Need Lots Of Help Please

Forum Guidelines

Read this topic before posting a log.

DO NOT post a ComboFix log unless requested to.

Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

Need Lots Of Help Please

Options

Whisperer View Member Profile	Jul 19 2006, 03:13 AM Post #16
Senior Member Group: Members Posts: 405 Joined: 29-May 05 Member No.: 21,742	Forget the Java, I was working two different logs, my error! Sorreeee! With regards ZA, just install individual copies on each machine on the network, if you have a hardware firewall built into your router you should retain software firewalls as well. If you wish to add to your knowledge of firewalls then try here Catch you later GT P.S. You could also try another Stinger run to see if it still finds that same damaged pate virus in the h0ya file or whether it was another example of a different name! This post has been edited by Whisperer: Jul 19 2006, 03:20 AM

pcdome View Member Profile	Jul 19 2006, 07:30 AM Post #17
Member Group: Members Posts: 39 Joined: 3-July 06 Member No.: 74,474	Hi Whisperer, Thanks for the firewall info. Here is the latest from Stinger. The W32/Pate virus is still there. McAfee AVERT Stinger Version 2.6.0. built on Apr 5 2006 Copyright © 2005 Networks Associates Technology, Inc. All Rights Reserved. Virus data file v1000 created on Feb 2 2006. Ready to scan for 55 viruses, trojans and variants. Scan initiated on Wed Jul 19 19:49:12 2006 C:\Documents and Settings\Robb\My Documents\h0ya\CDmage.exe Found the W32/Pate.dam virus !!! C:\Documents and Settings\Robb\My Documents\h0ya\CDmage.exe could not be repaired. Number of clean files: 198576 Number of infected files: 1 Have a good day! pcDome

Whisperer View Member Profile	Jul 20 2006, 02:46 AM Post #18
Senior Member Group: Members Posts: 405 Joined: 29-May 05 Member No.: 21,742	Back again, You are looking good so we will do a bit more of a clean-up, remove 2 known resource hogs (optional) and then you can restore your msconfig as you wish. Please navigate to the C:\Documents and Settings\Robb\My Documents\h0ya directory If there is an Uninstall option there for CDmage then click to run. As CDmage does not appear in your uninstall list then I doubt that the first option will work In either case go up to the My Documents directory and delete the h0ya directory and all of its contents That should take care of the W32/Pate.dam infection at the same time With all other windows closed, start your HijackThis and click on Scan Click in the check-box to the left of each of the following entries, if found The first of these was probably the cause of my confusion over the Java. It failed to do its job in keeping you up-to-date as well! You will have to update Java manually or set Java 1.5.0_07 to do it for you. Locate and run javacpl.exe to access the options. O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe The next two are known resource hogs and recommended to go, removal only stops them running at start and does not affect the program at all. These are both updaters and as a general rule I do not recommend automatic updates with the exception of Windows, even then I choose what to install and when O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe Select Fix Checked Please feel free to restore your MSConfig back to the state that you had before, removing any programs that you do not wish to run automatically. I would suggest another CCleaner run followed by a Defragmentation of your computer. If you have not done one recently then it could take a fair time, hours as opposed to minutes! Before I give some final general advice aimed at the clean computer, please post me a new HijackThis log and make any comments that you feel appropriate concerning your computers performance now GT

pcdome View Member Profile	Jul 24 2006, 07:08 PM Post #19
Member Group: Members Posts: 39 Joined: 3-July 06 Member No.: 74,474	Hi Whisperer, Sorry for the long delay in replying, I had a busy weekend. (Actually, I had to defrag my own head after the weekend I had. ) Anyhow, I've done everything you said. The W32/Pate virus is gone, Hooray!!! I also ran CCleaner again, and defraged my computer, and that all looks good. However, I tried to reset my MSCONFIG back to what it was, I assumed that I would just have to click the radio button that was originally highlighted. (and I remember my 8th grade teacher saying "Never assume b/c it makes an "ass" out of 'u' and me," and of course it did out of me but not you.) However, changing MSCONFIG back to the original radio button didn't work, when I restarted it my pc still launches a bunch of programs that my friend had previously setup to only launch when I choose not at startup. Could you please help me fix this, b/c it slows my computer way down at startup. Thank you. Below is my latest HJT log: Logfile of HijackThis v1.99.1 Scan saved at 9:05:18 AM, on 7/25/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\SIGMA\TV\sigmatv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\Sigma\common\SMBM.EXE C:\CFusionMX7\runtime\bin\jrunsvc.exe C:\WINDOWS\SnoopFreeUI.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe C:\CFusionMX7\runtime\bin\jrun.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\SnoopFreeSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\CFusionMX7\verity\k2\_nti40\bin\k2server.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\CFusionMX7\verity\k2\_nti40\bin\k2index.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\HijackThis\HijackThis.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [TV_Path] C:\Program Files\SIGMA\TV\sigmatv.exe /t O4 - HKLM\..\Run: [SMBM] C:\Program Files\Sigma\common\SMBM.EXE /D O4 - HKLM\..\Run: [SnoopFreeUI] SnoopFreeUI.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" O4 - Startup: Juice.lnk = C:\Program Files\Juice\Juice.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - O16 - DPF: {0AE0F5F9-8233-49A4-A3C8-004CE190787B} (BMSpeedCheck Control) - O16 - DPF: {9BF607E0-4CC1-4099-9A07-362C9E4FB090} (WStarter Control) - O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} (HanSetupCtrl1008 Class) - http://id.hangame.com/common/HanSetup1008.cab O16 - DPF: {E0BF7A2B-2F7C-497A-B50F-292D3F317965} (CongnamulMap Control) - http://www.congnamul.com/ActiveX/Release/C...amulMap_V17.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ColdFusion MX 7 Application Server - Macromedia Inc. - C:\CFusionMX7\runtime\bin\jrunsvc.exe O23 - Service: ColdFusion MX 7 Search Server - Unknown owner - C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe" -cfg "C:\CFusionMX7\verity\k2\common\verity.cfg" -ntstart 1 (file missing) O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\System32\npkcsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Snoop Free Service (SnoopFreeSvc) - Unknown owner - C:\WINDOWS\System32\SnoopFreeSvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Thanks so much for all of your help. Looking forward to your final answer. Best regards, pcDome

Whisperer View Member Profile	Jul 28 2006, 03:52 AM Post #20
Senior Member Group: Members Posts: 405 Joined: 29-May 05 Member No.: 21,742	Hi pcdome, You have a couple of not so nice O16's that need removing so With all other windows closed, start your HijackThis and click on Scan Click in the check-box to the left of each of the following entries, if found O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - O16 - DPF: {9BF607E0-4CC1-4099-9A07-362C9E4FB090} (WStarter Control) - Select Fix Checked *Once you have done this you will have a clean log* *Clean Log* Well done, your log is clean. Just a tidy up required. First we make sure that any files in a System Restore point can not reinfect your computer by removing all old system restore points. Select the Start button and from the available options Right-click the My Computer option and select Properties. Click on the System Restore tab. Check the box against Turn off System Restore on all drives. Click OK Click Yes to confirm, then restart the computer After the restart, re-enable System Restore by following steps a-c, but in step c, click to clear the Turn off System Restore on all drives. check box. Restore your Hidden & System files to their normal state by Select the Start button and from the available options Right-click the My Computer option. Select Explore from the drop-down menu Select the Tools menu and click Folder Options. from the new window Select the View Tab. Under the Hidden files and folders heading remove the tick from Show hidden files and folders by clicking in the check-box to its left Replace the check against Hide protected operating system files (recommended) option, again by clicking the check-box to its left. Click Yes to confirm. Click OK. Finally, HijackThis makes backups of all corrections made in a sub-folder of your HJT folder called Backups. Please navigate to this Backups folder and delete the contents *Preventative measures* Retain both Spybot and AdAware and run them at regular intervals after updating them. Do the same with CCleaner. In addition I would suggest that you install the following 3 free programs, keep these updated as they are background tools SpywareBlaster - Excellent prevention tool to keep Malware from installing on your system. SpywareGuard provides a shield against infection IE-SpyAd puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. A tutorial is available here Windows Updates – Please bring your Windows and Internet Explorer up-to-date with Service Pack 2. It is very important to ensure that Internet Explorer and Windows are kept up to date with the latest critical security patches from Microsoft. Click on the Start button and select Windows Update, follow the online instructions from there. On a similar vein do ensure that all of your Anti-Virus and Anti-Malware software are also kept up to date. To find out more information about how you got infected in the first place and some excellent guide lines to follow to prevent future infections you can read this one by Lawrence Abrams The only advice that I could give you in restoring your computer configuration is the difference between your first HijackThis log and the current one. If you select the following in HijackThis you will be somewhere close to your start position – without the malware! With all other windows closed, start your HijackThis and click on Scan Click in the check-box to the left of each of the following entries, if found O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" O4 - Startup: Juice.lnk = C:\Program Files\Juice\Juice.exe O16 - DPF: {0AE0F5F9-8233-49A4-A3C8-004CE190787B} (BMSpeedCheck Control) - Select Fix Checked Best wishes and safe surfing GT

pcdome View Member Profile	Jul 29 2006, 11:12 PM Post #21
Member Group: Members Posts: 39 Joined: 3-July 06 Member No.: 74,474	Hi Whisperer, Thanks again for all of your help. Everything seems ok now. I'm crossing my fingers. I only have one more issue and it's related to SpywareGuard. When I try to run SG it goes to a configuring box, during the configure process another window pops up that reads as below: SpywareRemover The feature you are trying to use is on a network resource that is unavailable. Click Ok to try again or enter an alternate path to a folder containing the installation package "SpywareRemover.msi" in the box below. Use source: D:\Spyware.Adware.Remover,v7.0&keygen\ When I click "Ok", it gives this response in another window: The path 'D:\Spyware.Adware.Remover.v7.0&keygen\SpywareRemover.msi' cannot be found. Verify that you have access to the location and try again, or try to find the installation package 'SpywareRemover.msi' in a folder from which you can install the product SpywareRemover. OK I don't know what this product is, so I can't find it when use the "Browse..." option. If I click "Cancel" SG tries to configure 3 times, each time coming back to the same point. Please let me know what I should do. Thank you. pcDome

Whisperer View Member Profile	Jul 30 2006, 03:01 AM Post #22
Senior Member Group: Members Posts: 405 Joined: 29-May 05 Member No.: 21,742	Hi Pcdome, On the face of it, it might be another nasty, so please show the hidden files again and do another look for SpywareRemover.msi. The program SpywareRemover is a rogue but how it got to your computer is unknown. Please do not attempt any self-fixes until my tutor gives you the OK through me. I would like you to produce an updated list of your installed programs to see if it has crept in there. To do this open your HijackThis Click on Open the Misc Tools section or Config… button, depending on how you are set up. If you used the Config... option then click the Misc Tools tab Select Open Uninstall Manager , a list of your installed programs will be displayed. Select the Save List… button and save the file to your desktop. Next I would like you to rename your HijackThis.exe file to HJT.exe and then run a scan using HJT.exe. Please post a copy of the updated list and an up-to-date HJT log in your next reply GT

pcdome View Member Profile	Aug 1 2006, 09:09 AM Post #23
Member Group: Members Posts: 39 Joined: 3-July 06 Member No.: 74,474	Hi Whisperer, Here are the logs you requested. I think I changed the Hijackthis.exe to HJT.exe but I'm not 100% on that. Uninstall list: ³￢¼¶²￥°O Ad-Aware SE Personal Adobe Download Manager 2.0(¼³A¡ A\|°A¸¸ CØ´c) Adobe Flash Player 9 ActiveX Adobe Illustrator CS Adobe Photoshop CS Adobe Reader 7.0.8 Adobe SVG Viewer 3.0 AeCOAUμ\|(Unified Codec Pack) 8.0.0.5 ≫eA\| afreeca A\|°A Alcohol 120% (Trial Version) BitComet 0.56 Canon MP Drivers 7.0 Canon ScanGear Starter CASHFLOW?202 THE E-GAME CASHFLOW?THE E-GAME ccCommon CCleaner (remove only) CN°OAO CN°OAO AUμ¿ AI½ºAc·? CN¹æ¿¡~ V2.15 Codec 7.8i Democracy Player 0.8.4.1 Desktop Weather by The Weather Channel ewido anti-spyware 4.0 GOM Player Google Earth Google SketchUp Google Toolbar for Internet Explorer HijackThis 1.99.1 IKEA Home Planner Kitchen Internet Explorer Q903235 Internet Worm Protection iPod for Windows 2005-10-12 iTunes J2SE Runtime Environment 5.0 Update 7 Juice 2.2 K-Defense8 Control - A°º¸μa º¸¾E LiveReg (Symantec Corporation) LiveUpdate 3.0 (Symantec Corporation) Macromedia ColdFusion MX 7 Macromedia Dreamweaver 8 Macromedia Extension Manager Macromedia Fireworks 8 Macromedia Flash 8 Macromedia Flash 8 Video Encoder Macromedia Flash Player 8 Macromedia Flash Player 8 Plugin Macromedia Shockwave Player Microsoft .NET Framework 2.0 Microsoft Data Access Components KB870669 Microsoft Office Professional Edition 2003 MSN Messenger 7.5 myLinker Nero 6 Ultra Edition Norton AntiVirus 2005 Norton AntiVirus 2005 (Symantec Corporation) Norton AntiVirus Help Norton AntiVirus Parent MSI Norton AntiVirus SYMLT MSI Norton WMI Update nProtect KeyCrypt nProtect Netizen Ver.3(remove only) NVIDIA Drivers PDF reDirect (remove only) PeerGuardian 2.0 PowerISO PPLive 1.2.35 PPStream QuickTime Real Alternative 1.46 Realtek AC'97 Audio REALTEK Gigabit and Fast Ethernet NIC Driver Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896426) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899588) Security Update for Windows XP (KB899589) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901190) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905495) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB908531) Security Update for Windows XP (KB911280) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913446) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917953) Serif DrawPlus 4.0 Slim TV Driver SnoopFree Privacy Shield SoftCamp Secure KeyStroke 4.0 SopCast 0.9.8 SPBBC Spybot - Search & Destroy 1.4 SpywareBlaster v3.5.1 SpywareGuard v2.2 Symantec Symantec Script Blocking Installer SymNet The Rosetta Stone ToToBrowser verion 2 TV Card TV Card Driver TV Driver TVAnts 1.0 TVUPlayer 1.5.12 Update for Windows XP (KB835409) Update for Windows XP (KB898461) Update for Windows XP (KB910437) VideoLAN VLC media player 0.8.4a VobSub v2.23 (Remove Only) Weather Services Winamp (remove only) Windows Installer 3.1 (KB893803) Windows Installer 3.1 (KB893803) Windows Media Format Runtime Windows Media Player 10 Windows Media Player Hotfix [See Q828026 for more information] Windows XP Hotfix - KB823182 Windows XP Hotfix - KB824105 Windows XP Hotfix - KB825119 Windows XP Hotfix - KB826939 Windows XP Hotfix - KB828035 Windows XP Hotfix - KB828741 Windows XP Hotfix - KB833407 Windows XP Hotfix - KB833987 Windows XP Hotfix - KB835732 Windows XP Hotfix - KB837001 Windows XP Hotfix - KB839645 Windows XP Hotfix - KB840315 Windows XP Hotfix - KB840374 Windows XP Hotfix - KB840987 Windows XP Hotfix - KB841356 Windows XP Hotfix - KB841533 Windows XP Hotfix - KB841873 Windows XP Hotfix - KB842773 Windows XP Hotfix - KB867282 Windows XP Hotfix - KB871250 Windows XP Hotfix - KB873333 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB873376 Windows XP Hotfix - KB883939 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB889293 Windows XP Hotfix - KB890047 Windows XP Hotfix - KB890175 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB890923 Windows XP Hotfix - KB891711 Windows XP Hotfix - KB891781 Windows XP Hotfix - KB892944 Windows XP Hotfix - KB893066 Windows XP Hotfix - KB893086 Windows XP Hotfix - KB896688 Windows XP Hotfix - KB896727 Windows XP Hotfix - KB897715 Windows XP Hotfix - KB905915 Windows XP Hotfix - KB911567 Windows XP Hotfix - KB912812 Windows XP Hotfix - KB916281 Windows XP Hotfix - KB918439 WinISO 5.3 WinRAR archiver XecureWeb Control Yahoo! Messenger ZeusWEB ZoneAlarm Pro HJT.exe log: Logfile of HijackThis v1.99.1 Scan saved at 11:05:51 PM, on 8/1/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\RUNDLL32.EXE C:\WINDOWS\SnoopFreeUI.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\CFusionMX7\runtime\bin\jrunsvc.exe C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe C:\WINDOWS\System32\rundll32.exe C:\CFusionMX7\runtime\bin\jrun.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\BitComet\BitComet.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\SnoopFreeSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\CFusionMX7\verity\k2\_nti40\bin\k2server.exe C:\CFusionMX7\verity\k2\_nti40\bin\k2index.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\System32\conime.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\HijackThis\HJT.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SnoopFreeUI] SnoopFreeUI.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {091CDD73-1401-4643-9B9C-65B091C88685} (MyLinker Control) - http://hmall.contents.mylinker.co.kr/module/MyLinker.cab O16 - DPF: {3E5BBDC8-18F9-4A70-94B5-DD64929C0AF4} (AniCastH Class) - http://gogo.jaeminara.co.kr/gogo/hansol/na...ol/axacastH.cab O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://www.spatic.go.kr/www/msxml4.cab O16 - DPF: {95FAA6CA-9CD5-40A5-B9EA-2ED419D4D9E7} (MapView Class) - http://www.spatic.go.kr/www/ZeusWEB.cab O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://kings.nefficient.co.kr/kings/kdfx/k...29/kdfense8.cab O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} (HanSetupCtrl1008 Class) - http://id.hangame.com/common/HanSetup1008.cab O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://update.nprotect.net/keycrypt/ntservice/npkcx.cab O16 - DPF: {E0BF7A2B-2F7C-497A-B50F-292D3F317965} (CongnamulMap Control) - http://www.congnamul.com/ActiveX/Release/C...amulMap_V17.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ColdFusion MX 7 Application Server - Macromedia Inc. - C:\CFusionMX7\runtime\bin\jrunsvc.exe O23 - Service: ColdFusion MX 7 Search Server - Unknown owner - C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe" -cfg "C:\CFusionMX7\verity\k2\common\verity.cfg" -ntstart 1 (file missing) O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\System32\npkcsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Snoop Free Service (SnoopFreeSvc) - Unknown owner - C:\WINDOWS\System32\SnoopFreeSvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe I will not do any self fixes until you instruct me otherwise. Once again thank you very much. pcDome

Whisperer View Member Profile	Aug 2 2006, 05:48 AM Post #24
Senior Member Group: Members Posts: 405 Joined: 29-May 05 Member No.: 21,742	Pcdome, Your log is effectively clean. There are a couple of bad O16 entries, but most importantly I see you are still using SP1. It is imperative that you get the extra security of SP2 on your system at the earliest opportunity, together with any other security updates and that must be before you go onto any P2P sites or any other site apart from Windows Update and those sites that you are required to download tools from. Please do NOT update to SP2 until you are given the all-clear again, then make it your first priority. I have checked your uninstall log and will need your help in classifying the following entries as my Korean is non-existent! ³￢¼¶²￥°O Adobe Download Manager 2.0(¼³A¡ A\|°A¸¸ CØ´c) AeCOAUμ\|(Unified Codec Pack) 8.0.0.5 ≫eA\| afreeca A\|°A CN°OAO CN°OAO AUμ¿ AI½ºAc•? CN¹æ¿¡~ V2.15 K-Defense8 Control - A°º¸μa º¸¾E Please use Add or Remove Programs to remove SpywareGuard V2.2 from your computer, it could just be that this is a corrupted download. Please download WinpFind , we will use this to find hidden files that could be giving you the problem. Locate the WinPFind.zip file, right-click and extract it to your C:\ folder. This will create a folder called WinPFind in the C:\ folder I suggest that you print out the following instructions or highlight the remainder and save to a WordPad file on your desktop as you will no longer have an internet connection until we have finished the clean up Physically disconnect your computer from the internet by unplugging the lead. Reboot the computer into safe mode using a clean boot sequence Select the Start button and Turn Off Computer Select the Turn Off option, when the computer has shut down switch off the power supply. After 10 seconds, restore the power supply and switch on the computer Some computers have a progress bar that refers to the word BIOS. Others may not let you know what is happening. As soon as the BIOS loads, or a single Beep is heard then begin tapping the F8 key on your keyboard. Do so until the Windows Advanced Options menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. If this happens, restart the computer and try again. Using the arrow keys on the keyboard, select Safe mode and then press Enter. When in Safe mode you will have your desktop with the word ‘Safe’ in the 4 corners. To reduce the chance of AntiSpyware interfering with the fixes, please stop all antispyware on your computer. If you right-click on the icon in the systems tray you will find an option to ‘exit’. When you reboot, this will all return to normal. Navigate to the C:\WinPFind directory and click the file called WinPFind.exe .to open it Once it is open, click on the Start Scan button and wait for it to finish. This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more. When it is done, it will show the results of the scan. Click on the Copy to Clipboard button Please post The contents of the log in your clipboard as a reply in your next post. A new HJT log Any update to your problem that you can, now that we have removed SpywareGuard GT

Whisperer View Member Profile	Aug 11 2006, 06:22 AM Post #25
Senior Member Group: Members Posts: 405 Joined: 29-May 05 Member No.: 21,742	Hi pcdome, I have not heard from you for over a week, is all OK? If I do not hear from you by the 16th I will assume that the topic is now closed. GT

Whisperer View Member Profile	Aug 17 2006, 01:58 PM Post #27
Senior Member Group: Members Posts: 405 Joined: 29-May 05 Member No.: 21,742	Hi pcdome, Thanks for the response, I will look at the WinPFind log shortly but you have some installed programs that can go, your Java installation is out-of-date again and your HijackThis log has a couple of things that need fixing. Before we start I would like to pose some more queries. Q1. Do you use the Inca Internet facility? Q2. Do you have Novell's Netware installed or in use? Q3. Do you use hauri virobot, as an antivirus program?[/list] On to the fixes We will now remove the unknown programs, the old Java and one adware program.Click Start , select Control Panel and then Add or Remove Programs Once the list has populated scroll down to the following entries, click on them and select Remove ³￢¼¶²￥°O Adobe Download Manager 2.0(¼³A¡ A\|°A¸¸ CØ´c) AeCOAUμ\|(Unified Codec Pack) 8.0.0.5 ≫eA\| CN°OAO CN°OAO AUμ¿ AI½ºAc•? CN¹æ¿¡~ V2.15 J2SE Runtime Environment 5.0 Update 7 K-Defense8 Control - A°º¸μa º¸¾E myLinker Replace the Java as the current release is Update 8. Use Internet Explorer and go to this link to update your Java. Scroll down and select Java Runtime Environment (JRE) 5.0 Update 8 With all other windows closed, start your HijackThis and click on Scan Click in the check-box to the left of each of the following entries, if found O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll O16 - DPF: {091CDD73-1401-4643-9B9C-65B091C88685} (MyLinker Control) - http://hmall.contents.mylinker.co.kr/module/MyLinker.cab O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://update.nprotect.net/keycrypt/ntservice/npkcx.cab This next one is a resource hog. Checking this item does not remove the program it just prevents the program starting automatically when Windows starts O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime Select Fix Checked Until I get back to you with the WinPFind results that will do for now GT

pcdome View Member Profile	Aug 17 2006, 05:34 PM Post #28
Member Group: Members Posts: 39 Joined: 3-July 06 Member No.: 74,474	Hi Whisperer, You posted 3 questions in your last reply before we started the clean up. So, I'm getting ready for work right now and can't start the clean up but thought I would quickly reply to the questions, in case they help you/me. The answer is no, I don't use them nor do I know what they are. I hope that helps. Have a good day. pcDome

pcdome View Member Profile	Aug 21 2006, 08:11 PM Post #29
Member Group: Members Posts: 39 Joined: 3-July 06 Member No.: 74,474	Hi Whisperer, I have done as you instructed, however (doesn't seem like there is always a "however?") when I removed the programs the only ones that were listed were as follows: Adobe Download Manager K-defense8 Control myLinker J2SE 7 Update Therefore, the other non-readable programs did not appear or at least in their non-readable format. I also found in the Add/Remove programs something called "ZeusWEB". Do you know anything about this program, because I don't. Thanks, pcDome

Whisperer View Member Profile	Aug 24 2006, 02:45 AM Post #30
Senior Member Group: Members Posts: 405 Joined: 29-May 05 Member No.: 21,742	Hi pcdome, Apologies for the delay but you slipped through my net. I will deal with your specific queries as I get to them, no cause for concern. I have found some evidence of a Qoologic infection in your WinPFind log, we will deal with this next Please download Qoofix by RubbeR DuckY from here or here . A tutorial is available from here . Unzip all files to a convenient location such as C:\Qoofix. Go to the folder you unzipped all files and run Qoofix.exe. Click Begin Removal and wait for the scan to finish. If an infection has been found, select Yes to restart your computer. Please carry out a new WinPFind and a HijackThis Finally post a new HijackThis log, the contents of the Qoofix logfile and the new WinPFind log. GT

« Next Oldest · HijackThis Logs and Virus/Trojan/Spyware/Malware Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Virus Removal Guides