA-B5FF-45AD77AC2D0E} (BankPayEFTCtrl Control) - http://download.auction.co.kr/activexpay/BankPayEFT.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} (HanSetupCtrl1008 Class) - http://cdn.hangame.com/hangame/hansetup/HanSetup1008.cab O16 - DPF: {D572CD64-9310-4712-8FFC-A4F9DC9D4AC1} (QbicUpdate Control) - http://qbic.hanafos.com/component/QbicUpdate.CAB O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://update.nprotect.net/nprotect/keb/check_new/npkcx.cab O16 - DPF: {D95F5F60-5BB7-4655-BACE-FC5371EFC3E0} (Npx2 Control) - http://update.nprotect.net/nprotect/keb/check_new/npx2.cab O16 - DPF: {D96D2F74-0B74-47D2-964F-B67E9F69F1CD} (CongnamulMap4Asp Control) - http://asp.congnamul.com/AspActiveX/CongnamulMap4Asp_V23.cab O16 - DPF: {D9701E87-A34D-11D4-BE29-000102598CE4} (VrUpdate Control) - http://download.hauri.net/Kor/online_up/vrupdate.cab O16 - DPF: {DA76E8AE-2E7F-49A8-B5F2-D1C4FF70ECD5} (SamsungMap Control) - http://mapsvc.samsung.co.kr/ActiveX/SamsungMap_V25.cab O16 - DPF: {DCD7F1D9-8E57-45F8-8C0C-4400CD84C8BF} (Imhtml Control) - http://activexdown.paran.com/paranactivex/data/imhtml.cab O16 - DPF: {DDE6FED7-88AB-405B-9D77-FD4CDA8B9EB5} (Qbic Control) - http://qbic.hanafos.com/component/Qbic.CAB O16 - DPF: {E0BF7A2B-2F7C-497A-B50F-292D3F317965} (CongnamulMap Control) - http://www.congnamul.com/ActiveX/Release/C...amulMap_V17.cab O16 - DPF: {E40DEFEA-9133-4374-BB1B-E138DEFFF247} (SOLWeBLiveUpdate Class) - http://www.solomonbank.com/cab/SOLWeBLiveUpdate.cab O16 - DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} (KvpIspCtlD Control) - https://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cab O16 - DPF: {F1F07506-6CB4-44AC-8615-66D1234EFD05} - http://image.shinhan.com/initech/plugin/ve...NISafeWeb50.cab O20 - Winlogon Notify: asnt3 - C:\WINDOWS\SYSTEM32\AsntDll.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ColdFusion MX 7 Application Server - Macromedia Inc. - C:\CFusionMX7\runtime\bin\jrunsvc.exe O23 - Service: ColdFusion MX 7 Search Server - Unknown owner - C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe" -cfg "C:\CFusionMX7\verity\k2\common\verity.cfg" -ntstart 1 (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\System32\npkcsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Snoop Free Service (SnoopFreeSvc) - Unknown owner - C:\WINDOWS\System32\SnoopFreeSvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe Thank you so much for your help. This post has been edited by pcdome: Jul 3 2006, 11:15 PM

Replies (60 - 70)

Whisperer View Member Profile	Oct 27 2006, 05:41 AM Post #61
Senior Member Group: Members Posts: 405 Joined: 29-May 05 Member No.: 21,742	Thank you for the HJT I note that the 'Personal Firewall Checker' service in Norton is running and I am not too sure of their set-up and what package you have. Does the Symantec/Norton installation that you have include a firewall? GT This post has been edited by Whisperer: Oct 27 2006, 05:41 AM

pcdome View Member Profile	Oct 28 2006, 08:37 PM Post #62
Member Group: Members Posts: 39 Joined: 3-July 06 Member No.: 74,474	As far as I can tell it doesn't have a firewall on it. I'm running Norton Antivirus 2006 if that helps you know if it has a firewall. I looked at all the coverage options in the "Protection Center" and I didn't see anything about a firewall. I hope this info helps you. BTW, just out of curiosity what does "GT" mean? I'm not 2 up on my computer lingo talk, but I always like to learn these things b/c I like to use them when sending text msgs. Thanks.

pcdome View Member Profile	Nov 2 2006, 07:35 AM Post #63
Member Group: Members Posts: 39 Joined: 3-July 06 Member No.: 74,474	I don't want to be a pest, but just curious if you have any updates? Thanks, pcDome

Whisperer View Member Profile	Nov 2 2006, 10:17 AM Post #64
Senior Member Group: Members Posts: 405 Joined: 29-May 05 Member No.: 21,742	I had prepared a response BUT had forgotten to post it for checking by my tutor - sorry, it has been posted now and will come to you as soon as it has been checked This post has been edited by Whisperer: Nov 2 2006, 10:18 AM

Whisperer View Member Profile	Nov 2 2006, 10:35 AM Post #65
Senior Member Group: Members Posts: 405 Joined: 29-May 05 Member No.: 21,742	Hi pcdome, There is no greater significance to GT other than they are my initials The log is looking good in spite of your problems running some of the fixes especially as we seem to have got rid of that “?sv?tc?ids?er.exe” series of files. Please boot into safe mode and then move the MSOXMLMF.DLL that you have downloaded straight into its correct directory of C:\Program Files\Common Files\Microsoft Shared\OFFICE11\ clickYes when asked whether to overwrite the old one. With regards WinUPX, it was a freebie program that you may have removed a while ago, we will have a stay of execution on that one. Please do an online scan with Kaspersky Online Scanner You must use Internet Explorer for this scanner. Click on Kaspersky Online Scanner You will be prompted to install an ActiveX component from Kaspersky, Click Yes . The program will launch and then start to download the latest definition files. Once the scanner is installed and the definitions downloaded, click Next. Now click on Scan Settings and ensure that the following are selected: Under Scan using the following Anti-Virus database: Extended (If available otherwise Standard) Under Scan Options: Scan Archives Scan Mail Bases Click OK Now under select a target to scan select My Computer The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the Save as Text button: Save the file to your desktop. Copy and paste that information in your next post together with a new HijackThis log. GT

pcdome View Member Profile	Nov 8 2006, 08:31 AM Post #66
Member Group: Members Posts: 39 Joined: 3-July 06 Member No.: 74,474	Hi Whisperer, Here is the Kaspersky Log. I'm afraid it might be too many characters so I will post the newest HJT log in a second reply. Thanks, pcDome KASPERSKY ONLINE SCANNER REPORT Wednesday, November 08, 2006 10:22:16 PM Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 8/11/2006 Kaspersky Anti-Virus database records: 239285 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target My Computer C:\ D:\ E:\ F:\ G:\ Scan Statistics Total number of scanned objects 75770 Number of viruses found 2 Number of infected objects 3 / 0 Number of suspicious objects 0 Duration of the scan process 02:28:44 Infected Object Name Virus Name Last Action C:\CFusionMX7\logs\eventgateway.log Object is locked skipped C:\CFusionMX7\logs\server.log Object is locked skipped C:\CFusionMX7\runtime\logs\coldfusion-err.log Object is locked skipped C:\CFusionMX7\runtime\logs\coldfusion-out.log Object is locked skipped C:\CFusionMX7\runtime\servers\coldfusion\SERVER-INF\jms\db\coremq\consumer.dat Object is locked skipped C:\CFusionMX7\runtime\servers\coldfusion\SERVER-INF\jms\db\coremq\destination.dat Object is locked skipped C:\CFusionMX7\runtime\servers\coldfusion\SERVER-INF\jms\db\coremq\handle.dat Object is locked skipped C:\CFusionMX7\runtime\servers\coldfusion\SERVER-INF\jms\db\coremq\message.dat Object is locked skipped C:\CFusionMX7\verity\Data\host\admin\admin.dat Object is locked skipped C:\CFusionMX7\verity\Data\host\log\audit.log Object is locked skipped C:\CFusionMX7\verity\Data\host\log\status.log Object is locked skipped C:\CFusionMX7\verity\Data\services\ColdFusionK2_indexserver1\log\status.log Object is locked skipped C:\CFusionMX7\verity\Data\services\ColdFusionK2_server1\log\status.log Object is locked skipped C:\CFusionMX7\verity\k2\_nti40\filters\kpdwgrdr.dll Object is locked skipped C:\CFusionMX7\verity\k2\_nti40\filters\kpgifrdr.dll Object is locked skipped C:\CFusionMX7\verity\k2\_nti40\filters\kpifcnvt.dll Object is locked skipped C:\CFusionMX7\verity\k2\_nti40\filters\kpifutil.dll Object is locked skipped C:\CFusionMX7\verity\k2\_nti40\filters\kpjpeg.dll Object is locked skipped C:\CFusionMX7\verity\k2\_nti40\filters\kvfilter.dll Object is locked skipped C:\CFusionMX7\verity\k2\_nti40\filters\kvolefio.dll Object is locked skipped C:\CFusionMX7\verity\k2\_nti40\filters\kvxwpsa.dll Object is locked skipped C:\CFusionMX7\verity\k2\_nti40\filters\kvzee.dll Object is locked skipped C:\CFusionMX7\verity\k2\_nti40\filters\kw2hqx.dll Object is locked skipped C:\CFusionMX7\verity\k2\_nti40\filters\kw2tar.dll Object is locked skipped C:\CFusionMX7\verity\k2\_nti40\filters\uudrdr.dll Object is locked skipped C:\CFusionMX7\verity\k2\_nti40\filters\wosr.dll Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\HPPAppActivity.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\HPPHomePageActivity.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2006-11-08_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped C:\Documents and Settings\All Users\Documents\load.exe Infected: Backdoor.Win32.Agobot.gen skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Robb\.housecall\Quarantine\chckntfs.exe.bac_a03032 Infected: Backdoor.Win32.Agobot.afq skipped C:\Documents and Settings\Robb\Application Data\Symantec\PendingAlertsQueue.log Object is locked skipped C:\Documents and Settings\Robb\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Robb\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Robb\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Robb\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Robb\Local Settings\Temp\~DF8ABD.tmp Object is locked skipped C:\Documents and Settings\Robb\Local Settings\Temp\~DFEC39.tmp Object is locked skipped C:\Documents and Settings\Robb\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Robb\My Documents\load.exe Infected: Backdoor.Win32.Agobot.gen skipped C:\Documents and Settings\Robb\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Robb\ntuser.dat.LOG Object is locked skipped C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped C:\Program Files\Norton AntiVirus\Savrt\0110NAV~.TMP Object is locked skipped C:\Program Files\Norton AntiVirus\Savrt\0340NAV~.TMP Object is locked skipped C:\System Volume Information\_restore{2E144645-83D0-41DB-A247-4F8380BB87BF}\RP113\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped C:\WINDOWS\Internet Logs\ROBB.ldb Object is locked skipped C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\drivers\atapi.sys Object is locked skipped C:\WINDOWS\system32\drivers\SnopFree.sys Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\Temp\hsperfdata_SYSTEM\1040 Object is locked skipped C:\WINDOWS\Temp\ZLT07a98.TMP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped D:\System Volume Information\_restore{2E144645-83D0-41DB-A247-4F8380BB87BF}\RP113\change.log Object is locked skipped Scan process completed.

pcdome View Member Profile	Nov 8 2006, 08:36 AM Post #67
Member Group: Members Posts: 39 Joined: 3-July 06 Member No.: 74,474	HJT Log: Logfile of HijackThis v1.99.1 Scan saved at 10:30:54 PM, on 11/8/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\RUNDLL32.EXE C:\WINDOWS\SnoopFreeUI.exe C:\WINDOWS\VM_STI.EXE C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\CFusionMX7\runtime\bin\jrunsvc.exe C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe C:\CFusionMX7\runtime\bin\jrun.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\SnoopFreeSvc.exe C:\WINDOWS\System32\svchost.exe C:\CFusionMX7\verity\k2\_nti40\bin\k2server.exe C:\CFusionMX7\verity\k2\_nti40\bin\k2index.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\BitComet\BitComet.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\HijackThis\HJT.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SnoopFreeUI] SnoopFreeUI.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE lebeca web camera driver O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\SymProbe.exe -r "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {3D51DCE5-683F-422E-AB48-9D21E6DD5808} (cRsiteup.acRsiteup) - http://www.hebogo.com/ActiveX/cRsiteup.cab O16 - DPF: {3E5BBDC8-18F9-4A70-94B5-DD64929C0AF4} (AniCastH Class) - http://gogo.jaeminara.co.kr/gogo/hansol/na...ol/axacastH.cab O16 - DPF: {4E52C32F-C143-4963-A758-2DB07703CB49} (YahooCS Class) - http://kr.memo.yahoo.com/CAB/YahooWCS.cab O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://www.spatic.go.kr/www/msxml4.cab O16 - DPF: {95FAA6CA-9CD5-40A5-B9EA-2ED419D4D9E7} - http://www.spatic.go.kr/www/ZeusWEB.cab O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} - http://kings.nefficient.co.kr/kings/kdfx/k...29/kdfense8.cab O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} (HanSetupCtrl1008 Class) - http://id.hangame.com/common/HanSetup1008.cab O16 - DPF: {D2A4C311-F608-4E0E-BBFE-6B25E31AC15B} (Kdfense5 Control) - http://kings.cachenet.com/kdf5106/kdfense5.cab O16 - DPF: {E0BF7A2B-2F7C-497A-B50F-292D3F317965} (CongnamulMap Control) - http://www.congnamul.com/ActiveX/Release/C...amulMap_V17.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/eng/billard8_2_0_0_28.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ColdFusion MX 7 Application Server - Macromedia Inc. - C:\CFusionMX7\runtime\bin\jrunsvc.exe O23 - Service: ColdFusion MX 7 Search Server - Unknown owner - C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe" -cfg "C:\CFusionMX7\verity\k2\common\verity.cfg" -ntstart 1 (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\System32\npkcsvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Snoop Free Service (SnoopFreeSvc) - Unknown owner - C:\WINDOWS\System32\SnoopFreeSvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Whisperer View Member Profile	Nov 9 2006, 04:43 AM Post #68
Senior Member Group: Members Posts: 405 Joined: 29-May 05 Member No.: 21,742	Hi pcdome, Thanks for the logs, Kaspersky has thrown up 2 viruses, one of these is already in quarantine from an earlier TrendMicro scan, the other occurs in two distinct places. Please navigate to C:\Documents and Settings\All Users\Documents, locate the Load.exe file and delete it. Now look for the same file but this time in C:\Documents and Settings\Robb\My Documents , again delete it. You might as well delete that quarantined file as well which is found here C:\Documents and Settings\Robb\.housecall\Quarantine, the file name is chckntfs.exe.bac_a03032 Your Java installation is out of date as the current release is Update 9. Use Internet Explorer and go to this link to update your Java. Scroll down and select Java Runtime Environment (JRE) 5.0 Update 9 Finally use Add or Remove programs to remove all earlier versions of Java I would like you to use this online scanner next, it will serve to check whether our manual removals have been successful. Using Internet Explorer please run the F-Secure Online Scanner Follow the Instruction Here for installation. Accept the License Agreement. Once the ActiveX installs,Click Full System Scan Once the download completes,the scan will begin automatically. The scan will take some time to finish,so please be patient. When the scan completes, click the Automatic cleaning (recommended) button. Click the Show Report button and Copy&Paste the entire report in your next reply together with any comments. GT

pcdome View Member Profile	Nov 10 2006, 08:33 PM Post #69
Member Group: Members Posts: 39 Joined: 3-July 06 Member No.: 74,474	Disregard this post, I think I have fixed my problem from my post. I will post the results soon. This post has been edited by pcdome: Nov 10 2006, 08:35 PM

Whisperer View Member Profile	Dec 3 2006, 04:42 PM Post #70
Senior Member Group: Members Posts: 405 Joined: 29-May 05 Member No.: 21,742	I am assuming that your problems are now fixed as there has been no response for a considerable period of time. Best wishes

illukka View Member Profile	Dec 5 2006, 03:35 PM Post #71
Walmentaja Group: HJT Team Coach Posts: 2,857 Joined: 1-November 04 From: The Pits Of Hell Member No.: 4,411	as the problem here seems to be resolved this topic is now closed to get it reopened PM a staff member with the address of this thread. this applies to the topic starter only, everyone else with similar problems start a new topic. glad we could help thank you Whisperer -------------------- I Am A Proud Member Of ASAP Since 2004 To Ride, Shoot Straight And Speak The Truth

« Next Oldest · HijackThis Logs and Virus/Trojan/Spyware/Malware Removal · Next Newest »

2 User(s) are reading this topic (2 Guests and 0 Anonymous Users)

0 Members:

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Virus Removal Guides