• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
    • Budfred

      PLEASE READ - Reversing upgrade   02/23/2017

      We have found that this new upgrade is somewhat of a disaster.  We are finding lots of glitches in being able to post and administer the forum.  Additionally, there are new costs associated with the upgrade that we simply cannot afford.  As a result, we have decided to reverse course and go back to the previous version of our software.  Since this will involve restoring it from a backup, we will lose posts that have been added since January 30 or possibly even some before that.    If you started a topic during that time, we urge you to make backups of your posts and you will need to start the topics over again after the change.  You can simply paste the copies of your posts that you created at that point.    If you joined the forum this month, you will need to re-register since your membership will be lost along with the posts.  Since you have a concealed password, we cannot simply restore your membership for you.   We are going to backup as much as we can so that it will reduce inconvenience for our members.  Unfortunately we cannot back everything up since much will be incompatible with the old version of our software.  We apologize for the confusion and regret the need to do this even though it is not viable to continue with this version of the software.   We plan to begin the process tomorrow evening and, if it goes smoothly, we shouldn't be offline for very long.  However, since we have not done this before, we are not sure how smoothly it will go.  We ask your patience as we proceed.   EDIT: I have asked our hosting service to do the restore at 9 PM Central time and it looks like it will go forward at that time.  Please prepare whatever you need to prepare so that we can restore your topics when the forum is stable again.
Sign in to follow this  
Followers 0
raphael212

winantispyware/pop-ups/redirect

23 posts in this topic

Hello,

Raphael here, thanks a lot for reading my problems. When surffing websites there's a "Winantispyware/Winantivirus" pop-up ad. Seems to redirect pages like norton and mcafee. Blocks me from running antivirus programs and hijackthis. Spybot runs okay but the problem is still there after rebooting my PC. I read thru the FAQ section and some other threads where people had a simular problem but still could not fix. Below is my hijackthis log (Had to run Vundofix to launch hijackthis).

 

Logfile of HijackThis v1.99.1

Scan saved at 04:10:10, on 2007/4/20

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Analog Devices\SoundMAX\Smtray.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe

C:\WINDOWS\System32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\conime.exe

C:\Program Files\HijackThis\hijackthis.exe

 

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {3F9D0C61-737D-44D1-BD80-91AF857061CC} - C:\WINDOWS\System32\awtuuut.dll (file missing)

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: (no name) - {C6815F0A-076B-4C22-A080-42DA82E740DC} - C:\WINDOWS\System32\ddcyx.dll (file missing)

O3 - Toolbar: ???(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O15 - Trusted Zone: *.sxload.net (HKLM)

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {6A9B2484-3BE4-4FB2-ACF0-CC20B3B9F665} - https://www.my.sony.com/smartcard/download/install.cab

O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://www.winantivirus.com/download/2007/...id=pp_264326082

O16 - DPF: {E0BE586C-7C66-4909-94D6-D18BBBDD6373} (?幺?????????冦) - http://www.filebank.co.jp/setup/win/fbx2.cab

O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - mk:@MSITStore:C:\DOCUME~1\Duke\LOCALS~1\Temp\winfix.chm::/SystemDoctor2006FreeInstall.cab

O20 - Winlogon Notify: atubhrlclbyl - C:\WINDOWS\system32\atubhrlclbyl.dll

O20 - Winlogon Notify: awtuuut - awtuuut.dll (file missing)

O20 - Winlogon Notify: clqgzgenzxpp - C:\WINDOWS\system32\clqgzgenzxpp.dll

O20 - Winlogon Notify: ddcyx - C:\WINDOWS\System32\ddcyx.dll (file missing)

O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll

O21 - SSODL: DCOM Server 20509 - {2C1CD3D7-86AC-4068-93BC-A02304B20509} - C:\WINDOWS\System32\zkmf.dll

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Share this post


Link to post
Share on other sites

Sorry to bug again, after reading thru a few other threads I tried VundoFix.exe (Atribune.org) and combofix. Worked out pretty well, most of the issues are solved. The only problem left so far is that my browser freezes when logging on to some forums(phpbb based). Anyways, here's my new HJT log. Great jobs you guys are doing for people. Thanks again!

 

Logfile of HijackThis v1.99.1

Scan saved at 02:33:46 AM, on 2007/4/21

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe

C:\WINDOWS\System32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\PlayOnline\SQUARE\PlayOnlineViewer\pol.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\hjt\hijackthis.exe

 

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: (no name) - {C6815F0A-076B-4C22-A080-42DA82E740DC} - (no file)

O3 - Toolbar: ???(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O15 - Trusted Zone: *.sxload.net (HKLM)

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {6A9B2484-3BE4-4FB2-ACF0-CC20B3B9F665} -

O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} -

O16 - DPF: {E0BE586C-7C66-4909-94D6-D18BBBDD6373} (?幺?????????冦) -

O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} -

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: atubhrlclbyl - C:\WINDOWS\

O20 - Winlogon Notify: awtuuut - C:\WINDOWS\

O20 - Winlogon Notify: clqgzgenzxpp - C:\WINDOWS\

O20 - Winlogon Notify: ddcyx - C:\WINDOWS\

O20 - Winlogon Notify: partnershipreg - C:\WINDOWS\

O21 - SSODL: DCOM Server 20509 - {2C1CD3D7-86AC-4068-93BC-A02304B20509} - (no file)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Hello,

 

Welcome to SWI :)

 

Sorry for the delay.

 

Please run ComboFix for me again and post the report, along with a new HijackThis log so we can see what's left to deal with.

 

Thanks,

tea

Share this post


Link to post
Share on other sites

Thanks for the response Teacup,

 

Here's my combofix log:

 

"Administrator" - 07-04-27 17:52:35 Service Pack 1

ComboFix 07-04-25.4V - Running from: "C:\Downloads\"

 

 

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\Program Files\xloadnet\xloadnet.exe

C:\WINDOWS\updater.exe

C:\Program Files\xloadnet

 

 

((((((((((((((((((((((((((((((( Files Created from 2007-03-27 to 2007-04-27 ))))))))))))))))))))))))))))))))))

 

 

2007-04-26 18:13 <DIR> d-------- C:\Program Files\ue_toolbar

2007-04-26 18:13 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\ue_toolbar

2007-04-26 18:13 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\IDMComp

2007-04-26 18:11 <DIR> d-------- C:\Program Files\IDM Computer Solutions

2007-04-26 17:58 <DIR> d-------- C:\WINDOWS\LastGood

2007-04-26 17:57 <DIR> d-------- C:\WINDOWS\system32\Viewers

2007-04-26 17:56 <DIR> d-------- C:\WINDOWS\ShellNew

2007-04-26 17:56 <DIR> d-------- C:\Program Files\Snapshot Viewer

2007-04-26 17:54 <DIR> d-------- C:\WINDOWS\Twain32

2007-04-26 17:54 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft Web Folders

2007-04-26 17:39 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\AdobeUM

2007-04-25 01:10 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\vlc

2007-04-24 21:32 <DIR> d-------- C:\Program Files\KXploit Tool

2007-04-23 17:47 1,277 --a------ C:\WINDOWS\mozver.dat

2007-04-21 11:10 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Real

2007-04-21 02:30 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Talkback

2007-04-21 01:15 0 --a------ C:\WINDOWS\nsreg.dat

2007-04-21 01:08 <DIR> d-------- C:\Program Files\Common Files\Skype

2007-04-21 01:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype

2007-04-20 23:22 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Skype

2007-04-20 21:49 98,752 -ra------ C:\WINDOWS\system32\drivers\aeaudio.sys

2007-04-20 21:49 720,896 -ra------ C:\WINDOWS\system32\a3d.dll

2007-04-20 21:49 57,856 --a------ C:\WINDOWS\system32\drivers\drmk.sys

2007-04-20 21:49 549,672 -ra------ C:\WINDOWS\system32\drivers\smwdm.sys

2007-04-20 21:49 3,744 -ra------ C:\WINDOWS\system32\drivers\smsens.sys

2007-04-20 21:49 134,272 --a------ C:\WINDOWS\system32\drivers\portcls.sys

2007-04-20 20:53 <DIR> d-------- C:\VundoFix Backups

2007-04-20 17:47 <DIR> d-------- C:\WINDOWS\pss

2007-04-20 14:36 <DIR> d-------- C:\Program Files\hjt

2007-04-20 13:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy

2007-04-20 13:52 <DIR> d-------- C:\Program Files\Enigma Software Group

2007-04-20 05:48 <DIR> d---s---- C:\DOCUME~1\ADMINI~1\UserData

2007-04-20 05:48 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Google

2007-04-19 14:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\360safe

2007-04-19 14:46 <DIR> dr------- C:\DOCUME~1\ADMINI~1\「開始」功能表

2007-04-19 14:46 <DIR> d-------- C:\Program Files\Ultimate Fixer

2007-04-19 14:46 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\360Safe

2007-04-19 14:46 <DIR> d-------- C:\DOCUME~1\ADMINI~1\?面

2007-04-19 14:43 1,835,008 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT

2007-04-19 13:59 60,928 --------- C:\WINDOWS\system32\ouzdgf.dll

2007-04-19 13:59 <DIR> d-------- C:\WINDOWS\system32\Fοnts

2007-04-17 17:55 262,144 --a------ C:\WINDOWS\system32\lout.exe

2007-04-17 17:55 <DIR> d-------- C:\WINDOWS\system32\cqsqhwpk

2007-04-17 16:15 <DIR> d-------- C:\DOCUME~1\Duke\APPLIC~1\360Safe

2007-04-17 16:04 <DIR> d-------- C:\DOCUME~1\Duke\.housecall6.6

2007-04-17 15:30 15,360 --a------ C:\WINDOWS\system32\update72513345.exe

2007-04-17 15:15 8,704 --a------ C:\WINDOWS\system32\sporder.dll

2007-04-17 15:15 65,024 --a------ C:\WINDOWS\system32\update67845632.exe

2007-04-17 14:45 39,225 --a------ C:\WINDOWS\system32\update58336742.exe

2007-04-17 14:45 14,336 --a------ C:\WINDOWS\system32\update00178364.exe

2007-04-17 14:45 107,012 --a------ C:\WINDOWS\system32\update69665071.exe

2007-04-17 14:44 91,136 --a------ C:\DOCUME~1\Duke\ie_updater.exe

2007-04-17 14:44 11,776 --a------ C:\WINDOWS\system32\update04080293.exe

 

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

2007-04-26 22:18 -------- d-------- C:\Program Files\bitcomet

2007-04-26 17:54 -------- d-------- C:\Program Files\microsoft frontpage

2007-04-26 14:12 2560 --a------ C:\WINDOWS\system32\bitcometres.dll

2007-04-21 01:08 -------- d-------- C:\Program Files\skype

2007-04-20 21:45 -------- d--h----- C:\Program Files\installshield installation information

2007-04-19 14:13 -------- d-------- C:\Program Files\google

2007-04-17 16:14 -------- d-------- C:\Program Files\flashget

2007-04-17 15:56 7296 --a------ C:\WINDOWS\system32\drivers\ip6fw.sys

2007-04-09 13:33 69752 --a------ C:\WINDOWS\system32\prfc0404.dat

2007-04-09 13:33 230796 --a------ C:\WINDOWS\system32\prfh0404.dat

2007-03-17 15:21 -------- d-------- C:\Program Files\bblack

2007-03-15 12:23 497496 --a------ C:\WINDOWS\system32\xceedzip.dll

2007-03-15 12:19 526184 --a------ C:\WINDOWS\system32\xceedcry.dll

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll

{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

{A5366673-E8CA-11D3-9CD9-0090271D075B} C:\PROGRA~1\FlashGet\jccatch.dll

{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar1.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"IMJPMIG8.1"="C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"

"PHIME2002ASync"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"

"PHIME2002A"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"

"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"

"nwiz"="nwiz.exe /install"

"MessengerPlus3"="\"C:\\Program Files\\Messenger Plus! 3\\MsgPlus.exe\""

"FinePrint Dispatcher v5"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\fpdisp5a.exe"

"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"

"LVCOMSX"="C:\\WINDOWS\\System32\\LVCOMSX.EXE"

"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe"

"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"

"LogitechGalleryRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe"

"SSC_UserPrompt"="C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"

"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

"Smapp"="C:\\Program Files\\Analog Devices\\SoundMAX\\Smtray.exe"

"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""

"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"

"-1739182391.exe"="rem C:\\WINDOWS\\System32\\-1739182391.exe"

"RunOnce2Upd"="rem \"C:\\Documents and Settings\\Duke\\ie_updater.exe\""

"xloadnet"="rem \"C:\\Program Files\\xloadnet\\xloadnet.exe\""

"runner1"="rem C:\\WINDOWS\\updater.exe 61A847B5BBF72810329B385473F001F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310"

"LiveNote"="rem livenote.exe"

"spoolsvv"="rem C:\\WINDOWS\\System32\\spoolsvv.exe"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"ctfmon.exe"="C:\\WINDOWS\\System32\\ctfmon.exe"

"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]

"{2188CEDE-B239-484C-8EA6-B84DC1001001}"="atubhrlclbyl"

"{CEDE2188-484C-B239-A68E-DC1B84001001}"="clqgzgenzxpp"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]

"DCOM Server 20509"="{2C1CD3D7-86AC-4068-93BC-A02304B20509}"

 

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\atubhrlclbyl

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtuuut

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\clqgzgenzxpp

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcyx

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\partnershipreg

 

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa

Authentication Packages REG_MULTI_SZ msv1_0\0\0

Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0

Notification Packages REG_MULTI_SZ scecli\0\0

 

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]

LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0

NetworkService REG_MULTI_SZ DnsCache\0\0

rpcss REG_MULTI_SZ RpcSs\0\0

imgsvc REG_MULTI_SZ StiSvc\0\0

termsvcs REG_MULTI_SZ TermService\0\0

 

 

 

Contents of the 'Scheduled Tasks' folder

C:\WINDOWS\tasks\Symantec NetDetect.job

 

********************************************************************

 

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-04-27 17:54:33

Windows 5.1.2600 Service Pack 1 NTFS

 

scanning hidden processes ...

 

scanning hidden services ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

********************************************************************

 

Completion time: 07-04-27 17:54:37

C:\ComboFix-quarantined-files.txt ... 07-04-27 17:54

 

 

 

And HJT Log

 

Logfile of HijackThis v1.99.1

Scan saved at 06:00:34 PM, on 2007/4/27

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe

C:\WINDOWS\System32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\PlayOnline\SQUARE\PlayOnlineViewer\pol.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\BitComet\BitComet.exe

C:\WINDOWS\System32\conime.exe

C:\Program Files\hjt\hijackthis.exe

 

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: (no name) - {C6815F0A-076B-4C22-A080-42DA82E740DC} - (no file)

O3 - Toolbar: ???(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O8 - Extra context menu item: &使用BitComet下載本頁視頻 - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: 使用BitComet下載全部鏈接 - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: 使用BitComet下載鏈接(&B) - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {6A9B2484-3BE4-4FB2-ACF0-CC20B3B9F665} -

O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} -

O16 - DPF: {E0BE586C-7C66-4909-94D6-D18BBBDD6373} (?幺?????????冦) -

O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} -

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: atubhrlclbyl - C:\WINDOWS\

O20 - Winlogon Notify: awtuuut - C:\WINDOWS\

O20 - Winlogon Notify: clqgzgenzxpp - C:\WINDOWS\

O20 - Winlogon Notify: ddcyx - C:\WINDOWS\

O20 - Winlogon Notify: partnershipreg - C:\WINDOWS\

O21 - SSODL: DCOM Server 20509 - {2C1CD3D7-86AC-4068-93BC-A02304B20509} - (no file)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

 

 

Thanks again!

Share this post


Link to post
Share on other sites

Hello,

 

You still have some pretty nasty stuff here. :( Your system has been compromised. If you don't reformat and reinstall, which is your safest and surest course, then it is extremely important to change your passwords and such after it's clean. Your passwords are all known. Don't do it now, or they'll just get stolen again. Keep an eye on any sensitive accounts you might have for nefarious activity.

 

Download SDFix and save it to your Desktop.

 

Double click SDFix.exe and it will extract the files to %systemdrive%

(Drive that contains the Windows Directory, typically C:\SDFix)

 

Please then reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.

  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

 

Thanks,

tea

Share this post


Link to post
Share on other sites

Dear Tea,

 

Did as you said. Here's the SDFix report:

 

 

SDFix: Version 1.81

 

Run by Administrator - 2007/04/29 Sunday - 23:51:51.87

 

Microsoft Windows XP [Version 5.1.2600]

Service Pack 1

 

Running From: C:\SDFix\SDFix

 

Safe Mode:

Checking Services:

 

 

 

 

 

 

Restoring Windows Registry Values

Restoring Windows Default Hosts File

 

 

Rebooting...

 

Normal Mode:

Checking Files:

 

Below files will be copied to Backups folder then removed:

 

C:\WINDOWS\system32\update58336742.exe - Deleted

C:\Documents and Settings\Duke\ie_updater.exe - Deleted

C:\WINDOWS\odbc.INI - Deleted

 

 

 

Removing Temp Files

 

ADS Check:

 

Checking if ADS is attached to system32 Folder

C:\WINDOWS\system32

No streams found.

 

Checking if ADS is attached to svchost.exe

C:\WINDOWS\system32\svchost.exe

No streams found.

 

 

 

Final Check:

 

Remaining Services:

------------------

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

 

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

 

 

Remaining Files:

---------------

 

Backups Folder: - C:\SDFix\SDFix\backups\backups.zip

 

Checking For Files with Hidden Attributes:

 

C:\Documents and Settings\Duke\Local Settings\Temp\sdexe.exe

C:\Documents and Settings\Duke\Local Settings\Temp\~nsu.tmp\Au_.exe

C:\Documents and Settings\Duke\Local Settings\Temp\~nsu.tmp\Au_.exe

C:\WINDOWS\LastGood.Tmp\INF\oem5.inf

C:\WINDOWS\LastGood.Tmp\INF\oem5.PNF

 

Finished

 

And the HJT log:

 

Logfile of HijackThis v1.99.1

Scan saved at 11:58:29 pm, on 2007/4/29

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\conime.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe

C:\WINDOWS\System32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\hjt\hijackthis.exe

 

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: (no name) - {C6815F0A-076B-4C22-A080-42DA82E740DC} - (no file)

O3 - Toolbar: ???(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O8 - Extra context menu item: &使用BitComet下載本頁視頻 - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: 使用BitComet下載全部鏈接 - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: 使用BitComet下載鏈接(&B) - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {6A9B2484-3BE4-4FB2-ACF0-CC20B3B9F665} -

O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} -

O16 - DPF: {E0BE586C-7C66-4909-94D6-D18BBBDD6373} (?幺?????????冦) -

O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} -

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: atubhrlclbyl - C:\WINDOWS\

O20 - Winlogon Notify: awtuuut - C:\WINDOWS\

O20 - Winlogon Notify: clqgzgenzxpp - C:\WINDOWS\

O20 - Winlogon Notify: ddcyx - C:\WINDOWS\

O20 - Winlogon Notify: partnershipreg - C:\WINDOWS\

O21 - SSODL: DCOM Server 20509 - {2C1CD3D7-86AC-4068-93BC-A02304B20509} - (no file)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

 

Thanks a lot^^

 

Raphael

Share this post


Link to post
Share on other sites

Hello,

 

I notice that you do not seem to be running Antivirus software. This is somewhat suicidal in today's digital world. That's why I want you to install one!!

 

AVG, Avira OR Avast are good FREE antivirus. Run a full system scan with the one you chose to install, then post a new HijackThis log and let me know how your computer is running now, please. :)

 

Thanks,

tea

Share this post


Link to post
Share on other sites

Hello,

 

Downloaded AVG as you suggested, got tons of viruses deleted. Here's my new hjt log:

 

Logfile of HijackThis v1.99.1

Scan saved at 07:19:00PM, on 2007/5/1

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\conime.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe

C:\WINDOWS\System32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\Program Files\Grisoft\AVG7\avgcc.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Program Files\BitComet\BitComet.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\hjt\hijackthis.exe

 

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: (no name) - {C6815F0A-076B-4C22-A080-42DA82E740DC} - (no file)

O3 - Toolbar: ???(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O8 - Extra context menu item: &使用BitComet下載本頁視頻 - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: 使用BitComet下載全部鏈接 - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: 使用BitComet下載鏈接(&B) - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {6A9B2484-3BE4-4FB2-ACF0-CC20B3B9F665} -

O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} -

O16 - DPF: {E0BE586C-7C66-4909-94D6-D18BBBDD6373} (?幺?????????冦) -

O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} -

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: atubhrlclbyl - C:\WINDOWS\

O20 - Winlogon Notify: awtuuut - C:\WINDOWS\

O20 - Winlogon Notify: clqgzgenzxpp - C:\WINDOWS\

O20 - Winlogon Notify: ddcyx - C:\WINDOWS\

O20 - Winlogon Notify: partnershipreg - C:\WINDOWS\

O21 - SSODL: DCOM Server 20509 - {2C1CD3D7-86AC-4068-93BC-A02304B20509} - (no file)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

 

 

I also switched to Mozilla Firefox, which works great. I think my system is running much faster than before.

 

Thanks a bunch^^

 

Raphael

Share this post


Link to post
Share on other sites

Hello,

 

All very good to hear! :) Still some to do though..............

 

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis! fixes. So please disable TeaTimer by doing the following:

1) Run Spybot-S&D

2) Go to the Mode menu, and make sure "Advanced Mode" is selected

3) On the left hand side, choose Tools -> Resident

4) Uncheck "Resident TeaTimer" and OK any prompts

 

You can reenable TeaTimer once your system is clean.

 

Please download, install, and update AVG Anti-Spyware (formerly Ewido)

  1. Load AVG Anti-Spyware and then click the Update tab at the top. Under Manual Update click Start update.
  2. After the update finishes (the status bar at the bottom will display "Update successful")
  3. Click the settings tab, then click "apply all actions" and choose clean (quarantine)
  4. Close AVG. Do not run it yet.

Please reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the screen that appears.

 

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

 

O2 - BHO: (no name) - {C6815F0A-076B-4C22-A080-42DA82E740DC} - (no file)

O16 - DPF: {6A9B2484-3BE4-4FB2-ACF0-CC20B3B9F665} -

O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} -

O16 - DPF: {E0BE586C-7C66-4909-94D6-D18BBBDD6373} (???confused.gifconfused.gif???) -

O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} -

O20 - Winlogon Notify: atubhrlclbyl - C:\WINDOWS\

O20 - Winlogon Notify: awtuuut - C:\WINDOWS\

O20 - Winlogon Notify: clqgzgenzxpp - C:\WINDOWS\

O20 - Winlogon Notify: ddcyx - C:\WINDOWS\

O20 - Winlogon Notify: partnershipreg - C:\WINDOWS\

O21 - SSODL: DCOM Server 20509 - {2C1CD3D7-86AC-4068-93BC-A02304B20509} - (no file)

 

Close all browsers and other windows except for HijackThis!, and click "Fix checked".

  • In Safe Mode, load AVG Anti-Spyware and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
  • AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.
  • Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
  • Restart back into Normal Mode.

In your reply, please post the report from AVG and a new HijackThis log. Please also let me know how your computer is running. :)

 

Thanks,

tea

Share this post


Link to post
Share on other sites

Hello,

 

Sorry took so long to finish instructions, I could not find some options in AVG antispyware (I got v7.5).

So I manually picked Delete and apply to all when it finished scanning. Anyway, here are my log files:

 

hjt log:

 

Logfile of HijackThis v1.99.1

Scan saved at 05:20:06PM, on 2007/5/3

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe

C:\WINDOWS\System32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\hjt\hijackthis.exe

 

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: ???(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O8 - Extra context menu item: &使用BitComet下載本頁視頻 - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: 使用BitComet下載全部鏈接 - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: 使用BitComet下載鏈接(&B) - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

 

and the AVG antispyware report:

 

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 05:17:16pm 2007/5/3

 

+ Scan result:

 

 

 

C:\WINDOWS\system32\ouzdgf.dll -> Adware.PurityScan : Cleaned.

C:\WINDOWS\system32\cqsqhwpk\cqsqhwpk1.exe -> Adware.UltimateDefender : Cleaned.

C:\WINDOWS\system32\cqsqhwpk\cqsqhwpk2.exe -> Adware.UltimateDefender : Cleaned.

C:\WINDOWS\system32\cqsqhwpk\cqsqhwpk3.exe -> Adware.UltimateDefender : Cleaned.

C:\Program Files\hjt\backups\backup-20070420-145515-975.dll -> Adware.Virtumonde : Cleaned.

C:\Program Files\hjt\backups\backup-20070420-151537-691.dll -> Adware.Virtumonde : Cleaned.

C:\WINDOWS\system32\update72513345.exe -> Downloader.Delf.bgy : Cleaned.

C:\Program Files\Messenger Plus! 3\Setup.dat/sponsor.exe -> Downloader.Swizzor.ag : Cleaned.

D:\Tools\Msn\MsgPlus-301.exe/sponsor.exe -> Downloader.Swizzor.ag : Cleaned.

C:\Documents and Settings\Duke\Local Settings\Temp\Install-Errorprotector-Free.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned.

C:\WINDOWS\Downloaded Program Files\UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.

:mozilla.156:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.208:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.278:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Administrator\Cookies\administrator@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Duke\Cookies\duke@networksolutions.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Duke\Cookies\duke@www.abcsearch[1].txt -> TrackingCookie.Abcsearch : Cleaned.

:mozilla.100:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.

:mozilla.99:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.

C:\Documents and Settings\Duke\Cookies\duke@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.

:mozilla.44:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.

:mozilla.45:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.

:mozilla.46:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.

:mozilla.47:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.

:mozilla.48:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.

C:\Documents and Settings\Duke\Cookies\duke@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned.

:mozilla.200:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.201:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.202:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

C:\Documents and Settings\Duke\Cookies\duke@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.43:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.

C:\Documents and Settings\Duke\Cookies\duke@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.

:mozilla.369:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.

:mozilla.370:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.

:mozilla.13:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.

:mozilla.14:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.

:mozilla.15:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.

:mozilla.16:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.

:mozilla.95:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.

C:\Documents and Settings\Duke\Cookies\duke@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned.

:mozilla.77:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Com : Cleaned.

:mozilla.339:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.

:mozilla.340:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.

:mozilla.341:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.

:mozilla.342:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.

C:\Documents and Settings\Duke\Cookies\duke@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.

:mozilla.363:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Custom-click : Cleaned.

:mozilla.78:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.

C:\Documents and Settings\Duke\Cookies\duke@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.

C:\Documents and Settings\Duke\Cookies\duke@enhance[2].txt -> TrackingCookie.Enhance : Cleaned.

C:\Documents and Settings\Duke\Cookies\duke@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.

:mozilla.335:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.

C:\Documents and Settings\Duke\Cookies\duke@goclick[2].txt -> TrackingCookie.Goclick : Cleaned.

:mozilla.324:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.

:mozilla.330:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.

:mozilla.325:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.

:mozilla.326:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.

:mozilla.327:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.

C:\Documents and Settings\Duke\Cookies\duke@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.

:mozilla.132:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.

C:\Documents and Settings\Duke\Cookies\duke@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.

C:\Documents and Settings\Duke\Cookies\duke@ie.search.msn[1].txt -> TrackingCookie.Msn : Cleaned.

:mozilla.9:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.

:mozilla.312:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.

:mozilla.313:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.

:mozilla.110:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Overture : Cleaned.

C:\Documents and Settings\Administrator\Cookies\administrator@overture[1].txt -> TrackingCookie.Overture : Cleaned.

:mozilla.41:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.

:mozilla.436:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.

:mozilla.437:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.

:mozilla.438:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.

:mozilla.439:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.

:mozilla.440:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.

:mozilla.441:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.

:mozilla.199:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.

C:\Documents and Settings\Duke\Cookies\duke@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.

C:\Documents and Settings\Duke\Cookies\duke@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.

:mozilla.334:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.60:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.61:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.62:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.63:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.64:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.217:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.

:mozilla.218:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.

:mozilla.408:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.409:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

C:\Documents and Settings\Administrator\Cookies\administrator@skype[1].txt -> TrackingCookie.Skype : Cleaned.

:mozilla.288:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Spylog : Cleaned.

:mozilla.211:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.212:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.167:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.

:mozilla.169:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.

:mozilla.170:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.

:mozilla.171:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.

:mozilla.281:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.

:mozilla.282:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.

:mozilla.286:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Toplist : Cleaned.

:mozilla.102:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.

:mozilla.103:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.

:mozilla.104:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.

:mozilla.105:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.

:mozilla.106:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.

:mozilla.107:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.

:mozilla.108:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.

:mozilla.109:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.

C:\Documents and Settings\Duke\Cookies\duke@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.

:mozilla.216:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.

:mozilla.252:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.

:mozilla.253:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.

:mozilla.254:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.

:mozilla.381:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.

C:\Documents and Settings\Duke\Cookies\duke@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.

:mozilla.142:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.

:mozilla.146:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.

:mozilla.18:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.19:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.20:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.21:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.22:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.23:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.24:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.25:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

C:\Documents and Settings\Duke\Cookies\duke@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.333:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.

C:\Documents and Settings\Duke\Cookies\duke@c5.zedo[2].txt -> TrackingCookie.Zedo : Cleaned.

C:\Documents and Settings\Duke\Cookies\duke@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.

D:\game\PSP\MPHDowngrader\MPHDowngrader.zip/PSP/PHOTO/overflow.tif -> Trojan.PSPBrick : Cleaned.

D:\game\PSP\MPHDowngrader\PSP\PHOTO\overflow.tif -> Trojan.PSPBrick : Cleaned.

 

 

::Report end

 

Thanks a lot for solving all my questions.

 

Raphael

Share this post


Link to post
Share on other sites

I forgot to mention, my computer is doing well now. The network speed went up so much that it was noticable.

The startup speed of my computer seemed to slow down a bit compared to before procedures this time. Also, I found out that I lost access to shared files from my other PC on my network places (Although I could access them if I put down the who \\123\123 path).

Share this post


Link to post
Share on other sites

Hello,

 

Very glad it's so much better. :)

 

Let's clean everything out with this cool little program. I use it regularly and it beats doing it manually. ;)

 

Please download ATF Cleaner by Atribune.

  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.

If you use Firefox browser

  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

 

Now please run ComboFix again and post it's report in your reply.

 

Thanks,

tea

Share this post


Link to post
Share on other sites

Hello,

 

Done and done.

Combo fix log:

 

 

"Administrator" - 07-05-04 1:23:56 Service Pack 1

ComboFix 07-04-25.4V - Running from: "D:\Tools\"

 

 

((((((((((((((((((((((((((((((( Files Created from 2007-04-04 to 2007-05-04 ))))))))))))))))))))))))))))))))))

 

 

2007-05-03 13:33 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2007-04-27 17:54 49,152 --a------ C:\WINDOWS\nircmd.exe

2007-04-26 18:13 <DIR> d-------- C:\Program Files\ue_toolbar

2007-04-26 18:13 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\ue_toolbar

2007-04-26 18:13 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\IDMComp

2007-04-26 18:11 <DIR> d-------- C:\Program Files\IDM Computer Solutions

2007-04-26 17:57 <DIR> d-------- C:\WINDOWS\system32\Viewers

2007-04-26 17:56 <DIR> d-------- C:\WINDOWS\ShellNew

2007-04-26 17:56 <DIR> d-------- C:\Program Files\Snapshot Viewer

2007-04-26 17:54 <DIR> d-------- C:\WINDOWS\Twain32

2007-04-26 17:54 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft Web Folders

2007-04-26 17:39 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\AdobeUM

2007-04-25 01:10 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\vlc

2007-04-24 21:32 <DIR> d-------- C:\Program Files\KXploit Tool

2007-04-23 17:47 1,277 --a------ C:\WINDOWS\mozver.dat

2007-04-21 11:10 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Real

2007-04-21 02:30 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Talkback

2007-04-21 01:15 0 --a------ C:\WINDOWS\nsreg.dat

2007-04-21 01:08 <DIR> d-------- C:\Program Files\Common Files\Skype

2007-04-21 01:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype

2007-04-20 23:22 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Skype

2007-04-20 21:49 98,752 -ra------ C:\WINDOWS\system32\drivers\aeaudio.sys

2007-04-20 21:49 720,896 -ra------ C:\WINDOWS\system32\a3d.dll

2007-04-20 21:49 57,856 --a------ C:\WINDOWS\system32\drivers\drmk.sys

2007-04-20 21:49 549,672 -ra------ C:\WINDOWS\system32\drivers\smwdm.sys

2007-04-20 21:49 3,744 -ra------ C:\WINDOWS\system32\drivers\smsens.sys

2007-04-20 21:49 134,272 --a------ C:\WINDOWS\system32\drivers\portcls.sys

2007-04-20 20:53 <DIR> d-------- C:\VundoFix Backups

2007-04-20 17:47 <DIR> d-------- C:\WINDOWS\pss

2007-04-20 14:36 <DIR> d-------- C:\Program Files\hjt

2007-04-20 13:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy

2007-04-20 13:52 <DIR> d-------- C:\Program Files\Enigma Software Group

2007-04-20 05:48 <DIR> d---s---- C:\DOCUME~1\ADMINI~1\UserData

2007-04-20 05:48 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Google

2007-04-19 14:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\360safe

2007-04-19 14:46 <DIR> dr------- C:\DOCUME~1\ADMINI~1\「開始」功能表

2007-04-19 14:46 <DIR> d-------- C:\Program Files\Ultimate Fixer

2007-04-19 14:46 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\360Safe

2007-04-19 14:46 <DIR> d-------- C:\DOCUME~1\ADMINI~1\?面

2007-04-19 14:43 2,097,152 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT

2007-04-19 13:59 <DIR> d-------- C:\WINDOWS\system32\Fοnts

2007-04-17 17:55 262,144 --a------ C:\WINDOWS\system32\lout.exe

2007-04-17 17:55 <DIR> d-------- C:\WINDOWS\system32\cqsqhwpk

2007-04-17 16:15 <DIR> d-------- C:\DOCUME~1\Duke\APPLIC~1\360Safe

2007-04-17 16:04 <DIR> d-------- C:\DOCUME~1\Duke\.housecall6.6

2007-04-17 15:15 8,704 --a------ C:\WINDOWS\system32\sporder.dll

2007-04-17 14:45 107,012 --a------ C:\WINDOWS\system32\update69665071.exe

 

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

2007-05-03 17:16 -------- d-------- C:\Program Files\messenger plus! 3

2007-04-26 22:18 -------- d-------- C:\Program Files\bitcomet

2007-04-26 17:54 -------- d-------- C:\Program Files\microsoft frontpage

2007-04-26 14:12 2560 --a------ C:\WINDOWS\system32\bitcometres.dll

2007-04-21 01:08 -------- d-------- C:\Program Files\skype

2007-04-20 21:45 -------- d--h----- C:\Program Files\installshield installation information

2007-04-19 14:13 -------- d-------- C:\Program Files\google

2007-04-17 16:14 -------- d-------- C:\Program Files\flashget

2007-04-09 13:33 69752 --a------ C:\WINDOWS\system32\prfc0404.dat

2007-04-09 13:33 230796 --a------ C:\WINDOWS\system32\prfh0404.dat

2007-03-17 15:21 -------- d-------- C:\Program Files\bblack

2007-03-15 12:23 497496 --a------ C:\WINDOWS\system32\xceedzip.dll

2007-03-15 12:19 526184 --a------ C:\WINDOWS\system32\xceedcry.dll

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll

{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

{A5366673-E8CA-11D3-9CD9-0090271D075B} C:\PROGRA~1\FlashGet\jccatch.dll

{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar1.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"IMJPMIG8.1"="C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"

"PHIME2002ASync"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"

"PHIME2002A"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"

"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"

"nwiz"="nwiz.exe /install"

"MessengerPlus3"="\"C:\\Program Files\\Messenger Plus! 3\\MsgPlus.exe\""

"FinePrint Dispatcher v5"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\fpdisp5a.exe"

"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"

"LVCOMSX"="C:\\WINDOWS\\System32\\LVCOMSX.EXE"

"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe"

"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"

"LogitechGalleryRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe"

"SSC_UserPrompt"="C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"

"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

"Smapp"="C:\\Program Files\\Analog Devices\\SoundMAX\\Smtray.exe"

"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""

"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"

"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"

"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

"-1739182391.exe"="rem C:\\WINDOWS\\System32\\-1739182391.exe"

"RunOnce2Upd"="rem \"C:\\Documents and Settings\\Duke\\ie_updater.exe\""

"xloadnet"="rem \"C:\\Program Files\\xloadnet\\xloadnet.exe\""

"runner1"="rem C:\\WINDOWS\\updater.exe 61A847B5BBF72810329B385473F001F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310"

"LiveNote"="rem livenote.exe"

"spoolsvv"="rem C:\\WINDOWS\\System32\\spoolsvv.exe"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"ctfmon.exe"="C:\\WINDOWS\\System32\\ctfmon.exe"

"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]

"{2188CEDE-B239-484C-8EA6-B84DC1001001}"="atubhrlclbyl"

"{CEDE2188-484C-B239-A68E-DC1B84001001}"="clqgzgenzxpp"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

 

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa

Authentication Packages REG_MULTI_SZ msv1_0\0\0

Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0

Notification Packages REG_MULTI_SZ scecli\0\0

 

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]

LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0

NetworkService REG_MULTI_SZ DnsCache\0\0

rpcss REG_MULTI_SZ RpcSs\0\0

imgsvc REG_MULTI_SZ StiSvc\0\0

termsvcs REG_MULTI_SZ TermService\0\0

 

 

 

Contents of the 'Scheduled Tasks' folder

C:\WINDOWS\tasks\Symantec NetDetect.job

 

********************************************************************

 

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-05-04 01:25:40

Windows 5.1.2600 Service Pack 1 NTFS

 

scanning hidden processes ...

 

scanning hidden services ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

********************************************************************

 

Completion time: 07-05-04 1:25:44

C:\ComboFix-quarantined-files.txt ... 07-05-04 01:25

C:\ComboFix2.txt ... 07-04-27 17:54

 

 

Thanks for the all great help and effort! Computer is running awesome now.

 

Raphael

Share this post


Link to post
Share on other sites

Hello,

 

Please download SmitfraudFix (by S!Ri)

Extract the content (a folder named SmitfraudFix) to your Desktop.

 

Open the SmitfraudFix folder and double-click smitfraudfix.cmd

Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).

Please copy/paste the content of that report into your next reply.

 

Thanks,

tea

Share this post


Link to post
Share on other sites

Hello,

 

Finished downloading the program, and here are the results:

 

SmitFraudFix v2.175

 

Scan done at 14:29:17.64, 2007/05/05 星期六

Run from C:\Documents and Settings\Administrator\?面\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in normal mode

 

ササササササササササササササササササササササササ Process

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe

C:\WINDOWS\System32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\conime.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\System32\cmd.exe

 

ササササササササササササササササササササササササ hosts

 

 

ササササササササササササササササササササササササ C:\

 

 

ササササササササササササササササササササササササ C:\WINDOWS

 

 

ササササササササササササササササササササササササ C:\WINDOWS\system

 

 

ササササササササササササササササササササササササ C:\WINDOWS\Web

 

 

ササササササササササササササササササササササササ C:\WINDOWS\system32

 

 

ササササササササササササササササササササササササ C:\Documents and Settings\Administrator

 

 

ササササササササササササササササササササササササ C:\Documents and Settings\Administrator\Application Data

 

 

ササササササササササササササササササササササササ Start Menu

 

 

ササササササササササササササササササササササササ

 

 

ササササササササササササササササササササササササ Desktop

 

 

ササササササササササササササササササササササササ C:\Program Files

 

 

ササササササササササササササササササササササササ Corrupted keys

 

 

ササササササササササササササササササササササササ Desktop Components

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="目前的首頁"

 

 

ササササササササササササササササササササササササ Sharedtaskscheduler

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{2188CEDE-B239-484C-8EA6-B84DC1001001}"="atubhrlclbyl"

 

[HKEY_CLASSES_ROOT\CLSID\{2188CEDE-B239-484C-8EA6-B84DC1001001}\InProcServer32]

@="C:\WINDOWS\system32\atubhrlclbyl.dll"

 

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2188CEDE-B239-484C-8EA6-B84DC1001001}\InProcServer32]

@="C:\WINDOWS\system32\atubhrlclbyl.dll"

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{CEDE2188-484C-B239-A68E-DC1B84001001}"="clqgzgenzxpp"

 

[HKEY_CLASSES_ROOT\CLSID\{CEDE2188-484C-B239-A68E-DC1B84001001}\InProcServer32]

@="C:\WINDOWS\system32\clqgzgenzxpp.dll"

 

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{CEDE2188-484C-B239-A68E-DC1B84001001}\InProcServer32]

@="C:\WINDOWS\system32\clqgzgenzxpp.dll"

 

 

 

ササササササササササササササササササササササササ AppInit_DLLs

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

 

 

ササササササササササササササササササササササササ Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

ササササササササササササササササササササササササ pe386-msguard-lzx32-huy32

 

 

 

ササササササササササササササササササササササササ DNS

 

Description: Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport

DNS Server Search Order: 168.95.1.1

DNS Server Search Order: 4.2.2.2

DNS Server Search Order: 68.94.156.1

 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{3B47FF8F-1350-4EF2-8F28-9F974B789CB8}: DhcpNameServer=168.95.1.1 4.2.2.2 68.94.156.1

HKLM\SYSTEM\CS1\Services\Tcpip\..\{3B47FF8F-1350-4EF2-8F28-9F974B789CB8}: DhcpNameServer=168.95.1.1 4.2.2.2 68.94.156.1

HKLM\SYSTEM\CS2\Services\Tcpip\..\{3B47FF8F-1350-4EF2-8F28-9F974B789CB8}: DhcpNameServer=168.95.1.1 4.2.2.2 68.94.156.1

HKLM\SYSTEM\CS3\Services\Tcpip\..\{3B47FF8F-1350-4EF2-8F28-9F974B789CB8}: DhcpNameServer=168.95.1.1 4.2.2.2 68.94.156.1

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=168.95.1.1 4.2.2.2 68.94.156.1

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=168.95.1.1 4.2.2.2 68.94.156.1

HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=168.95.1.1 4.2.2.2 68.94.156.1

HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=168.95.1.1 4.2.2.2 68.94.156.1

 

 

ササササササササササササササササササササササササ Scanning for wininet.dll infection

 

 

ササササササササササササササササササササササササ End

 

 

Thanks a lot!!

 

Raphael

Share this post


Link to post
Share on other sites

Hello,

 

You're welcome. :) You said it was running well before, so it ought to run even better after this :

 

You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

 

Please reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.

Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd

Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

 

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

 

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

 

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.

The report can also be found at the root of the system drive, usually at C:\rapport.txt

 

Thanks,

tea

Share this post


Link to post
Share on other sites

Hello,

 

Runned the program and followed the instructions, here are the logs:

 

Logfile of HijackThis v1.99.1

Scan saved at 03:47:22pm, on 2007/5/7

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\LVCOMSX.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\PROGRA~1\Grisoft\AVG7\avgw.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\hjt\hijackthis.exe

 

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: ???(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O8 - Extra context menu item: &使用BitComet下載本頁視頻 - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: 使用BitComet下載全部鏈接 - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: 使用BitComet下載鏈接(&B) - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

 

and the other one:

 

SmitFraudFix v2.175

 

Scan done at 15:42:59.39, 2007/05/07 星期一

Run from C:\Documents and Settings\Administrator\?面\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in safe mode

 

ササササササササササササササササササササササササ SharedTaskScheduler Before SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{2188CEDE-B239-484C-8EA6-B84DC1001001}"="atubhrlclbyl"

 

[HKEY_CLASSES_ROOT\CLSID\{2188CEDE-B239-484C-8EA6-B84DC1001001}\InProcServer32]

@="C:\WINDOWS\system32\atubhrlclbyl.dll"

 

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2188CEDE-B239-484C-8EA6-B84DC1001001}\InProcServer32]

@="C:\WINDOWS\system32\atubhrlclbyl.dll"

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{CEDE2188-484C-B239-A68E-DC1B84001001}"="clqgzgenzxpp"

 

[HKEY_CLASSES_ROOT\CLSID\{CEDE2188-484C-B239-A68E-DC1B84001001}\InProcServer32]

@="C:\WINDOWS\system32\clqgzgenzxpp.dll"

 

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{CEDE2188-484C-B239-A68E-DC1B84001001}\InProcServer32]

@="C:\WINDOWS\system32\clqgzgenzxpp.dll"

 

 

ササササササササササササササササササササササササ Killing process

 

 

ササササササササササササササササササササササササ hosts

 

127.0.0.1 localhost

 

ササササササササササササササササササササササササ Generic Renos Fix

 

GenericRenosFix by S!Ri

 

 

ササササササササササササササササササササササササ Deleting infected files

 

 

ササササササササササササササササササササササササ DNS

 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{3B47FF8F-1350-4EF2-8F28-9F974B789CB8}: DhcpNameServer=168.95.1.1 4.2.2.2 68.94.156.1

HKLM\SYSTEM\CS1\Services\Tcpip\..\{3B47FF8F-1350-4EF2-8F28-9F974B789CB8}: DhcpNameServer=168.95.1.1 4.2.2.2 68.94.156.1

HKLM\SYSTEM\CS2\Services\Tcpip\..\{3B47FF8F-1350-4EF2-8F28-9F974B789CB8}: DhcpNameServer=168.95.1.1 4.2.2.2 68.94.156.1

HKLM\SYSTEM\CS3\Services\Tcpip\..\{3B47FF8F-1350-4EF2-8F28-9F974B789CB8}: DhcpNameServer=168.95.1.1 4.2.2.2 68.94.156.1

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=168.95.1.1 4.2.2.2 68.94.156.1

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=168.95.1.1 4.2.2.2 68.94.156.1

HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=168.95.1.1 4.2.2.2 68.94.156.1

HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=168.95.1.1 4.2.2.2 68.94.156.1

 

 

ササササササササササササササササササササササササ Deleting Temp Files

 

 

ササササササササササササササササササササササササ Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

ササササササササササササササササササササササササ Registry Cleaning

 

Registry Cleaning done.

 

ササササササササササササササササササササササササ SharedTaskScheduler After SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{2188CEDE-B239-484C-8EA6-B84DC1001001}"="atubhrlclbyl"

 

[HKEY_CLASSES_ROOT\CLSID\{2188CEDE-B239-484C-8EA6-B84DC1001001}\InProcServer32]

@="C:\WINDOWS\system32\atubhrlclbyl.dll"

 

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2188CEDE-B239-484C-8EA6-B84DC1001001}\InProcServer32]

@="C:\WINDOWS\system32\atubhrlclbyl.dll"

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{CEDE2188-484C-B239-A68E-DC1B84001001}"="clqgzgenzxpp"

 

[HKEY_CLASSES_ROOT\CLSID\{CEDE2188-484C-B239-A68E-DC1B84001001}\InProcServer32]

@="C:\WINDOWS\system32\clqgzgenzxpp.dll"

 

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{CEDE2188-484C-B239-A68E-DC1B84001001}\InProcServer32]

@="C:\WINDOWS\system32\clqgzgenzxpp.dll"

 

 

 

ササササササササササササササササササササササササ End

 

 

Thanks a lot,

 

Raphael

Share this post


Link to post
Share on other sites

Hello Raphael,

 

That looks much better! How is it running? Popups gone?

 

Please download ATF Cleaner by Atribune.

  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.

If you use Firefox browser

  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

 

Please go Here to run Panda's ActiveScan. (You must use IE for this one). http://www.pandasoftware.com/products/activescan.htm

Once you are on the Panda site click the Scan your PC button

 

A new window will open...click the Check Now button.

Enter your State/Providence

Enter your E-mail address and click send.

Select either Home user or Company.

 

Click the big Scan Now button

 

* If it wants to install an ActiveX component allow it

* It will start downloading the files it requires for the scan (Note: It may take a few minutes)

 

When the download is complete, click on My Computer to start the scan.

 

When the scan completes, if anything malicious is detected, click the See Report button, then Save report and save it to a convenient location (activescan.txt to desktop).

 

Post the contents of the ActiveScan report, please, and let me know how it's running. :)

 

Thanks,

tea

Share this post


Link to post
Share on other sites

Hello,

 

Just started to do the online scan process, so I decided to report how my computer is running atm.

 

I think it's running much more faster now, and no, there are no more popups.

 

Just started my IE (to run the online scan), it started very slow, but browsing speed was as fast as before.

 

Nothing else I noticed of.

 

Thank you,

 

Raphael

 

ps. after the last clean with SmitfraudFix, my screensaver and desktop background pic disappeared, but I think that's minor ^^.

Share this post


Link to post
Share on other sites

Hi again,

 

I tried to use the scan, but it always ended up hanging @ c:\ntldr. I tried 4 times and gave up.

 

before it hangs, it picks up 3 viruses that are not a threat (quarantined?). and twenty something spywares.

 

Thanks a lot

 

Raphael

Share this post


Link to post
Share on other sites

Hello,

 

I'm so sorry! :weep: I completely overlooked this. Do you still need help?

Share this post


Link to post
Share on other sites

Since this issue appears resolved ... this Topic is closed.

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

 

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0