Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hjt Log - Undetected Spyware


  • This topic is locked This topic is locked
8 replies to this topic

#1 nistleloy

nistleloy

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:10 PM

Posted 16 July 2007 - 06:45 AM

Hi this is my HijackThis log. I keep getting popups in IE when I start using the Internet even though I use Firefox. It is usually WinAntiVirus or DriveCleaner Ads. I have ran spybot and a full system scan with norton but the problem persists.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:40:00, on 16/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG111T\wlan111t.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Documents and Settings\Alan\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\ltqlqqst.dll",forkonce
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 6946 bytes

BC AdBot (Login to Remove)

 


m

#2 __RiP_ChAiN_

__RiP_ChAiN_

    Eh, whatever goes here.


  • Members
  • 1,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Omaha, Nebraska U.S.A
  • Local time:01:10 PM

Posted 16 July 2007 - 09:33 AM

Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
Posted Image

#3 nistleloy

nistleloy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:10 PM

Posted 16 July 2007 - 12:02 PM

Hi, thanks for your help. here is the VundoFix log followed by the HJT log.



VundoFix V6.5.6

Checking Java version...

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 17:47:43 16/07/2007

Listing files found while scanning....

C:\windows\system32\cfsftxji.dll
C:\WINDOWS\system32\ffhkj.bak1
C:\WINDOWS\system32\ffhkj.bak2
C:\WINDOWS\system32\ffhkj.ini
C:\WINDOWS\system32\ffhkj.ini2
C:\WINDOWS\system32\ffhkj.tmp
C:\windows\system32\ijxtfsfc.ini
C:\windows\system32\jdkaheqk.dll
C:\WINDOWS\system32\jkhff.dll
C:\windows\system32\kqehakdj.ini
C:\windows\system32\lnebubli.dll
C:\WINDOWS\system32\ltqlqqst.dll
C:\WINDOWS\system32\oyiydrhi.dll
C:\windows\system32\stargtyj.dll
C:\windows\system32\tnogauuw.dll
C:\windows\system32\tsqqlqtl.ini
C:\windows\system32\xmgwmtrb.dll

Beginning removal...

Attempting to delete C:\windows\system32\cfsftxji.dll
C:\windows\system32\cfsftxji.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\ffhkj.bak1
C:\WINDOWS\system32\ffhkj.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ffhkj.bak2
C:\WINDOWS\system32\ffhkj.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ffhkj.ini
C:\WINDOWS\system32\ffhkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ffhkj.ini2
C:\WINDOWS\system32\ffhkj.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ffhkj.tmp
C:\WINDOWS\system32\ffhkj.tmp Has been deleted!

Attempting to delete C:\windows\system32\ijxtfsfc.ini
C:\windows\system32\ijxtfsfc.ini Has been deleted!

Attempting to delete C:\windows\system32\jdkaheqk.dll
C:\windows\system32\jdkaheqk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkhff.dll
C:\WINDOWS\system32\jkhff.dll Has been deleted!

Attempting to delete C:\windows\system32\kqehakdj.ini
C:\windows\system32\kqehakdj.ini Has been deleted!

Attempting to delete C:\windows\system32\lnebubli.dll
C:\windows\system32\lnebubli.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ltqlqqst.dll
C:\WINDOWS\system32\ltqlqqst.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\oyiydrhi.dll
C:\WINDOWS\system32\oyiydrhi.dll Has been deleted!

Attempting to delete C:\windows\system32\stargtyj.dll
C:\windows\system32\stargtyj.dll Has been deleted!

Attempting to delete C:\windows\system32\tnogauuw.dll
C:\windows\system32\tnogauuw.dll Has been deleted!

Attempting to delete C:\windows\system32\tsqqlqtl.ini
C:\windows\system32\tsqqlqtl.ini Has been deleted!

Attempting to delete C:\windows\system32\xmgwmtrb.dll
C:\windows\system32\xmgwmtrb.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:55:23, on 16/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG111T\wlan111t.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Alan\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {BBDDD535-76DF-4C12-8281-CDBD91271BA4} - C:\WINDOWS\system32\jkhff.dll (file missing)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 7303 bytes

#4 __RiP_ChAiN_

__RiP_ChAiN_

    Eh, whatever goes here.


  • Members
  • 1,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Omaha, Nebraska U.S.A
  • Local time:01:10 PM

Posted 16 July 2007 - 12:35 PM

Hello nistleloy,

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.
More information with a screenshot, can be found here.
Posted Image

#5 nistleloy

nistleloy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:10 PM

Posted 16 July 2007 - 01:10 PM

Hi, here is the "saved list" file

Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Reader 7.0
Adobe Shockwave Player
AppCore
Apple Mobile Device Support
Apple Software Update
ArchiCAD 9 INT STUD
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
ATI HydraVision
ATI Parental Control & Encoder
ATITool Overclocking Utility
Autodesk Architectural Desktop 2005
Autodesk DWF Viewer
AV
AVG Anti-Spyware 7.5
AVIVO Codecs
Batman 0.4.4
Battlestations: Midway
Battlestations: Midway - Iowa Mission Pack
Call of Duty® 2
ccCommon
Community Mod Pack 2.0
Company of Heroes
Cossacks II
Dawn Of War
Disc2Phone
EA SPORTS online 2007
EA SPORTS™ Cricket 07
Far Cry
FIFA 07
FIFA 07 Graphics Patch 2.0
Flock 0.7
Football Manager 2007
GameShadow
Google SketchUp 6
Google SketchUp 6
Google Toolbar for Firefox
GTK+ 2.4.14 runtime environment
Guild Wars
Half-Life® 2
Hearts of Iron 2
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
HTML-Kit
iTunes
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 9
Java™ SE Runtime Environment 6 Update 1
LimeWire 4.12.15
LiveUpdate 3.2 (Symantec Corporation)
Medieval II Total War
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# .NET Redistributable Package 1.1
Mozilla Firefox (1.5.0.12)
MSN
MSRedist
MSXML 4.0 SP2 (KB927978)
MySpaceIM
Nero Suite
NETGEAR WG111T 108Mbps Wireless USB2.0 Adapter
Netherlands Patch - FVM Project 10
Norton AntiVirus
Norton Confidential Browser Component
Norton Confidential Web Protection Component
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Protection Center
OpenOffice.org 2.0
Pacific Poker
Packet Tracer 3.2
QuickTime
RealPlayer
Realtek High Definition Audio Driver
RivaTuner v2.0 RC 16.1
S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0003]
Safety Alert 2006
Saitek SST Programming Software
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Sid Meier's Civilization 4
Sid Meier's Pirates!
Silent Hunter III
Skype 3.0
Skype Plugin Manager
Sony Ericsson PC Suite 1.20.173
SPBBC 32bit
SpeedTouch USB Software
Spybot - Search & Destroy 1.4
SSH Secure Shell
Steam™
SuperLetter Quick Letter Writer BFPO
Symantec Real Time Storage Protection Component
SymNet
Take Command - 2nd Manassas
The GIMP 2.2.13
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
USB GAME PAD
Warhammer Mark of Chaos
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver

#6 __RiP_ChAiN_

__RiP_ChAiN_

    Eh, whatever goes here.


  • Members
  • 1,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Omaha, Nebraska U.S.A
  • Local time:01:10 PM

Posted 16 July 2007 - 02:54 PM

Hello nistleloy,

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Please download OTMoveIt by Oldtimer and save it to your desktop.

Using Add Or Remove Programs remove the following entries (if present): (To get into add Or Remove Programs press the START button > Control Panel > Add Or Remove Programs.)

Pacific Poker

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {BBDDD535-76DF-4C12-8281-CDBD91271BA4} - C:\WINDOWS\system32\jkhff.dll (file missing)
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe


Now close all windows other than HiJackThis, then click Fix Checked. Close HijackThis.

Run ATF Cleaner:Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Run OTMoveIt:
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\PACIFI~1

  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
  • Close OTMoveIt
(If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.)
Click the red Moveit! button.
Please "Copy" the results from the "Results" window (to the right) and then "Paste" them into your next reply on the forum.
Reboot into Normal Mode.

In your next reply please include the following:
  • A new Hijackthis log.
  • The OTMoveIt log.

Posted Image

#7 nistleloy

nistleloy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:10 PM

Posted 16 July 2007 - 05:42 PM

Hi, sorry for the wait i had to go out. This is the OTMoveIt Results and the new HJT log

C:\WINDOWS\system32\ctfmon.exe moved successfully.
C:\PROGRA~1\PACIFI~1\Settings\media moved successfully.
C:\PROGRA~1\PACIFI~1\Settings moved successfully.
C:\PROGRA~1\PACIFI~1\Poker\media moved successfully.
C:\PROGRA~1\PACIFI~1\Poker moved successfully.
C:\PROGRA~1\PACIFI~1\GameHist\media moved successfully.
C:\PROGRA~1\PACIFI~1\GameHist moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VP\VPRoyalDiamondJP\media moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VP\VPRoyalDiamondJP moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VP\VPMachine2\media moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VP\VPMachine2 moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VP\VPMachine1\media moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VP\VPMachine1 moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VP\VPJokerWild\media moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VP\VPJokerWild moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VP\VPJackOrBetter\media moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VP\VPJackOrBetter moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VP\VPDeucesWild\media moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VP\VPDeucesWild moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VP\VPCommon\media moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VP\VPCommon\Arena moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VP\VPCommon moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VP\VPBonusPoker\media moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VP\VPBonusPoker moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VP\VPAcesAndFaces\media moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VP\VPAcesAndFaces moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VP moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\011VS\sounds moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\011VS\payTable moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\011VS\payLine moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\011VS\Icons moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\011VS\buttons moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\011VS\bg moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\011VS moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\010VS\sounds moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\010VS\payTable moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\010VS\payLine moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\010VS\Icons moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\010VS\Freespins moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\010VS\buttons moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\010VS\bg moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\010VS moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\009VS\sounds moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\009VS\payTable moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\009VS\payLine moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\009VS\Icons moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\009VS\buttons moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\009VS\bg moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\009VS moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\008VS\sounds moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\008VS\payTable moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\008VS\payLine moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\008VS\Icons moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\008VS\Freespins moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\008VS\buttons moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\008VS\bg moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\008VS moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\007VS\sounds moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\007VS\payTable moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\007VS\payLine moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\007VS\Icons moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\007VS\Freespins moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\007VS\buttons moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\007VS\bg moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\007VS moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\006VS\sounds moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\006VS\payTable moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\006VS\payLine moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\006VS\Icons moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\006VS\Freespins moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\006VS\buttons moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\006VS\bg moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\006VS moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\005VS\sounds moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\005VS\payTable moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\005VS\payLine moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\005VS\Icons moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\005VS\Freespins moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\005VS\buttons moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\005VS\bg moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\005VS moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\004VS\sounds moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\004VS\payTable moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\004VS\payLine moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\004VS\Icons moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\004VS\buttons moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\004VS\bg moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\004VS moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\003VS\sounds moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\003VS\payTable moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\003VS\payLine moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\003VS\Icons moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\003VS\FreeSpins moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\003VS\buttons moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\003VS\bg moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\003VS moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\002VS\sounds moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\002VS\payTable moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\002VS\payLine moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\002VS\Icons moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\002VS\buttons moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\002VS\bg\X_OF_Many moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\002VS\bg\TakeOrDrop\sounds moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\002VS\bg\TakeOrDrop\Screen4 moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\002VS\bg\TakeOrDrop\Screen3 moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\002VS\bg\TakeOrDrop\Screen2 moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\002VS\bg\TakeOrDrop\Screen1 moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\002VS\bg\TakeOrDrop moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\002VS\bg moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\002VS moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\001VS\sounds moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\001VS\payTable moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\001VS\payLine moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\001VS\Icons moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\001VS\Freespins moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\001VS\buttons moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\001VS\bg moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot\001VS moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\VideoSlot moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\utils moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\roulette\media moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\roulette moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\PVP\PVPRoyalDiamondJP\media moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\PVP\PVPRoyalDiamondJP moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\PVP\PVPMachine2\media moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\PVP\PVPMachine2 moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\PVP\PVPJokerWild\media moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\PVP\PVPJokerWild moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\PVP\PVPJackOrBetter\media moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\PVP\PVPJackOrBetter moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\PVP\PVPDeucesWild\media moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\PVP\PVPDeucesWild moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\PVP\PVPCommon\media\Sounds moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\PVP\PVPCommon\media\CounterStripes moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\PVP\PVPCommon\media moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\PVP\PVPCommon moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\PVP\PVPBonusPoker\media moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\PVP\PVPBonusPoker moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\PVP\PVPArena moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\PVP\PVPAcesAndFaces\media moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\PVP\PVPAcesAndFaces moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\PVP moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\media\Toolbar moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\media\SoundsEx moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\media\NoShock moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\media\Limit moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\media\GoTo moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\media\FieldBox moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\media\Caption moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\media moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\Login\media moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker\Login moved successfully.
C:\PROGRA~1\PACIFI~1\casinopoker moved successfully.
C:\PROGRA~1\PACIFI~1 moved successfully.

Created on 07/16/2007 23:39:16



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:41:42, on 16/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\NETGEAR\WG111T\wlan111t.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Alan\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 6585 bytes

#8 __RiP_ChAiN_

__RiP_ChAiN_

    Eh, whatever goes here.


  • Members
  • 1,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Omaha, Nebraska U.S.A
  • Local time:01:10 PM

Posted 17 July 2007 - 12:21 AM

Hello nistleloy,

Please do an online scan with Kaspersky WebScanner Please note: You MUST use Internet Explorer for this scan to work. )

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Posted Image

#9 __RiP_ChAiN_

__RiP_ChAiN_

    Eh, whatever goes here.


  • Members
  • 1,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Omaha, Nebraska U.S.A
  • Local time:01:10 PM

Posted 28 July 2007 - 02:30 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact me or a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users