Need Lots Of Help Please

Forum Guidelines

Read this topic before posting a log.

DO NOT post a ComboFix log unless requested to.

Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

Need Lots Of Help Please

Options

Whisperer View Member Profile	Oct 27 2006, 05:41 AM Post #61
Senior Member Group: Members Posts: 405 Joined: 29-May 05 Member No.: 21,742	Thank you for the HJT I note that the 'Personal Firewall Checker' service in Norton is running and I am not too sure of their set-up and what package you have. Does the Symantec/Norton installation that you have include a firewall? GT This post has been edited by Whisperer: Oct 27 2006, 05:41 AM

pcdome View Member Profile	Oct 28 2006, 08:37 PM Post #62
Member Group: Members Posts: 39 Joined: 3-July 06 Member No.: 74,474	As far as I can tell it doesn't have a firewall on it. I'm running Norton Antivirus 2006 if that helps you know if it has a firewall. I looked at all the coverage options in the "Protection Center" and I didn't see anything about a firewall. I hope this info helps you. BTW, just out of curiosity what does "GT" mean? I'm not 2 up on my computer lingo talk, but I always like to learn these things b/c I like to use them when sending text msgs. Thanks.

pcdome View Member Profile	Nov 2 2006, 07:35 AM Post #63
Member Group: Members Posts: 39 Joined: 3-July 06 Member No.: 74,474	I don't want to be a pest, but just curious if you have any updates? Thanks, pcDome

Whisperer View Member Profile	Nov 2 2006, 10:17 AM Post #64
Senior Member Group: Members Posts: 405 Joined: 29-May 05 Member No.: 21,742	I had prepared a response BUT had forgotten to post it for checking by my tutor - sorry, it has been posted now and will come to you as soon as it has been checked This post has been edited by Whisperer: Nov 2 2006, 10:18 AM

Whisperer View Member Profile	Nov 2 2006, 10:35 AM Post #65
Senior Member Group: Members Posts: 405 Joined: 29-May 05 Member No.: 21,742	Hi pcdome, There is no greater significance to GT other than they are my initials The log is looking good in spite of your problems running some of the fixes especially as we seem to have got rid of that “?sv?tc?ids?er.exe” series of files. Please boot into safe mode and then move the MSOXMLMF.DLL that you have downloaded straight into its correct directory of C:\Program Files\Common Files\Microsoft Shared\OFFICE11\ clickYes when asked whether to overwrite the old one. With regards WinUPX, it was a freebie program that you may have removed a while ago, we will have a stay of execution on that one. Please do an online scan with Kaspersky Online Scanner You must use Internet Explorer for this scanner. Click on Kaspersky Online Scanner You will be prompted to install an ActiveX component from Kaspersky, Click Yes . The program will launch and then start to download the latest definition files. Once the scanner is installed and the definitions downloaded, click Next. Now click on Scan Settings and ensure that the following are selected: Under Scan using the following Anti-Virus database: Extended (If available otherwise Standard) Under Scan Options: Scan Archives Scan Mail Bases Click OK Now under select a target to scan select My Computer The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the Save as Text button: Save the file to your desktop. Copy and paste that information in your next post together with a new HijackThis log. GT

pcdome View Member Profile	Nov 8 2006, 08:31 AM Post #66
Member Group: Members Posts: 39 Joined: 3-July 06 Member No.: 74,474	Hi Whisperer, Here is the Kaspersky Log. I'm afraid it might be too many characters so I will post the newest HJT log in a second reply. Thanks, pcDome KASPERSKY ONLINE SCANNER REPORT Wednesday, November 08, 2006 10:22:16 PM Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 8/11/2006 Kaspersky Anti-Virus database records: 239285 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target My Computer C:\ D:\ E:\ F:\ G:\ Scan Statistics Total number of scanned objects 75770 Number of viruses found 2 Number of infected objects 3 / 0 Number of suspicious objects 0 Duration of the scan process 02:28:44 Infected Object Name Virus Name Last Action C:\CFusionMX7\logs\eventgateway.log Object is locked skipped C:\CFusionMX7\logs\server.log Object is locked skipped C:\CFusionMX7\runtime\logs\coldfusion-err.log Object is locked skipped C:\CFusionMX7\runtime\logs\coldfusion-out.log Object is locked skipped C:\CFusionMX7\runtime\servers\coldfusion\SERVER-INF\jms\db\coremq\consumer.dat Object is locked skipped C:\CFusionMX7\runtime\servers\coldfusion\SERVER-INF\jms\db\coremq\destination.dat Object is locked skipped C:\CFusionMX7\runtime\servers\coldfusion\SERVER-INF\jms\db\coremq\handle.dat Object is locked skipped C:\CFusionMX7\runtime\servers\coldfusion\SERVER-INF\jms\db\coremq\message.dat Object is locked skipped C:\CFusionMX7\verity\Data\host\admin\admin.dat Object is locked skipped C:\CFusionMX7\verity\Data\host\log\audit.log Object is locked skipped C:\CFusionMX7\verity\Data\host\log\status.log Object is locked skipped C:\CFusionMX7\verity\Data\services\ColdFusionK2_indexserver1\log\status.log Object is locked skipped C:\CFusionMX7\verity\Data\services\ColdFusionK2_server1\log\status.log Object is locked skipped C:\CFusionMX7\verity\k2\_nti40\filters\kpdwgrdr.dll Object is locked skipped C:\CFusionMX7\verity\k2\_nti40\filters\kpgifrdr.dll Object is locked skipped C:\CFusionMX7\verity\k2\_nti40\filters\kpifcnvt.dll Object is locked skipped C:\CFusionMX7\verity\k2\_nti40\filters\kpifutil.dll Object is locked skipped C:\CFusionMX7\verity\k2\_nti40\filters\kpjpeg.dll Object is locked skipped C:\CFusionMX7\verity\k2\_nti40\filters\kvfilter.dll Object is locked skipped C:\CFusionMX7\verity\k2\_nti40\filters\kvolefio.dll Object is locked skipped C:\CFusionMX7\verity\k2\_nti40\filters\kvxwpsa.dll Object is locked skipped C:\CFusionMX7\verity\k2\_nti40\filters\kvzee.dll Object is locked skipped C:\CFusionMX7\verity\k2\_nti40\filters\kw2hqx.dll Object is locked skipped C:\CFusionMX7\verity\k2\_nti40\filters\kw2tar.dll Object is locked skipped C:\CFusionMX7\verity\k2\_nti40\filters\uudrdr.dll Object is locked skipped C:\CFusionMX7\verity\k2\_nti40\filters\wosr.dll Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\HPPAppActivity.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\HPPHomePageActivity.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2006-11-08_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped C:\Documents and Settings\All Users\Documents\load.exe Infected: Backdoor.Win32.Agobot.gen skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Robb\.housecall\Quarantine\chckntfs.exe.bac_a03032 Infected: Backdoor.Win32.Agobot.afq skipped C:\Documents and Settings\Robb\Application Data\Symantec\PendingAlertsQueue.log Object is locked skipped C:\Documents and Settings\Robb\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Robb\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Robb\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Robb\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Robb\Local Settings\Temp\~DF8ABD.tmp Object is locked skipped C:\Documents and Settings\Robb\Local Settings\Temp\~DFEC39.tmp Object is locked skipped C:\Documents and Settings\Robb\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Robb\My Documents\load.exe Infected: Backdoor.Win32.Agobot.gen skipped C:\Documents and Settings\Robb\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Robb\ntuser.dat.LOG Object is locked skipped C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped C:\Program Files\Norton AntiVirus\Savrt\0110NAV~.TMP Object is locked skipped C:\Program Files\Norton AntiVirus\Savrt\0340NAV~.TMP Object is locked skipped C:\System Volume Information\_restore{2E144645-83D0-41DB-A247-4F8380BB87BF}\RP113\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped C:\WINDOWS\Internet Logs\ROBB.ldb Object is locked skipped C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\drivers\atapi.sys Object is locked skipped C:\WINDOWS\system32\drivers\SnopFree.sys Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\Temp\hsperfdata_SYSTEM\1040 Object is locked skipped C:\WINDOWS\Temp\ZLT07a98.TMP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped D:\System Volume Information\_restore{2E144645-83D0-41DB-A247-4F8380BB87BF}\RP113\change.log Object is locked skipped Scan process completed.

pcdome View Member Profile	Nov 8 2006, 08:36 AM Post #67
Member Group: Members Posts: 39 Joined: 3-July 06 Member No.: 74,474	HJT Log: Logfile of HijackThis v1.99.1 Scan saved at 10:30:54 PM, on 11/8/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\RUNDLL32.EXE C:\WINDOWS\SnoopFreeUI.exe C:\WINDOWS\VM_STI.EXE C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\CFusionMX7\runtime\bin\jrunsvc.exe C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe C:\CFusionMX7\runtime\bin\jrun.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\SnoopFreeSvc.exe C:\WINDOWS\System32\svchost.exe C:\CFusionMX7\verity\k2\_nti40\bin\k2server.exe C:\CFusionMX7\verity\k2\_nti40\bin\k2index.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\BitComet\BitComet.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\HijackThis\HJT.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SnoopFreeUI] SnoopFreeUI.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE lebeca web camera driver O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\SymProbe.exe -r "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {3D51DCE5-683F-422E-AB48-9D21E6DD5808} (cRsiteup.acRsiteup) - http://www.hebogo.com/ActiveX/cRsiteup.cab O16 - DPF: {3E5BBDC8-18F9-4A70-94B5-DD64929C0AF4} (AniCastH Class) - http://gogo.jaeminara.co.kr/gogo/hansol/na...ol/axacastH.cab O16 - DPF: {4E52C32F-C143-4963-A758-2DB07703CB49} (YahooCS Class) - http://kr.memo.yahoo.com/CAB/YahooWCS.cab O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://www.spatic.go.kr/www/msxml4.cab O16 - DPF: {95FAA6CA-9CD5-40A5-B9EA-2ED419D4D9E7} - http://www.spatic.go.kr/www/ZeusWEB.cab O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} - http://kings.nefficient.co.kr/kings/kdfx/k...29/kdfense8.cab O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} (HanSetupCtrl1008 Class) - http://id.hangame.com/common/HanSetup1008.cab O16 - DPF: {D2A4C311-F608-4E0E-BBFE-6B25E31AC15B} (Kdfense5 Control) - http://kings.cachenet.com/kdf5106/kdfense5.cab O16 - DPF: {E0BF7A2B-2F7C-497A-B50F-292D3F317965} (CongnamulMap Control) - http://www.congnamul.com/ActiveX/Release/C...amulMap_V17.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/eng/billard8_2_0_0_28.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ColdFusion MX 7 Application Server - Macromedia Inc. - C:\CFusionMX7\runtime\bin\jrunsvc.exe O23 - Service: ColdFusion MX 7 Search Server - Unknown owner - C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe" -cfg "C:\CFusionMX7\verity\k2\common\verity.cfg" -ntstart 1 (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\System32\npkcsvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Snoop Free Service (SnoopFreeSvc) - Unknown owner - C:\WINDOWS\System32\SnoopFreeSvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Whisperer View Member Profile	Nov 9 2006, 04:43 AM Post #68
Senior Member Group: Members Posts: 405 Joined: 29-May 05 Member No.: 21,742	Hi pcdome, Thanks for the logs, Kaspersky has thrown up 2 viruses, one of these is already in quarantine from an earlier TrendMicro scan, the other occurs in two distinct places. Please navigate to C:\Documents and Settings\All Users\Documents, locate the Load.exe file and delete it. Now look for the same file but this time in C:\Documents and Settings\Robb\My Documents , again delete it. You might as well delete that quarantined file as well which is found here C:\Documents and Settings\Robb\.housecall\Quarantine, the file name is chckntfs.exe.bac_a03032 Your Java installation is out of date as the current release is Update 9. Use Internet Explorer and go to this link to update your Java. Scroll down and select Java Runtime Environment (JRE) 5.0 Update 9 Finally use Add or Remove programs to remove all earlier versions of Java I would like you to use this online scanner next, it will serve to check whether our manual removals have been successful. Using Internet Explorer please run the F-Secure Online Scanner Follow the Instruction Here for installation. Accept the License Agreement. Once the ActiveX installs,Click Full System Scan Once the download completes,the scan will begin automatically. The scan will take some time to finish,so please be patient. When the scan completes, click the Automatic cleaning (recommended) button. Click the Show Report button and Copy&Paste the entire report in your next reply together with any comments. GT

pcdome View Member Profile	Nov 10 2006, 08:33 PM Post #69
Member Group: Members Posts: 39 Joined: 3-July 06 Member No.: 74,474	Disregard this post, I think I have fixed my problem from my post. I will post the results soon. This post has been edited by pcdome: Nov 10 2006, 08:35 PM

Whisperer View Member Profile	Dec 3 2006, 04:42 PM Post #70
Senior Member Group: Members Posts: 405 Joined: 29-May 05 Member No.: 21,742	I am assuming that your problems are now fixed as there has been no response for a considerable period of time. Best wishes

illukka View Member Profile	Dec 5 2006, 03:35 PM Post #71
Walmentaja Group: HJT Team Coach Posts: 2,857 Joined: 1-November 04 From: The Pits Of Hell Member No.: 4,411	as the problem here seems to be resolved this topic is now closed to get it reopened PM a staff member with the address of this thread. this applies to the topic starter only, everyone else with similar problems start a new topic. glad we could help thank you Whisperer -------------------- I Am A Proud Member Of ASAP Since 2004 To Ride, Shoot Straight And Speak The Truth

« Next Oldest · HijackThis Logs and Virus/Trojan/Spyware/Malware Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Virus Removal Guides