Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Jlxgn And Scgcnj


  • This topic is locked This topic is locked
19 replies to this topic

#1 teenslayer

teenslayer

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 31 August 2006 - 11:42 PM

I'm not sure what jlxgn.exe and scgcnj.exe are.. but they keep appearing in my task manager and I just can't get rid of them. I think this is similar to another problem, wgvjd.exe, that has been going around. I think I got it from opening a crack file. So far, I see an increase in pop ups and my firefox freezes a lot. Please help me. The following are the text script I got from "Security Task Manager".

SCGCNJ.EXE:

Software\Microsoft\Windows NT\CurrentVersion\Winlogon
This program cannot be run in DOS mode.
AOL Frame25
MSN6 Window
Yahoo BrMain class
Opera Main Window
Internet Explorer_Server
\Start Menu\Programs\Startup
Cannot find server
Start Page
Software\Microsoft\Internet Explorer\Main
Windows 3x
Windows 9x
Windows NT
Software\Microsoft\Internet Explorer
runtime error
TLOSS error
DOMAIN error
This application has requested the Runtime to terminate it in an unusual way.Please contact the applications support team for more information.
Microsoft Visual C
Runtime Error
program name unknown
Buffer overrun detected
Unknown security failure detected
C\Documents and Settings\All Users\Start Menu\Programs\Startup\kjsdt.exe
The procedure entry point s could not be located in the dynamic link library s
The ordinal u could not be located in the dynamic link library sR
----------------
SetTimer
GetAdaptersInfo
InternetOpenA
advapi32.dll
iphlpapi.dll
wininet.dll
shlwapi.dll
LoadLibraryA
GetModuleHandleA
GetProcAddress
kernel32.dll
wsprintfA
MessageBoxA
ExitProcess
kernel32.dll
VirtualFree
VirtualAlloc
UivAl
nbta
htinfJ
mhum
HeoiH
urhNLu
ATfo
,doA
\/uj
.edZ
macj
8qevTDTYlD8
ngJvbyo
eRMerr
Taca
/nu_
GucHa
olazRj
fqua
QiJn
/gudyx
etqbn
Xezv
hlu,lsR
WvAce
nyqi4l
LakG
PpyAo
cEm0suH
HjuyQ
behmh
eyvm
mm0zsRa
HJqzokUg
JeHmHnf
se\xc/
semf3v
zye1eUy\
,fci
LzuAr
ugfr
\heXvp/cm
oqRQmo
sUo
RoNf
oZjhti
fwga
EdoT
msra
.ia
BseR
Apo/
\ewQ
Zbjenl
PlaJni7
VdapcB
VEjek
Defm
vmT1Xyxab
RGnammcEqI
YOzi
PqraiC
BAlfu
aptc
Bvsziuq
CliMg
qvya
UNco
abcdefghijklmnopqrstuvwxyz
C\WINDOWS\system32\scgcnj.exe
C\WINDOWS\system32\yjgcerp.dll
C\WINDOWS\system32\jlxgn.exe
C\WINDOWS\system32\xavfy.dat
C\WINDOWS\qxnie.dll
C\WINDOWS\system32\thekxoe.exe
C\WINDOWS\system32\scgcnj.exe
C\WINDOWS\system32\yjgcerp.dll
C\WINDOWS\system32\scgcnj.exe
NKeb
unknown
SysOleClass
lGetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetSystemInfo
sVirtualAlloc
yVirtualProtect
LCMapStringW
kMultiByteToWideChar
LCMapStringA
GetCPInfo
HeapSize
GetFileTypevVirtualFree
SetHandleCount
FreeEnvironmentStringsWOGetEnvironmentStringsW
FreeEnvironmentStringsAMGetEnvironmentStrings
UnhandledExceptionFilter
GetStdHandle
InterlockedExchange
GetCommandLineA
GetStartupInfoA
GetCurrentProcess
RtlUnwind
RegSetValueA
RegDeleteKeyA
RegSetValueExA
RegCreateKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegOpenKeyA
RegDeleteValueA
RegisterWindowMessageA
GetMessageA
TranslateMessage
DispatchMessageA
RegisterClassExA
DestroyWindow
PostQuitMessage
DefWindowProcA
KillTimer
CreateWindowExAzSetTimer
GetForegroundWindow
EnumChildWindows
WaitForInputIdle
EnumThreadWindows
SetWindowPos
IsWindow
ShowWindow
SystemParametersInfoAWSetForegroundWindow
tGetWindowRect
FindWindowAwGetWindowTextA
SendMessageA
EnumWindows
GetWindowThreadProcessId
GetClassNameA
PostMessageA
wsprintfA
GetComputerNameA
VTlsGetValue
cUnmapViewOfFileWTlsSetValueTTlsAlloc
SetUnhandledExceptionFilterxOpenMutexA
,IsBadWritePtr
CreateFileMappingA
MapViewOfFileN
InitializeCriticalSection
SGetExitCodeThreadzOpenProcess
DeleteCriticalSectionkGetLocalTime
EnterCriticalSection
GLeaveCriticalSection
SetLastError
LSystemTimeToFileTime
FileTimeToSystemTime
ExitProcessuGetModuleFileNameA
DeviceIoControl
PTerminateThread
ReleaseMutex
CreateProcessA
wGetModuleHandleA
WriteProcessMemory
ResumeThread
CreateRemoteThread
WaitForSingleObjectd
OTerminateProcess
CreateThread
IsBadReadPtr
HeapCreate
HeapDestroy
CreateMutexA
GSleepiGetLastError
GetCurrentThreadId
HeapReAlloc
GetTempPathA
GetShortPathNameAeMoveFileExA
SetFilePointer
CreateToolhelp32Snapshot
Module32Firstl
bModule32Next
FindFirstFileA
FindClose
HLoadLibraryA
GetProcAddress
FreeLibrary
GetVersionExA
WideCharToMultiByte
GetVolumeInformationA
GetTickCount
VirtualQuery
FindResourceA
MLoadResource
FSizeofResource
LockResource
WriteFile
CreateEventA
ResetEvent
SetEvent
GetProcessHeap
GetFileSize
HeapAlloc
ReadFile
HeapFree
GetSystemDirectoryA
GetWindowsDirectoryA
CreateFileA
CloseHandleM
lstrcmpiA.
CopyFileA
DeleteFileA
lstrcatA
GetCurrentProcessId
lstrlenA
iphlpapi.dll
GetAdaptersInfo
InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetCloseHandleW
InternetReadFile
InternetQueryDataAvailable
InternetGetConnectedState
StrToIntA
wnsprintfA
MessageBoxA
GetActiveWindow
GetLastActivePopup
GetUserObjectInformationA
GetProcessWindowStation
A security error of unknown cause has been detected which hascorrupted the programs internal state. The program cannot safelycontinue execution and must now be terminated.
A buffer overrun has been detected which has corrupted the programsinternal state. The program cannot safely continue execution and mustnow be terminated.
Program
JanFebMarAprMayJunJulAugSepOctNovDec
SunMonTueWedThuFriSat
Program
Runtime Library
floating point not loaded
not enough space for arguments
not enough space for environment
not enough space for thread data
unexpected multithread lock error
unexpected heap error
unable to open console device
not enough space for _onexit/atexit table
pure virtual function call
not enough space for stdio initialization
not enough space for lowio initialization
unable to initialize heap
This application cannot run using the active version of the Microsoft .NET RuntimePlease contact the applications support team for more information.
GAIsProcessorFeaturePresent
mscoree.dll
CorExitProcess
/clientid
clientid
/loc
/queryinterval
queryinterval
/tpopupinterval
tpopupinterval
/ntpopupinterval
ntpopupinterval
/tntpopupdelay
tntpopupdelay
/urlinterval
urlinterval
/maxchpopup
maxchpopup
/disabled
disabled
/eus
/chpopsvr
chpopsvr
/defcfgsvr
defcfgsvr
/geoip
geoip
execUrl
/execUrl
task
search_engine
/search_engine
/sniping
sniping
/snipe
snipe
/type
type
/action
action
/param_name
param_name
/param_value
param_value
/seq
popup
/url
/attrib
attrib
/popup
HARDWARE\DESCRIPTION\System\CentralProcessor\0
Identifier
VendorIdentifier
swid
scpuvi
scpui
Software\Microsoft\Windows\CurrentVersion
ProductId
Version
Unknown
mutex_sync_mmap_sniping_rules
mmap_sniping_rules
.jpeg
.gif
.zip
.rar
.tar
.ace
.cab
.tif
.emf
.pic
.dib
.tga
.sgi
.jpe
.mov
.avi
.ico
.doc
.jif
.net
.org
.biz
.com
type
show
size
style
width
height
title
nomppd
scroll
validity
traka_height
traka_url
mutt_sync_fired_popups
_mmap_pp_ringeraja
ppids_nt
ppids_t
pcli_wm_myhook_wm_char
pcli_wm_myhook_wm_lbuttondown
pcli_wm_check_for_updates
pcli_wm_get_update_file
pcli_wm_check_popup
pcli_wm_exec_tasks
pcli_wm_get_excl_urls
pcli_wm_uninstall
pcli_wm_report_uninstall
pclie_wm_debug_dump_status
pclie_wm_fire_popup
pclie_wm_report_task_exec
pclie_wm_check_hook
pclie_wm_gen_exception
pclie_wm_nacrtaj_traku
pclie_wm_fire_big_popup
pclie_wm_remove_from_taskbar
pclie_wm_setforeground
pclie_wm_clear_popups
config
/config
mtx_temp_app2_qool
qoolaid_v2.8.2
qoolaid_v2.8.2r2
qoolaid_v2.7.4
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AdBehavior
\unadbeh.exe
RegisterServiceProcess
startup
CoolGetVersion
SetHook
SendSomethingToHookLib
Software\d
\\.\PhysicalDrive0
guard_mtx_300483
ev_qes_xx_zz_11
_dll_mmap_shared_2o2o_z_v5.2.7
VirtualAllocEx
kernel32.dll
LoadLibraryA
iexplore
aboutblank
Qkkbal
QoolIEVersion s
WinVersion s
QoolUptime d
unknown
installer
/cconfig.php
scip
sapp_run
sapp_src
dhash
seus
scid
sloc
my_thr_mut_d
application/
send
_mymeanmap_
Userenv.dll
GetAllUsersProfileDirectoryA
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789/
sync_pp_sd_33ee
svchost
reg_run
Explorer.exe, s
shell
Userinit
lptntlo
lptnthi
lpttlo
lptthi
geoip
defcfg_srv
chpop_srv
stech.webnexus.net
exclurls_seq
uuid
pdisabled
adloc
iexplore.exe
opera.exe
mozilla.exe
netscp.exe
firefox.exe
ybrowser.exe
msn6.exe
AOLServiceHost.exe
AOLExplorer.exe
aol.exe
waol.exe
Shell_TrayWnd
http\shell\open\command
.exe
IEFrame
MozillaWindowClass
OpWindow
task_s_executed
task_s_id
task_s_exec
SysOleClass
Software\Microsoft\Windows\CurrentVersion\Run
dl.webnexus.net
masdfey
YuVj
u5EP3GWhtAW
VWumh
WuVu
u8SS3FVhtAh
AujX
uwjh0WA
uduj
fjdE3Pu
jhXAjVu
hLAhLAhLAVujJu
5LAhLAh1AhLAhLAVu
VVul
uduXhx
jdEPul
9lt,jdEPul
Puhu
Ehtoh
PEdi
fjYux3
UJt.JtJtJtJu
ujjh
Pu j
EjPu
EjPu
t9uuVu
FuWu
Pjej
Pjej
PjjVu
EPuh
Ejcu
.adata
.cdata
.data
.rdata
.text
MRich

----- Windows Title -----
DDE Server
Default IME






JLXGN.EXE:


Software\Microsoft\Windows NT\CurrentVersion\Winlogon
This program cannot be run in DOS mode.
AOL Frame25
MSN6 Window
Yahoo BrMain class
Opera Main Window
Internet Explorer_Server
\Start Menu\Programs\Startup
runtime error
TLOSS error
DOMAIN error
This application has requested the Runtime to terminate it in an unusual way.Please contact the applications support team for more information.
Microsoft Visual C
Runtime Error
program name unknown
Buffer overrun detected
Unknown security failure detected
The procedure entry point s could not be located in the dynamic link library s
The ordinal u could not be located in the dynamic link library sR
----------------
FindWindowA
InternetOpenA
advapi32.dll
wininet.dll
shlwapi.dll
LoadLibraryA
GetModuleHandleA
GetProcAddress
kernel32.dll
wsprintfA
MessageBoxA
ExitProcess
kernel32.dll
VirtualFree
VirtualAlloc
abcdefghijklmnopqrstuvwxyz
C\WINDOWS\system32\jlxgn.exe
NKeb
GetSystemInfo
yVirtualProtect
GetSystemTimeAsFileTimelGetLocaleInfoA
QueryPerformanceCounter
HeapSize
LCMapStringW
LCMapStringA
GetStringTypeW
kMultiByteToWideChar
GetStringTypeA
GetCPInfosVirtualAlloc
GetFileTypevVirtualFree
SetHandleCount
FreeEnvironmentStringsWOGetEnvironmentStringsW
FreeEnvironmentStringsAMGetEnvironmentStrings
UnhandledExceptionFilter
GetStdHandle
GetCurrentProcess
InterlockedExchangeOTerminateProcess
RtlUnwind
GetCommandLineA
GetStartupInfoA
RegSetValueExA
RegCreateKeyA
RegQueryValueExA
RegCloseKey
RegOpenKeyA
RegisterClassExA
CreateWindowExA
GetMessageA
TranslateMessage
DispatchMessageA
DestroyWindow
PostQuitMessage
DefWindowProcA
RegisterWindowMessageA
FindWindowA
SendMessageA
wsprintfA
VTlsGetValue
WTlsSetValueTTlsAlloc
CreateFileMappingA
MapViewOfFileN
cUnmapViewOfFile
wGetModuleHandleA
uGetModuleFileNameA
ResumeThread
zOpenProcess
RGetExitCodeProcess
WaitForMultipleObjects
ExitProcess
CreateProcessA
WaitForSingleObject
ReleaseMutex
CreateThread
IsBadReadPtr
HeapCreate
HeapDestroy
CreateMutexA
GSleepiGetLastError
GetCurrentThreadId
HeapReAlloc
FindFirstFileA
FindClose
HLoadLibraryA
GetProcAddress
FreeLibrary
GetVersionExA
WideCharToMultiByte
GetVolumeInformationA
GetTickCount
VirtualQuery
WriteFile
CreateEventA
GetProcessHeap
GetFileSize
HeapAlloc
ReadFile
HeapFree
GetSystemDirectoryA
GetWindowsDirectoryA
CreateFileA
CloseHandleM
lstrcmpiA.
CopyFileA
lstrcatA
GetCurrentProcessId
lstrlenA
InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetCloseHandleW
InternetReadFile
InternetQueryDataAvailable
StrToIntA
wnsprintfA
A security error of unknown cause has been detected which hascorrupted the programs internal state. The program cannot safelycontinue execution and must now be terminated.
A buffer overrun has been detected which has corrupted the programsinternal state. The program cannot safely continue execution and mustnow be terminated.
Program
MessageBoxA
GetActiveWindow
GetLastActivePopup
GetUserObjectInformationA
GetProcessWindowStation
Program
Runtime Library
floating point not loaded
not enough space for arguments
not enough space for environment
not enough space for thread data
unexpected multithread lock error
unexpected heap error
unable to open console device
not enough space for _onexit/atexit table
pure virtual function call
not enough space for stdio initialization
not enough space for lowio initialization
unable to initialize heap
This application cannot run using the active version of the Microsoft .NET RuntimePlease contact the applications support team for more information.
mscoree.dll
CorExitProcess
GAIsProcessorFeaturePresent
_dll_mmap_shared_2o2o_z_v5.2.7
hproc_map_hmhhaispade
MyCustomBrowserWindowProc
sync_pids_cruzermini512
pcli_wm_myhook_wm_char
pcli_wm_myhook_wm_lbuttondown
pcli_wm_check_for_updates
pcli_wm_get_update_file
pcli_wm_check_popup
pcli_wm_exec_tasks
pcli_wm_get_excl_urls
pcli_wm_uninstall
pcli_wm_report_uninstall
pclie_wm_debug_dump_status
pclie_wm_fire_popup
pclie_wm_report_task_exec
pclie_wm_check_hook
pclie_wm_gen_exception
pclie_wm_nacrtaj_traku
pclie_wm_fire_big_popup
pclie_wm_remove_from_taskbar
pclie_wm_setforeground
pclie_wm_clear_popups
guard_mtx_300483
ev_qes_xx_zz_11
sapp_run
dapp_src
scid
sloc
QoolShownPopupsnt s
QoolShownPopups s
QoolIEVersion s
WinVersion s
QoolUptime d
unknown
installer
/cconfig.php
scip
sapp_run
sapp_src
dhash
seus
scid
sloc
my_thr_mut_d
application/
Userenv.dll
GetAllUsersProfileDirectoryA
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789/
sync_pp_sd_33ee
svchost
reg_run
Explorer.exe, s
shell
Userinit
geoip
defcfg_srv
exclurls_seq
adloc
IEFrame
MozillaWindowClass
OpWindow
task_d_exec
SysOleClass
Software\Microsoft\Windows\CurrentVersion\Run
dl.webnexus.net
masdfey
YuVj
WuVu
uwjh
VVul
ujjh
Pu j
EjPu
PjjVu
.adata
.cdata
.data
.rdata
.text

----- Windows Title -----
oleman32
Default IME

Edited by teenslayer, 31 August 2006 - 11:45 PM.


BC AdBot (Login to Remove)

 


#2 teenslayer

teenslayer
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 01 September 2006 - 09:48 AM

This is the hijackthis log file:



Logfile of HijackThis v1.99.1
Scan saved at 10:46:21 AM, on 9/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\AOL\1152390480\ee\AOLSoftware.exe
c:\program files\common files\aol\1152390480\ee\aim6.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\jlxgn.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,thekxoe.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - C:\PROGRA~1\KuGoo3\KUGOO3~1.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_11.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrff_11.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1152390480\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [wuwz] C:\stub_113_4_0_4_0newer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: 使用KuGoo3下载(&K) - C:\Program Files\KuGoo3\KuGoo3DownX.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin7USA.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

#3 agrarianmonk

agrarianmonk

  • Members
  • 522 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 04 September 2006 - 05:52 PM

Welcome to the forum!

I apologize for the delay getting to your log, the helpers here are all volunteers and we have been very busy here lately. If you are still having malware problems, I will be glad to help.

Please post a fresh HJT log in this thread, so I can be sure nothing has changed and give you an accurate fix.

If your problem has already been solved, then please post back letting us know so we can close this thread.
agrarianmonk

Posted Image

Requests for help via PM will be ignored. Please post on the forums instead :)
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#4 teenslayer

teenslayer
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 05 September 2006 - 03:14 PM

Thanks in advance. Here is the new logfile. :thumbsup:


Logfile of HijackThis v1.99.1
Scan saved at 4:12:48 PM, on 9/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1152390480\ee\AOLSoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\jlxgn.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,thekxoe.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - C:\PROGRA~1\KuGoo3\KUGOO3~1.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_11.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrff_11.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1152390480\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [wuwz] C:\stub_113_4_0_4_0newer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: 使用KuGoo3下载(&K) - C:\Program Files\KuGoo3\KuGoo3DownX.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin7USA.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

#5 agrarianmonk

agrarianmonk

  • Members
  • 522 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 05 September 2006 - 04:08 PM

1. Download combofix.exe by sUBs and save it to your desktop.
2. <<Double click>> combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Warning: Please do not mouseclick combofix's window while it is running. This may cause it to stall.

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

In your next post, please include
  • new hijackthis log
  • combofix log
  • uninstall list
*use separate posts to ensure the logs don't get cut off!
agrarianmonk

Posted Image

Requests for help via PM will be ignored. Please post on the forums instead :)
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#6 teenslayer

teenslayer
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 05 September 2006 - 04:23 PM

This is the ComboFix log:

Ashley Jiang - 06-09-05 17:12:15.10
ComboFix 06.09.04BT - Running from: C:\Documents and Settings\Ashley Jiang\Desktop

Microsoft Windows XP [Version 5.1.2600]

((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log )))))))))))))))))))))))))))))))))))))))))))))))))))


* * * PRE-RUN - Filepaths extracted from the Registry * * * * * * * * * * * * * * * * * * * * * *


O4 - HKEY_CURRENT_USER\...\Run C:\WINDOWS\system32\scgcnj.exe
O4 - HKEY_LOCAL_MACHINE\...\Run C:\WINDOWS\system32\scgcnj.exe
F2 -REG:system.ini: Shell C:\WINDOWS\system32\jlxgn.exe
F2 -REG:system.ini: UserInit C:\WINDOWS\system32\thekxoe.exe


* * * PRE-RUN - Filepaths extracted by Memory Dump * * * * * * * * * * * * * * * * * * * * * *


2006-08-17 19:33 127488 C:\WINDOWS\system32\scgcnj.exe
2006-08-17 19:33 51712 C:\WINDOWS\system32\yjgcerp.dll
2006-08-17 19:33 23552 C:\WINDOWS\system32\thekxoe.exe
2006-08-17 19:33 127488 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\kjsdt.exe
2006-09-05 07:25 364 C:\WINDOWS\qxnie.dll
2006-09-04 00:33 127488 C:\WINDOWS\system32\xavfy.dat
2006-08-31 19:27 28672 C:\WINDOWS\system32\jlxgn.exe


* * * POST-RUN - Files in the Quarantine folder * * * * * * * * * * * * * * * * * * * * * * * * *


06-08-17 19:33 127488 kjsdt.exe.qoo
06-09-04 00:33 127488 xavfy.dat.qoo
06-08-17 19:33 127488 scgcnj.exe.qoo
06-08-17 19:33 51712 yjgcerp.dll.qoo
06-08-31 19:27 28672 jlxgn.exe.qoo
06-09-05 07:25 364 qxnie.dll.qoo
06-08-17 19:33 53 vobcqv.dat.qoo

DO NOT DELETE ANY FILES FROM THIS DIRECTORY UNLESS INSTRUCTED TO


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\newname.dat
C:\WINDOWS\uninst104.exe
C:\Program Files\Deskbar


((((((((((((((((((((((((((((((( Files Created from 2006-08-05 to 2006-09-05 ))))))))))))))))))))))))))))))))))


2006-08-28 14:49 248,064 --a------ C:\WINDOWS\UNINST16.EXE
2006-08-22 11:45 13,032 --a------ C:\WINDOWS\system32\LMIport.dll
2006-08-22 11:45 11,496 --a------ C:\WINDOWS\system32\LMIinit.dll
2006-08-17 19:33 890,000 -r-hs---- C:\WINDOWS\ktpxusw.exe
2006-08-17 19:33 23,552 --a------ C:\WINDOWS\system32\thekxoe.exe
2006-08-17 16:49 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2006-08-12 19:28 5,689,344 --a------ C:\mplayerc.exe
2006-08-11 17:04 9,576 --a------ C:\WINDOWS\system32\LMImirr2.dll
2006-08-11 17:04 23,016 --a------ C:\WINDOWS\system32\LMImirr.dll
2006-08-11 16:10 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2006-08-11 16:10 249,856 --------- C:\WINDOWS\Setup1.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-05 17:11 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-05 16:16 -------- d-------- C:\Program Files\Norton Internet Security
2006-09-05 16:10 -------- d-------- C:\Program Files\Common Files
2006-09-02 00:01 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-09-01 10:29 -------- d-------- C:\Program Files\Viewpoint
2006-09-01 10:29 -------- d-------- C:\Program Files\AOL
2006-09-01 10:29 -------- d-------- C:\Program Files\AOD
2006-08-31 19:00 -------- d-------- C:\Program Files\Security Task Manager
2006-08-30 20:36 774144 --a------ C:\Program Files\RngInterstitial.dll
2006-08-30 20:36 -------- d-------- C:\Program Files\Real
2006-08-30 20:36 -------- d-------- C:\Program Files\Common Files\Real
2006-08-29 18:07 -------- d-------- C:\Program Files\StepMania
2006-08-29 10:25 -------- d-------- C:\Documents and Settings\Ashley Jiang\Application Data\Adobe
2006-08-28 09:42 -------- d-------- C:\Program Files\PPLive
2006-08-25 23:52 -------- d-------- C:\Program Files\KuGoo3
2006-08-24 19:41 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-08-24 16:57 -------- d---s---- C:\Documents and Settings\Ashley Jiang\Application Data\Microsoft
2006-08-24 16:24 -------- d-------- C:\Program Files\Internet Explorer
2006-08-22 16:22 -------- d-------- C:\Program Files\LogMeIn
2006-08-19 01:17 -------- d-------- C:\Documents and Settings\Ashley Jiang\Application Data\Real
2006-08-19 01:13 -------- d-------- C:\Program Files\Common Files\xing shared
2006-08-17 20:21 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-17 20:21 -------- d-------- C:\Program Files\Ubisoft
2006-08-17 20:09 -------- d-------- C:\Documents and Settings\Ashley Jiang\Application Data\Registry Booster
2006-08-17 18:48 -------- d-------- C:\Program Files\EA GAMES
2006-08-15 20:41 -------- d-------- C:\Program Files\eDonkey2000
2006-08-14 09:16 -------- d-------- C:\Program Files\Softnyx
2006-08-11 17:04 8040 --a------ C:\WINDOWS\system32\drivers\LMImirr.sys
2006-08-11 16:10 -------- d-------- C:\Program Files\MAME Classic
2006-08-11 10:40 -------- d-------- C:\Program Files\CDCheck
2006-08-09 17:01 -------- d-------- C:\Program Files\Activision
2006-08-03 18:53 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2006-08-01 09:24 -------- d-------- C:\Program Files\Matroska Pack
2006-07-31 17:09 -------- d-------- C:\Program Files\mozilla.org
2006-07-31 17:04 -------- d-------- C:\Documents and Settings\Ashley Jiang\Application Data\Media Player Classic
2006-07-31 16:36 -------- d-------- C:\Program Files\BitComet
2006-07-28 12:13 -------- d-------- C:\Documents and Settings\Ashley Jiang\Application Data\Sonic
2006-07-28 12:12 -------- d-------- C:\Documents and Settings\Ashley Jiang\Application Data\Leadertech
2006-07-28 12:08 -------- d-------- C:\Program Files\Sonic
2006-07-28 12:08 -------- d-------- C:\Program Files\Common Files\SureThing Shared
2006-07-27 09:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-24 23:04 359808 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS
2006-07-24 23:04 -------- d-------- C:\Documents and Settings\Ashley Jiang\Application Data\PPLive
2006-07-24 22:03 -------- d-------- C:\Program Files\Common Files\AOL
2006-07-24 17:07 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-07-24 09:30 -------- d-------- C:\Documents and Settings\Ashley Jiang\Application Data\AdobeUM
2006-07-21 15:55 -------- d-------- C:\Documents and Settings\Ashley Jiang\Application Data\JAMS
2006-07-21 12:11 -------- d-------- C:\Program Files\AIM Gadgets
2006-07-21 04:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-19 19:46 -------- d-------- C:\Program Files\K8 2005
2006-07-18 18:59 -------- d-------- C:\Program Files\FLVPlayer
2006-07-17 16:10 -------- d-------- C:\Program Files\MSN Messenger
2006-07-13 03:54 -------- d-------- C:\Documents and Settings\Ashley Jiang\Application Data\Sun
2006-07-11 02:22 -------- d-------- C:\Program Files\Kazaa Lite K++
2006-07-09 23:48 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-07-09 23:47 -------- d-------- C:\Program Files\Microsoft Office
2006-07-09 23:47 -------- d-------- C:\Program Files\Common Files\Designer
2006-07-09 21:11 -------- d-------- C:\Program Files\Common Files\Synacast
2006-07-09 14:47 -------- d-------- C:\Program Files\Messenger
2006-07-09 14:41 -------- d-------- C:\Program Files\Outlook Express
2006-07-09 14:41 -------- d-------- C:\Program Files\Common Files\System
2006-07-08 22:54 -------- d-------- C:\Program Files\Sony
2006-07-08 21:24 -------- d-------- C:\Program Files\SymNetDrv
2006-07-08 21:24 -------- d-------- C:\Program Files\Symantec
2006-07-08 18:40 -------- d-------- C:\Program Files\Windows Media Player
2006-07-08 18:40 -------- d-------- C:\Program Files\Movie Maker
2006-07-08 18:39 -------- d-------- C:\Program Files\Windows NT
2006-07-08 18:39 -------- d-------- C:\Program Files\NetMeeting
2006-07-08 18:21 -------- d-------- C:\Program Files\WinRAR
2006-07-08 18:21 -------- d-------- C:\Documents and Settings\Ashley Jiang\Application Data\Help
2006-07-08 18:08 -------- d-------- C:\Documents and Settings\Ashley Jiang\Application Data\warez
2006-07-08 18:01 -------- d-------- C:\Program Files\Download Plugin
2006-07-08 17:50 -------- d--h----- C:\Program Files\Uninstall Information
2006-07-08 17:50 -------- d-------- C:\Documents and Settings\Ashley Jiang\Application Data\Identities
2006-07-08 17:38 -------- d-------- C:\Program Files\xerox
2006-07-08 17:38 -------- d-------- C:\Program Files\microsoft frontpage
2006-07-08 17:34 -------- d-------- C:\Documents and Settings\Ashley Jiang\Application Data\Macromedia
2006-07-08 17:33 0 -rahs---- C:\MSDOS.SYS
2006-07-08 17:33 0 -rahs---- C:\IO.SYS
2006-07-08 17:33 0 --a------ C:\CONFIG.SYS
2006-07-08 17:33 0 --a------ C:\AUTOEXEC.BAT
2006-07-08 17:31 -------- d-------- C:\Program Files\Common Files\Services
2006-07-08 17:31 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-07-08 17:30 -------- d-------- C:\Program Files\Online Services
2006-07-08 17:30 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-07-08 17:30 -------- d-------- C:\Program Files\MSN
2006-07-08 17:30 -------- d-------- C:\Program Files\ComPlus Applications
2006-07-08 17:06 -------- d-------- C:\Program Files\QuickTime
2006-07-08 17:06 -------- d-------- C:\Documents and Settings\Ashley Jiang\Application Data\Apple Computer
2006-07-08 17:05 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-07-08 16:57 -------- d-------- C:\Documents and Settings\Ashley Jiang\Application Data\CyberLink
2006-07-08 16:48 -------- d-------- C:\Program Files\Common Files\Adobe
2006-07-08 16:48 -------- d-------- C:\Program Files\Adobe
2006-07-08 16:47 -------- d-------- C:\Program Files\Sonitus-fx-R3
2006-07-08 16:45 -------- d-------- C:\Program Files\Common Files\Ahead
2006-07-08 16:45 -------- d-------- C:\Program Files\Ahead
2006-07-08 16:45 -------- d-------- C:\Documents and Settings\Ashley Jiang\Application Data\Kazaa Lite
2006-07-08 16:38 -------- d-------- C:\Program Files\SiSoftware
2006-07-08 16:38 -------- d-------- C:\Program Files\MagicISO
2006-07-08 16:37 -------- d-------- C:\Program Files\CyberLink
2006-07-08 16:34 -------- d-------- C:\Program Files\Java
2006-07-08 16:33 -------- d-------- C:\Program Files\Common Files\Java
2006-07-08 16:28 -------- d-------- C:\Program Files\Common Files\Nullsoft
2006-07-08 16:28 -------- d-------- C:\Documents and Settings\Ashley Jiang\Application Data\acccore
2006-07-08 16:27 -------- d-------- C:\Program Files\Common Files\aolshare
2006-07-08 16:27 -------- d-------- C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla
2006-07-08 16:08 -------- d-------- C:\Program Files\DivX
2006-07-08 15:56 -------- d-------- C:\Program Files\Intel
2006-07-08 15:29 60416 --a------ C:\WINDOWS\ALCFDRTM.EXE
2006-07-08 15:26 -------- d-------- C:\Documents and Settings\Ashley Jiang\Application Data\Symantec
2006-07-08 15:19 -------- d--h----- C:\Program Files\WindowsUpdate
2006-07-08 15:19 -------- d-------- C:\Program Files\ASUS
2006-07-08 15:15 -------- d-------- C:\Documents and Settings\Ashley Jiang\Application Data\Talkback
2006-07-08 10:18 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-07-08 10:18 -------- d-------- C:\Program Files\Common Files\ODBC
2006-07-08 10:17 62 --ahs---- C:\Documents and Settings\Ashley Jiang\Application Data\desktop.ini
2006-06-19 14:38 53248 --a------ C:\WINDOWS\uni_ehhhh.exe
2006-06-16 17:34 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-06-15 17:55 778240 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-06-15 17:55 778240 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-06-15 17:55 761856 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-06-15 17:55 620180 --a------ C:\WINDOWS\system32\DivX.dll
2006-06-14 13:49 118784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2006-06-12 15:22 520192 --a------ C:\WINDOWS\system32\DivXsm.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"PHIME2002ASync"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"PRONoMgrWired"="C:\\Program Files\\Intel\\PROSetWired\\NCS\\PROSet\\PRONoMgr.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"SoundMan"="SOUNDMAN.EXE"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_07\\bin\\jusched.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"LogMeIn GUI"="\"C:\\Program Files\\LogMeIn\\LogMeInSystray.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1152390480\\ee\\AOLSoftware.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"wuwz"="C:\\stub_113_4_0_4_0newer.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,c0,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Aim6]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\oqruo]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="scgcnj"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\scgcnj.exe reg_run"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\rtktnh]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="scgcnj"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\scgcnj.exe reg_run"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Sonic RecordNow!]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Ashley Jiang.job

Completion time: Tue 09/05/2006 17:16:40.45
ComboFix.txt


The Uninstall List:

Adobe Flash Player 9 ActiveX
Adobe Photoshop 7.0
Adobe Reader 7.0.8
AIM Gadgets 2.70
AOL Uninstaller (Choose which Products to Remove)
AsusUpdate
BitComet 0.60
Canon i560
CC_ccProxyExt
ccCommon
ccPxyCore
CDCheck
DivX
eDonkey2000
FLV Player 1.3.3
Gunbound Revolution
Haali Media Splitter
HijackThis 1.99.1
Intel® PRO Network Connections Drivers
Intel® PROSet for Wired Connections
J2SE Runtime Environment 5.0 Update 7
K8 2005 (Beta2)
Kazaa Lite K++ v2.4.1
KuGoo(?1) V3.0???
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Magic ISO Maker v4.9 (build 0144)
MAME Classic
Matroska Pack
Microsoft Office XP Professional with FrontPage
Mozilla Firefox (1.5)
MSRedist
Need for Speed? Most Wanted
Nero 6 Ultra Edition
Norton AntiSpam
Norton AntiSpam
Norton AntiVirus 2005
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security 2005 (Symantec Corporation)
Norton WMI Update
Norton WMI Update
NVIDIA Drivers
Panda ActiveScan
PC Probe II
PowerDVD
PPLive 1.3.9
Python 2.4.3
QuickTime
RealPlayer
Realtek AC'97 Audio
Rome - Total War™
Security Task Manager 1.6f
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
SiSoftware Sandra Standard 2004.SP2 (Win32 x86)
Softnyx Launcher
Sonic RecordNow!
SPBBC
Spybot - Search & Destroy 1.4
StepMania (remove only)
Symantec Script Blocking Installer
SymNet
Tom Clancy's Splinter Cell Chaos Theory
TrustIn Bar
Ultrafunk Sonitus:fx R3 plug-in uninstaller
Unreal Tournament 2004
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Viewpoint Media Player
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver

#7 teenslayer

teenslayer
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 05 September 2006 - 04:24 PM

And the Hijackthis logfile:

Logfile of HijackThis v1.99.1
Scan saved at 5:23:20 PM, on 9/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\conime.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\cscript.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1152390480\ee\AOLSoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Messenger\msmsgs.exe
C:\hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - C:\PROGRA~1\KuGoo3\KUGOO3~1.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1152390480\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [wuwz] C:\stub_113_4_0_4_0newer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: 使用KuGoo3下载(&K) - C:\Program Files\KuGoo3\KuGoo3DownX.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin7USA.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

#8 agrarianmonk

agrarianmonk

  • Members
  • 522 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 05 September 2006 - 08:08 PM

Go to Start > Control Panel > Add or Remove Programs and uninstall the following programs (if they exist):
**Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program**

TrustIn Bar
Viewpoint Media Player

The following are optional; however, any time your are running any type of P2P application, you are FAR more prone to infection by malware. Your current infections are likely due to P2P use. At the VERY LEAST, please refrain from using any p2p programs while we are cleaning your computer.

BitComet 0.60
eDonkey2000
Kazaa Lite K++ v2.4.1

(A list compiled by Nexus7 of clean and infected P2P programs can be found here

Please note any other programs that you don't recognize in that list in your next response

**********************
  • Copy the contents of the Quote Box below to Notepad.
  • Name the file as fix.reg
  • Change the Save as Type to All Files
  • and Save it on the desktop

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\oqruo]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\rtktnh]


Make sure there are NO blank lines before REGEDIT4
Make sure there IS one blank line at the end of the file.

It should look like this: Posted Image
If you are having problems creating the file, a step by step visual tutorial by Nellie2 for making a reg file can be found here.


Then double-click on the fix.reg file, and when it prompts to merge say yes, and this will clear some registry entries left behind by the process.


Open HijackThis and click on 'Do a System Scan Only'. Check the boxes next to all the entries listed below (if present).

O4 - HKCU\..\Run: [wuwz] C:\stub_113_4_0_4_0newer.exe
016 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin7USA.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab

Now close all windows other than HiJackThis, then click Fix checked.. Close HijackThis.

Next, we need to Reveal Hidden Files
  • Click Start.
  • Open My Computer.
  • Select Tools menu
  • Click Folder Options.
  • Select the View Tab.
  • Select Show hidden files and folders in the Hidden files and folders section.
  • Uncheck Hide protected operating system files (recommended) option.
  • Uncheck the Hide file extensions for known file types option.
  • Click Yes.
  • Click OK.
***************************************

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files/folders (if present):

Files:
C:\stub_113_4_0_4_0newer.exe
C:\WINDOWS\ktpxusw.exe
C:\WINDOWS\system32\thekxoe.exe
C:\WINDOWS\uni_ehhhh.exe
C:\WINDOWS\system32\scgcnj.exe

Folders:
C:\Program Files\Viewpoint

* If you get an error when deleting a file, <right click> on the file and select Properties. Check if the read only attribute is checked; if it is, uncheck it and try deleting the file again.
* Please note any files/folders you couldn't find or delete in your next post.

***************************************

reboot, post a new hijackthis log, and let me know how your computer is running.
agrarianmonk

Posted Image

Requests for help via PM will be ignored. Please post on the forums instead :)
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#9 teenslayer

teenslayer
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 05 September 2006 - 10:33 PM

I couldn't find:

C:\stub_113_4_0_4_0newer.exe
C:\WINDOWS\system32\thekxoe.exe
C:\WINDOWS\system32\scgcnj.exe

and according to the computer C:\WINDOWS\ktpxusw.exe is a system file. It won't delete it because it is in use. Should I go into safe mode and try to delete it there?

#10 teenslayer

teenslayer
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 05 September 2006 - 10:34 PM

Here's the log file by the way

Logfile of HijackThis v1.99.1
Scan saved at 11:33:07 PM, on 9/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1152390480\ee\AOLSoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - C:\PROGRA~1\KuGoo3\KUGOO3~1.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1152390480\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: 使用KuGoo3下载(&K) - C:\Program Files\KuGoo3\KuGoo3DownX.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...841/mcfscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe



(This is while I still haven't deleted C:\WINDOWS\ktpxusw.exe)

#11 agrarianmonk

agrarianmonk

  • Members
  • 522 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 05 September 2006 - 11:03 PM

I'm pretty sure its bad, but lets make sure.

Jotti File Submission:
  • Please go to Jotti's malware scan
  • Copy and paste the following file path into the "File to upload & scan"box on the top of the page:
    • C:\WINDOWS\ktpxusw.exe
  • Click on the submit button
  • Please post the results in your next reply.

Edited by agrarianmonk, 05 September 2006 - 11:06 PM.

agrarianmonk

Posted Image

Requests for help via PM will be ignored. Please post on the forums instead :)
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#12 teenslayer

teenslayer
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 06 September 2006 - 04:09 PM

File: ktpxusw.exe
Status:
OK
MD5 a9dfd0310b96312d9590dfc1e8924b09
Packers detected:
-
Scanner results
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
UNA
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing

#13 agrarianmonk

agrarianmonk

  • Members
  • 522 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 06 September 2006 - 05:38 PM

Go here:

http://www.bleepingcomputer.com/submit-malware.php

and fill in the required fields and browse to this file on your desktop. Finally click on the Send File button.

Link to topic where this file was requested: http://www.bleepingcomputer.com/forums/ind...st&p=352332

Browse to the file you want to submit: C:\WINDOWS\ktpxusw.exe

Leave any comments, further information about this file, or contact information: teenslayer file


edit: how is your computer running?

Edited by agrarianmonk, 06 September 2006 - 05:38 PM.

agrarianmonk

Posted Image

Requests for help via PM will be ignored. Please post on the forums instead :)
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#14 teenslayer

teenslayer
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 06 September 2006 - 06:25 PM

I've submitted the file.
My computer seems to be okay.. the pop ups have stopped. But, when I run Mcaffee virus scan online, it detects stuff still. Such as:

file name:
C:\RECYCLER\...\Dc4\jlxgn.exe.qoo
C:\RECYCLER\...\Dc4\kjsdt.exe.qoo
C:\RECYCLER\...\Dc4\scgcnj.exe.qoo
C:\RECYCLER\...\Dc4\xavfy.dat.qoo
C:\RECYCLER\...\Dc4\yjgcerp.dll.qoo

The threat name is Qoolaid.

#15 teenslayer

teenslayer
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 06 September 2006 - 08:06 PM

Wait. I emptied the recycle bin, and rescanned. It seems to be gone.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users