Suspicious processes, please help

Welcome to your place for tech questions! ( Log In or Join today ) Get answers from experts today. (it's 100% free) Virus removal forum

What the Tech > Spyware / Malware / Virus Removal > Virus, Spyware & Malware Removal

3 Pages

1 2 3 >

Suspicious processes, please help

Options

cpzspeeder View Member Profile	Dec 31 2006, 05:26 PM Post #1
Authentic Member Group: Authentic Member Posts: 20 Joined: 31-December 06 Member No.: 65,877 Operating System: windows xp pro	hello all, My pc seems to be running slightly slow at times, occaisional freezeups. What brought me here is i noticed service.exe and system.exe running when looking up these items, it could be i've become infected with a trojan/virus etc I am running a software firewall, along with Nortons AV, and do often use clients such as edonkey or utorrent. With that being said, i was hoping if anyone that is knowledgable about this could provide some info to help me clean out my system of anything that should be of concern. My head is spinning looking up all these processes, i'm second guessing myself on each item and getting worried i'll start deleting things and make things worse. i need/would like to get rid of service.exe , system.exe and anything else that might be a trojen or virus etc (me thinks there are probably more lurking). I ran a scan with hijackthis 1.99.1 the log is below. any help is greatly greatly appreciated, Logfile of HijackThis v1.99.1 Scan saved at 2:45:30 PM, on 12/31/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe C:\Program Files\MacOpener\FORMATM.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\No-IP\DUC20.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\RPDFLchr.exe C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\Razer\Copperhead\razerhid.exe C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe C:\WINDOWS\CTHELPER.EXE C:\Program Files\Razer\Copperhead\razertra.exe C:\Program Files\Razer\Copperhead\razerofa.exe C:\Program Files\Hmonitor\hmonitor.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\ATI Multimedia\main\ATIDtct.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\SYSTEM32\DRIVERS\etc\service.exe C:\WINDOWS\SYSTEM32\DRIVERS\etc\system.exe C:\Program Files\MacOpener\MacName.exe C:\Documents and Settings\sysop\Desktop\hijackthis\HijackThis.exe O1 - Hosts: 80.190.241.30 home.edonkey.com O1 - Hosts: 80.190.241.30 home.edonkey.com O1 - Hosts: 80.190.241.30 home.edonkey.com O1 - Hosts: 80.190.241.30 home.edonkey.com O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: PopUpCop - {DB43E4E6-FF8A-4018-8C8E-F68587A44A73} - C:\PROGRA~1\PopUpCop\PopUpCop.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [RoboPDF] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\RPDFLchr.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKLM\..\Run: [MDDiskProtect.exe] C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe O4 - HKLM\..\Run: [MediafourGettingStartedWithMacDrive6] "C:\Program Files\Mediafour\MacDrive\MacDrive.exe" /runonce O4 - HKLM\..\Run: [FileSharingRevolution_WhenUSaveNow_Installer] C:\Program Files\FileSharingRevolution_WhenUSaveNow_Installer\FileSharingRevolution_WhenUSaveNow_Installer.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [MacLicense] "C:\Program Files\MacOpener\MacLic.exe" O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\Copperhead\razerhid.exe O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /run O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [hmonitor] C:\Program Files\Hmonitor\hmonitor.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] __"C:\Program Files\iTunes\iTunesHelper.exe"__ O4 - HKLM\..\Run: [Windows Antihacker Service] C:\WINDOWS\SYSTEM32\DRIVERS\etc\LSASS.exe C:\WINDOWS\SYSTEM32\DRIVERS\etc\service.exe C:\WINDOWS\SYSTEM32\DRIVERS\etc\conf.dll O4 - HKLM\..\Run: [Windows Security Service] C:\WINDOWS\SYSTEM32\DRIVERS\etc\LSASS.exe C:\WINDOWS\SYSTEM32\DRIVERS\etc\system.exe C:\WINDOWS\SYSTEM32\DRIVERS\etc\serv-u.ini O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: MacName.lnk = C:\Program Files\MacOpener\MacName.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open Image in New Window - res://C:\Program Files\PopUpCop\popupcop.dll/imagenew O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1142718420874 O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirel...loadControl.cab O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) - O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Plug-in 1.5.0_09) - O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15026/CTPID.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{51288408-2739-45E9-836A-9ED6B92218D8}: NameServer = 167.206.3.222,167.206.3.221,167.206.245.6 O20 - Winlogon Notify: MacDrive-iTunes compatibility - C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: MacFormatService - Unknown owner - C:\Program Files\MacOpener\FORMATM.EXE" /SERVICE (file missing) O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Neth - Unknown owner - C:\WINDOWS\system32\netid.exe (file missing) O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Program Files\No-IP\DUC20.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe This post has been edited by cpzspeeder: Dec 31 2006, 05:30 PM

Susan528 View Member Profile	Jan 1 2007, 12:17 PM Post #2
SuperMember Group: Authentic Member Posts: 3,194 Joined: 25-May 05 From: L.A. (lower Alabama) Member No.: 33,131 Operating System: Windows XP Pro	Hello cpzspeeder and Welcome to TomCoyote, Please do the following: STEP 1. ====== SDFix Also download SDFix.zip and save it to the Desktop. Right click the SDFix.zip folder Select: Extract All to extract it to its own folder on the Desktop. ==== Start the computer in Safe Mode : -When the machine first starts again, tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. -Select the option for Safe Mode using the arrow keys. -Press Enter to boot into Safe Mode. ==== Open the SDFix folder on the Desktop, and double click RunThis.bat to start the script. Type Y to begin the cleanup process. The process removes any Trojan Services or Registry Entries found, and then prompts you to press any key to Reboot. Press any key to restart the PC. When the PC restarts the SDFix will run again and complete the removal process It then displays Finished Press any key to end the script and load the Desktop icons. Once the Desktop icons load, the SDFix report opens on screen and saves itself in the SDFix folder as Report.txt. STEP 2. ====== Regscan Please download RegScan. Within RegScan.zip you will find the file regscan.vbs You may have to allow this script to run or disable anti-spyware again in order for it to run. A window will open titled RegFinder.vbs and you will see place to input search terms. Please enter the search terms: Windows Security Service After the search has completed a window titled Results.txt will open. Please copy the results and post(reply) back. Please repeat for Windows Antihacker Service STEP 3. ====== Combofix Download this file - combofix.exe Double click combofix.exe & follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall Please post the Report.txt, the results from the Regscan, the ComboFix log, and a new hijackthis log.

cpzspeeder View Member Profile	Jan 1 2007, 02:59 PM Post #3
Authentic Member Group: Authentic Member Posts: 20 Joined: 31-December 06 Member No.: 65,877 Operating System: windows xp pro	thank you so much for your help, i really appreciate it. Below is the information you requested after running through all the items. 1....... Report.txt SDFix: Version 1.53 **************** Mon 01/01/2007 - 15:27:09.70 Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Stage One - Safe Mode Checking Services... Service Name: File Path: Starting Registry Repairs... Restoring Default Hosts File... Stage One Complete Rebooting... Stage Two - Normal Mode Checking For Malware: -------------------- C:\DOCUME~1\sysop\LOCALS~1\Temp\aax12A.tmp.exe C:\DOCUME~1\sysop\LOCALS~1\Temp\aax6.tmp.exe Backing Up and Removing any Files Found... Alternate Stream Check: C:\WINDOWS\system32 No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Sunbelt Software\\Personal Firewall 4\\kpf4gui.exe"="C:\\Program Files\\Sunbelt Software\\Personal Firewall 4\\kpf4gui.exe::Enabled:Sunbelt Kerio Personal Firewall 4 - GUI" "C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe::Enabled:µTorrent" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe"="C:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe::Disabled:pcAnywhere Host Service" "C:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"="C:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe::Disabled:pcAnywhere Remote Service" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe::Enabled:iTunes" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" Remaining Files: --------------- Backups Folder: - C:\SDFix\backups\backups.zip Checking for files with Hidden Attributes: C:\WINDOWS\system32\cdplayer.exe.manifest C:\WINDOWS\system32\logonui.exe.manifest C:\IO.SYS C:\MSDOS.SYS C:\pagefile.sys FINISHED!

cpzspeeder View Member Profile	Jan 1 2007, 03:01 PM Post #4
Authentic Member Group: Authentic Member Posts: 20 Joined: 31-December 06 Member No.: 65,877 Operating System: windows xp pro	Below is the information you requested after running through all the items. 2....... No items found for "Windows Security Service" & this for "Windows Antihacker Service" Windows Registry Editor Version 5.00 ; Regscan.vbs Version: 1.2 by rand1038 ; 1/1/2007 3:45:47 PM ; Search Term(s) Used: "Windows Antihacker Service" ; 1 matches were found. ; The search took 51 seconds. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Antihacker Service"="C:\\WINDOWS\\SYSTEM32\\DRIVERS\\etc\\LSASS.exe C:\\WINDOWS\\SYSTEM32\\DRIVERS\\etc\\service.exe C:\\WINDOWS\\SYSTEM32\\DRIVERS\\etc\\conf.dll"

cpzspeeder View Member Profile	Jan 1 2007, 03:03 PM Post #5
Authentic Member Group: Authentic Member Posts: 20 Joined: 31-December 06 Member No.: 65,877 Operating System: windows xp pro	3....... sysop - 07-01-01 15:46:17.84 Service Pack 2 ComboFix 06.11.27 - Running from: "C:\Documents and Settings\sysop\Desktop\spyware_removal" ((((((((((((((((((((((((((((((( Files Created from 2006-12-01 to 2007-01-01 )))))))))))))))))))))))))))))))))) 2007-01-01 15:21 <DIR> d-------- C:\SDFix 2006-12-31 17:10 <DIR> d-------- C:\WINDOWS\pss 2006-12-30 14:52 <DIR> d-------- C:\Documents and Settings\sysop\Application Data\Alien Skin 2006-12-28 12:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip 2006-12-26 20:54 <DIR> d-------- C:\Program Files\Xilisoft 2006-12-26 19:55 <DIR> d-------- C:\Program Files\iTunes 2006-12-26 19:55 <DIR> d-------- C:\Program Files\iPod 2006-12-19 22:19 <DIR> d-------- C:\Program Files\DVD Shrink 2006-12-19 22:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink 2006-12-19 21:15 <DIR> d-------- C:\Documents and Settings\sysop\Application Data\SlySoft 2006-12-19 20:54 <DIR> d-------- C:\Program Files\SlySoft 2006-12-19 20:51 <DIR> d-------- C:\Documents and Settings\sysop\Application Data\Elaborate Bytes 2006-12-19 20:29 <DIR> d-------- C:\Program Files\Elaborate Bytes 2006-12-16 00:00 <DIR> d-------- C:\Program Files\Lightscribe Extended Label Contrast Utility 2006-12-15 23:59 <DIR> d-------- C:\WINDOWS\MVUNINST 2006-12-15 23:59 <DIR> d-------- C:\Program Files\SureThing 2006-12-15 23:59 <DIR> d-------- C:\Program Files\Common Files\SureThing Shared 2006-12-15 23:55 <DIR> d-------- C:\Program Files\LightScribe 2006-12-15 23:53 <DIR> d-------- C:\Program Files\Common Files\LightScribe 2006-12-15 23:33 2,916,352 --------- C:\WINDOWS\UNNMP.exe 2006-12-15 23:30 <DIR> d-------- C:\Program Files\Common Files\Nero 2006-12-15 23:20 24,064 --------- C:\WINDOWS\system32\msxml3a.dll 2006-12-15 23:20 2,977,792 --------- C:\WINDOWS\UNNeroVision.exe 2006-12-15 23:19 38,912 --------- C:\WINDOWS\system32\picn20.dll 2006-12-15 23:19 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll 2006-12-15 23:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead 2006-12-15 22:45 <DIR> d-------- C:\Program Files\SAMSUNG 2006-12-15 17:26 <DIR> d-------- C:\Program Files\Total Video Converter 2006-12-15 06:13 26,824 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys 2006-12-15 06:13 15,440 --a------ C:\WINDOWS\system32\drivers\ElbyCDIO.sys 2006-12-15 06:13 11,984 --a------ C:\WINDOWS\system32\drivers\RegKill.sys 2006-12-13 12:24 89,296 --a------ C:\WINDOWS\system32\ElbyCDIO.dll 2006-12-12 21:01 <DIR> d-------- C:\Documents and Settings\sysop\Application Data\Help 2006-12-12 08:30 520,192 --a------ C:\WINDOWS\system32\DivXsm.exe 2006-12-12 08:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2006-12-12 08:30 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll 2006-12-12 08:30 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll 2006-12-12 08:25 806,912 --a------ C:\WINDOWS\system32\divx_xx0c.dll 2006-12-12 08:25 806,912 --a------ C:\WINDOWS\system32\divx_xx07.dll 2006-12-12 08:25 790,528 --a------ C:\WINDOWS\system32\divx_xx11.dll 2006-12-12 08:25 73,728 --a------ C:\WINDOWS\system32\dpl100.dll 2006-12-12 08:25 635,486 --a------ C:\WINDOWS\system32\DivX.dll 2006-12-12 08:25 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll 2006-12-12 08:25 57,344 --a------ C:\WINDOWS\system32\dpv11.dll 2006-12-12 08:25 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll 2006-12-12 08:25 344,064 --a------ C:\WINDOWS\system32\dpus11.dll 2006-12-12 08:25 294,912 --a------ C:\WINDOWS\system32\dpu11.dll 2006-12-12 08:25 294,912 --a------ C:\WINDOWS\system32\dpu10.dll 2006-12-12 08:25 196,608 --a------ C:\WINDOWS\system32\dtu100.dll 2006-12-12 08:24 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll 2006-12-12 08:24 118,784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-01-01 15:39 -------- d-------- C:\Program Files\Common Files 2007-01-01 15:07 -------- d-------- C:\Documents and Settings\sysop\Application Data\uTorrent 2006-12-30 21:42 125 ---hs---- C:\Documents and Settings\sysop\Application Data\.zreglib 2006-12-30 15:23 -------- d-------- C:\Program Files\StarWarsGalaxies 2006-12-30 14:56 -------- d-------- C:\Documents and Settings\sysop\Application Data\Adobe 2006-12-30 13:34 -------- d-------- C:\Program Files\eDonkey2000 Lite 2006-12-28 12:11 -------- d-------- C:\Program Files\WinZip 2006-12-28 01:59 -------- d---s---- C:\Documents and Settings\sysop\Application Data\Microsoft 2006-12-26 19:54 -------- d-------- C:\Program Files\QuickTime 2006-12-26 07:00 -------- d-------- C:\Program Files\Common Files\Symantec Shared 2006-12-20 10:57 -------- d-------- C:\Program Files\Java 2006-12-19 21:15 34308 --a------ C:\WINDOWS\system32\BASSMOD.dll 2006-12-19 15:22 -------- d-------- C:\Documents and Settings\sysop\Application Data\MailWasherPro 2006-12-18 14:02 -------- d-------- C:\Program Files\DivX 2006-12-15 23:33 -------- d-------- C:\Program Files\Ahead 2006-12-15 22:45 -------- d--h----- C:\Program Files\InstallShield Installation Information 2006-12-13 21:24 -------- d-------- C:\Program Files\Internet Explorer 2006-12-13 21:22 -------- d-------- C:\Program Files\Outlook Express 2006-12-13 21:22 -------- d-------- C:\Program Files\Common Files\System 2006-12-06 22:40 2362184 --a------ C:\WINDOWS\system32\wmvcore.dll 2006-11-30 11:01 -------- d-------- C:\Program Files\Hmonitor 2006-11-25 01:41 86016 --a------ C:\WINDOWS\system32\OpenAL32.dll 2006-11-25 01:41 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll 2006-11-25 01:24 -------- d-------- C:\Program Files\Creative 2006-11-24 18:22 -------- d-------- C:\Documents and Settings\sysop\Application Data\Creative 2006-11-24 16:17 -------- d-------- C:\Documents and Settings\sysop\Application Data\PopupCop 2006-11-22 16:01 -------- d-------- C:\Program Files\Symantec 2006-11-20 19:43 -------- d-------- C:\Program Files\Opera 2006-11-15 22:30 -------- d-------- C:\Program Files\ATI Multimedia 2006-11-15 22:27 -------- d-------- C:\Program Files\TitanTV 2006-11-15 22:27 -------- d-------- C:\Program Files\msaccrt 2006-11-15 22:26 -------- d-------- C:\Program Files\Windows Media Components 2006-11-15 19:25 -------- d-------- C:\Program Files\MSXML 4.0 2006-11-15 12:23 -------- d-------- C:\Program Files\QPST 2006-11-12 15:54 -------- d-------- C:\Program Files\GlobalSCAPE 2006-11-11 23:13 -------- d-------- C:\Documents and Settings\sysop\Application Data\DivX 2006-11-11 23:12 -------- d-------- C:\Program Files\Screen Recorder 2006-11-11 14:14 -------- d-------- C:\Program Files\Teamspeak2_RC2 Server 2006-11-10 20:28 -------- d-------- C:\Program Files\Vodei 2006-11-09 18:49 359808 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS 2006-11-09 17:32 -------- d-------- C:\Program Files\uTorrent 2006-11-07 21:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll 2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe 2006-11-05 13:50 -------- d-------- C:\Program Files\UltraISO 2006-11-05 13:50 -------- d-------- C:\Program Files\Common Files\EZB Systems 2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll 2006-10-20 16:59 40960 --a------ C:\WINDOWS\system32\frapsvid.dll 2006-10-19 05:56 713216 --a------ C:\WINDOWS\system32\sxs.dll 2006-10-17 18:16 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2006-10-13 04:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll 2006-10-13 04:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll 2006-10-13 04:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll 2006-10-11 21:05 520192 --------- C:\WINDOWS\system32\ati2sgag.exe 2006-10-11 17:47 307200 --a------ C:\WINDOWS\system32\atiiiexx.dll 2006-10-11 17:44 260608 --a------ C:\WINDOWS\system32\ati2dvag.dll 2006-10-11 17:38 90112 --a------ C:\WINDOWS\system32\ati2evxx.dll 2006-10-11 17:38 41984 --a------ C:\WINDOWS\system32\ati2edxx.dll 2006-10-11 17:38 26112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe 2006-10-11 17:38 118784 --a------ C:\WINDOWS\system32\atipdlxx.dll 2006-10-11 17:38 106496 --a------ C:\WINDOWS\system32\Oemdspif.dll 2006-10-11 17:37 430080 --a------ C:\WINDOWS\system32\ati2evxx.exe 2006-10-11 17:36 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL 2006-10-11 17:31 2518336 --a------ C:\WINDOWS\system32\ati3duag.dll 2006-10-11 17:26 1092960 --a------ C:\WINDOWS\system32\ativvaxx.dll 2006-10-11 17:22 6684672 --a------ C:\WINDOWS\system32\atioglx1.dll 2006-10-11 17:22 303104 --a------ C:\WINDOWS\system32\ATIDEMGR.dll 2006-10-11 17:20 5148672 --a------ C:\WINDOWS\system32\atioglxx.dll 2006-10-11 17:15 221184 --a------ C:\WINDOWS\system32\atikvmag.dll 2006-10-11 17:14 17408 --a------ C:\WINDOWS\system32\atitvo32.dll 2006-10-11 17:10 294912 --a------ C:\WINDOWS\system32\ati2cqag.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe" @="" "ATI Launchpad"="" "ATI DeviceDetect"="C:\\Program Files\\ATI Multimedia\\main\\ATIDtct.EXE" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\"" "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\"" "Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer" "Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\"" "RoboPDF"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\2\\RPDFLchr.exe" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "Mediafour Mac Volume Notifications"="\"C:\\Program Files\\Common Files\\Mediafour\\MACVNTFY.EXE\" /auto" "SPAMfighter Agent"="\"C:\\Program Files\\SPAMfighter\\SFAgent.exe\" update delay 60" "MDDiskProtect.exe"="C:\\Program Files\\Mediafour\\MacDrive\\MDDiskProtect.exe" "MediafourGettingStartedWithMacDrive6"="\"C:\\Program Files\\Mediafour\\MacDrive\\MacDrive.exe\" /runonce" "FileSharingRevolution_WhenUSaveNow_Installer"="C:\\Program Files\\FileSharingRevolution_WhenUSaveNow_Installer\\FileSharingRevolution_WhenUSaveNow_Installer.exe" "RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\"" "MacLicense"="\"C:\\Program Files\\MacOpener\\MacLic.exe\"" "HP Software Update"="c:\\Program Files\\Hp\\HP Software Update\\HPWuSchd2.exe" "DAEMON Tools-1033"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033" "razer"="C:\\Program Files\\Razer\\Copperhead\\razerhid.exe" "TotalRecorderScheduler"="\"C:\\Program Files\\HighCriteria\\TotalRecorder\\TotRecSched.exe\"" "CTxfiHlp"="CTXFIHLP.EXE" "CTSysVol"="C:\\Program Files\\Creative\\SBAudigy2\\Surround Mixer\\CTSysVol.exe" "UpdReg"="C:\\WINDOWS\\UpdReg.EXE" "CTStartup"="\"C:\\Program Files\\Creative\\Splash Screen\\CTEaxSpl.EXE\" /run" "CTHelper"="CTHELPER.EXE" "hmonitor"="C:\\Program Files\\Hmonitor\\hmonitor.exe" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\"" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "iTunesHelper"="__\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"__" "Windows Antihacker Service"="C:\\WINDOWS\\SYSTEM32\\DRIVERS\\etc\\LSASS.exe C:\\WINDOWS\\SYSTEM32\\DRIVERS\\etc\\service.exe C:\\WINDOWS\\SYSTEM32\\DRIVERS\\etc\\conf.dll" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" C:\sUBs\aa.txt [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,50,01,00,00,00,00,00,00,40,05,00,00,fc,03,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\ 00,00,01,00,00,00 C:\sUBs\aa.txt C:\sUBs\aa.txt [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] @="" "NoDriveTypeAutoRun"=hex:5f,00,00,00 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] C:\sUBs\aa.txt [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" C:\sUBs\aa.txt C:\sUBs\aa.txt HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MacDrive-iTunes compatibility [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - sysop.job Completion time: 07-01-01 15:48:49.56 C:\ComboFix.txt ... 07-01-01 15:48 This post has been edited by cpzspeeder: Jan 1 2007, 03:21 PM

cpzspeeder View Member Profile	Jan 1 2007, 03:05 PM Post #6
Authentic Member Group: Authentic Member Posts: 20 Joined: 31-December 06 Member No.: 65,877 Operating System: windows xp pro	4......... and my new hijackthislog after runnning through all items Logfile of HijackThis v1.99.1 Scan saved at 15:58, on 07-01-01 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\RPDFLchr.exe C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\Razer\Copperhead\razerhid.exe C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe C:\WINDOWS\CTHELPER.EXE C:\Program Files\Hmonitor\hmonitor.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\SYSTEM32\DRIVERS\etc\service.exe C:\Program Files\ATI Multimedia\main\ATIDtct.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\MacOpener\MacName.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe C:\Program Files\MacOpener\FORMATM.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\No-IP\DUC20.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Razer\Copperhead\razertra.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Razer\Copperhead\razerofa.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\Documents and Settings\sysop\Desktop\hijackthis\HijackThis.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: PopUpCop - {DB43E4E6-FF8A-4018-8C8E-F68587A44A73} - C:\PROGRA~1\PopUpCop\PopUpCop.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [RoboPDF] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\RPDFLchr.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKLM\..\Run: [MDDiskProtect.exe] C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe O4 - HKLM\..\Run: [MediafourGettingStartedWithMacDrive6] "C:\Program Files\Mediafour\MacDrive\MacDrive.exe" /runonce O4 - HKLM\..\Run: [FileSharingRevolution_WhenUSaveNow_Installer] C:\Program Files\FileSharingRevolution_WhenUSaveNow_Installer\FileSharingRevolution_WhenUSaveNow_Installer.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [MacLicense] "C:\Program Files\MacOpener\MacLic.exe" O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\Copperhead\razerhid.exe O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /run O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [hmonitor] C:\Program Files\Hmonitor\hmonitor.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] __"C:\Program Files\iTunes\iTunesHelper.exe"__ O4 - HKLM\..\Run: [Windows Antihacker Service] C:\WINDOWS\SYSTEM32\DRIVERS\etc\LSASS.exe C:\WINDOWS\SYSTEM32\DRIVERS\etc\service.exe C:\WINDOWS\SYSTEM32\DRIVERS\etc\conf.dll O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: MacName.lnk = C:\Program Files\MacOpener\MacName.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open Image in New Window - res://C:\Program Files\PopUpCop\popupcop.dll/imagenew O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1142718420874 O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirel...loadControl.cab O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) - O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Plug-in 1.5.0_09) - O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15026/CTPID.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{51288408-2739-45E9-836A-9ED6B92218D8}: NameServer = 167.206.3.222,167.206.3.221,167.206.245.6 O20 - Winlogon Notify: MacDrive-iTunes compatibility - C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: MacFormatService - Unknown owner - C:\Program Files\MacOpener\FORMATM.EXE" /SERVICE (file missing) O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Neth - Unknown owner - C:\WINDOWS\system32\netid.exe (file missing) O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Program Files\No-IP\DUC20.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Susan528 View Member Profile	Jan 1 2007, 08:53 PM Post #7
SuperMember Group: Authentic Member Posts: 3,194 Joined: 25-May 05 From: L.A. (lower Alabama) Member No.: 33,131 Operating System: Windows XP Pro	Please do the following: Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes. Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder. http://www.ewido.net/en/download/ Install AVG Anti-Spyware by double clicking the installer. Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked. On the main screen under Your Computer's security Click on Change state next to Resident shield. It should now change to inactive. Click on Change state next to Automatic updates. It should now change to inactive. Next to Last Update, click on Update now. (You will need an active internet connection to perform this) Wait until you see the Update succesfull message. Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows. Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes. If you are having problems with the updater, you can use this link to manually update AVG Anti-spyware. AVG Anti-Spyware manual updates. Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update. ______________________________ Reboot your computer in Safe Mode. If the computer is running, shut down Windows, and then turn off the power. Wait 30 seconds, and then turn the computer on. Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again. Ensure that the Safe Mode option is selected. Press Enter. The computer then begins to start in Safe mode. Login on your usual account. ______________________________ Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan. Click on Scanner on the toolbar. Click on the Settings tab. Under How to act? Click on Recommended Action and choose Quarantine from the popup menu. Under How to scan? All checkboxes should be ticked. Under Possibly unwanted software: All checkboxes should be ticked. Under Reports: Select Automatically generate report after every scan and uncheck Only if threats were found. Under What to scan? Select Scan every file. Click on the Scan tab. Click on Complete System Scan to start the scan process. Let the program scan the machine. When the scan has finished, follow the instructions below. IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button. Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2) At the bottom of the window click on the Apply all Actions button. (3) When done, click the Save Scan Report button. (4) Click the Save Report as button. Save the report to your Desktop. Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes. Reboot in Normal Mode. ______________________________ Please post: AVG Anti-spyware log A new HijackThis log Your may need several replies to post the requested logs, otherwise they might get cut off.

cpzspeeder View Member Profile	Jan 2 2007, 08:43 PM Post #8
Authentic Member Group: Authentic Member Posts: 20 Joined: 31-December 06 Member No.: 65,877 Operating System: windows xp pro	QUOTE(Susan528 @ Jan 1 2007, 09:53 PM) [snapback]341613[/snapback] Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2) At the bottom of the window click on the Apply all Actions button. (3) I must have spaced out because i totally forgot to 'quarentine' instead of 'delete' the things AVG found. i clicked apply and it cleaned them all. doh. does this mean i need to run the scan again in safemode to be sure the backdoor didn't somehow reinstall itself? --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 21:12 07-01-02 + Scan result: C:\Program Files\Kazaa Lite\TopSearch.dll -> Adware.Altnet : Cleaned. C:\WINDOWS\system32\drivers\etc\lsass.exe -> Backdoor.Hupigon.hk : Cleaned. I:\backup\utorrent client\EvID4226Patch.exe -> Not-A-Virus.Hacktool.EvID : Ignored. I:\backup\utorrent client\EvID4226Patch223d-en.zip/EvID4226Patch.exe -> Not-A-Virus.Hacktool.EvID : Ignored. C:\Documents and Settings\sysop\Cookies\sysop@2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\sysop\Cookies\sysop@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\sysop\Cookies\sysop@networksolutions.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\sysop\Cookies\sysop@njmvc.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\sysop\Cookies\sysop@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned. C:\Documents and Settings\sysop\Cookies\sysop@redir.adengage[1].txt -> TrackingCookie.Adengage : Cleaned. C:\Documents and Settings\sysop\Cookies\sysop@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned. C:\Documents and Settings\sysop\Cookies\sysop@ad1.clickhype[2].txt -> TrackingCookie.Clickhype : Cleaned. C:\Documents and Settings\sysop\Cookies\sysop@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned. C:\Documents and Settings\sysop\Cookies\sysop@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned. C:\Documents and Settings\sysop\Cookies\sysop@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned. C:\Documents and Settings\sysop\Cookies\sysop@overture[1].txt -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\sysop\Cookies\sysop@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\sysop\Cookies\sysop@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned. C:\Documents and Settings\sysop\Cookies\sysop@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned. C:\Documents and Settings\sysop\Cookies\sysop@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned. C:\Documents and Settings\sysop\Cookies\sysop@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned. C:\Documents and Settings\sysop\Cookies\sysop@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned. C:\Documents and Settings\sysop\Cookies\sysop@trafic[1].txt -> TrackingCookie.Trafic : Cleaned. C:\Documents and Settings\sysop\Cookies\sysop@reduxads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned. C:\Documents and Settings\sysop\Cookies\sysop@free.wegcash[2].txt -> TrackingCookie.Wegcash : Cleaned. ::Report end

cpzspeeder View Member Profile	Jan 2 2007, 08:45 PM Post #9
Authentic Member Group: Authentic Member Posts: 20 Joined: 31-December 06 Member No.: 65,877 Operating System: windows xp pro	here's my post AVG safemode scan, hijackthis log Logfile of HijackThis v1.99.1 Scan saved at 21:21, on 07-01-02 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\RPDFLchr.exe C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\Razer\Copperhead\razerhid.exe C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe C:\WINDOWS\CTHELPER.EXE C:\Program Files\Hmonitor\hmonitor.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\ATI Multimedia\main\ATIDtct.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\MacOpener\MacName.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Symantec\pcAnywhere\awhost32.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe C:\Program Files\MacOpener\FORMATM.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\No-IP\DUC20.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Razer\Copperhead\razertra.exe C:\Program Files\Razer\Copperhead\razerofa.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\sysop\Desktop\hijackthis\HijackThis.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: PopUpCop - {DB43E4E6-FF8A-4018-8C8E-F68587A44A73} - C:\PROGRA~1\PopUpCop\PopUpCop.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [RoboPDF] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\RPDFLchr.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKLM\..\Run: [MDDiskProtect.exe] C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe O4 - HKLM\..\Run: [MediafourGettingStartedWithMacDrive6] "C:\Program Files\Mediafour\MacDrive\MacDrive.exe" /runonce O4 - HKLM\..\Run: [FileSharingRevolution_WhenUSaveNow_Installer] C:\Program Files\FileSharingRevolution_WhenUSaveNow_Installer\FileSharingRevolution_WhenUSaveNow_Installer.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [MacLicense] "C:\Program Files\MacOpener\MacLic.exe" O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\Copperhead\razerhid.exe O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /run O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [hmonitor] C:\Program Files\Hmonitor\hmonitor.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: MacName.lnk = C:\Program Files\MacOpener\MacName.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open Image in New Window - res://C:\Program Files\PopUpCop\popupcop.dll/imagenew O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1142718420874 O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirel...loadControl.cab O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) - O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Plug-in 1.5.0_09) - O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15026/CTPID.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{51288408-2739-45E9-836A-9ED6B92218D8}: NameServer = 167.206.3.222,167.206.3.221,167.206.245.6 O20 - Winlogon Notify: MacDrive-iTunes compatibility - C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: MacFormatService - Unknown owner - C:\Program Files\MacOpener\FORMATM.EXE" /SERVICE (file missing) O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Neth - Unknown owner - C:\WINDOWS\system32\netid.exe (file missing) O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Program Files\No-IP\DUC20.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Susan528 View Member Profile	Jan 2 2007, 09:45 PM Post #10
SuperMember Group: Authentic Member Posts: 3,194 Joined: 25-May 05 From: L.A. (lower Alabama) Member No.: 33,131 Operating System: Windows XP Pro	Follow the following instructions for removing Adware WhenUSaveNow http://ca.answers.yahoo.com/question/index...19064016AAaYyCz Disable TeaTimer: Please disable TeaTimer as it may hinder the removal of some entries. You can re-enable it after you're clean.To disable TeaTimer: Run Spybot-S&D Go to the Mode menu , and make sure "Advanced Mode " is selected On the left hand side, choose Tools -> Resident Uncheck "Resident TeaTimer " and OK any prompts Restart your computer. After all of the fixes are complete it is very important that you enable TeaTimer again. Updating Java Download the latest version of Java Runtime Environment (JRE) 6.0. Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications". Click the "Download" button to the right. Check the box that says: "Accept License Agreement". The page will refresh. Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version. Please set your system to show all files; please see here if you're unsure how to do this. Scan with HijackThis. Place a check against each of the following: O4 - HKLM\..\Run: [FileSharingRevolution_WhenUSaveNow_Installer] C:\Program Files\FileSharingRevolution_WhenUSaveNow_Installer\FileSharingRevolution_WhenUSaveNow_Installer.exe O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) - O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Plug-in 1.5.0_09) - Close all windows or browsers except for Hijackthis. Click on Fix Checked when finished and exit HijackThis. Reboot into Safe Mode: please see here if you are not sure how to do this. Using Windows Explorer, locate the following files/folders, and delete them: C:\Program Files\FileSharingRevolution_WhenUSaveNow_Installer\<=folder Exit Explorer, and reboot as normal afterwards. Post (reply) with a fresh HijackThis log and we will take another look. How is your computer running now?

cpzspeeder View Member Profile	Jan 3 2007, 12:03 AM Post #11
Authentic Member Group: Authentic Member Posts: 20 Joined: 31-December 06 Member No.: 65,877 Operating System: windows xp pro	gettin better with each pass thank you vm. here's that log you wanted Logfile of HijackThis v1.99.1 Scan saved at 12:53:51 AM, on 07-01-03 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\RPDFLchr.exe C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\Razer\Copperhead\razerhid.exe C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe C:\WINDOWS\CTHELPER.EXE C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Program Files\ATI Multimedia\main\ATIDtct.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MacOpener\MacName.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Symantec\pcAnywhere\awhost32.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\MacOpener\FORMATM.EXE C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe C:\Program Files\No-IP\DUC20.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Razer\Copperhead\razertra.exe C:\Program Files\Razer\Copperhead\razerofa.exe C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Documents and Settings\sysop\Desktop\hijackthis\HijackThis.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: PopUpCop - {DB43E4E6-FF8A-4018-8C8E-F68587A44A73} - C:\PROGRA~1\PopUpCop\PopUpCop.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [RoboPDF] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\RPDFLchr.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKLM\..\Run: [MDDiskProtect.exe] C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe O4 - HKLM\..\Run: [MediafourGettingStartedWithMacDrive6] "C:\Program Files\Mediafour\MacDrive\MacDrive.exe" /runonce O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [MacLicense] "C:\Program Files\MacOpener\MacLic.exe" O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\Copperhead\razerhid.exe O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKLM\..\Run: [FileSharingRevolution_WhenUSaveNow_Installer] C:\Program Files\FileSharingRevolution_WhenUSaveNow_Installer\FileSharingRevolution_WhenUSaveNow_Installer.exe O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: MacName.lnk = C:\Program Files\MacOpener\MacName.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open Image in New Window - res://C:\Program Files\PopUpCop\popupcop.dll/imagenew O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} - O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1142718420874 O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirel...loadControl.cab O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) - O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Plug-in 1.5.0_09) - O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) - O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15026/CTPID.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{51288408-2739-45E9-836A-9ED6B92218D8}: NameServer = 167.206.3.222,167.206.3.221,167.206.245.6 O20 - Winlogon Notify: MacDrive-iTunes compatibility - C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: MacFormatService - Unknown owner - C:\Program Files\MacOpener\FORMATM.EXE" /SERVICE (file missing) O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Neth - Unknown owner - C:\WINDOWS\system32\netid.exe (file missing) O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Program Files\No-IP\DUC20.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Susan528 View Member Profile	Jan 3 2007, 11:08 AM Post #12
SuperMember Group: Authentic Member Posts: 3,194 Joined: 25-May 05 From: L.A. (lower Alabama) Member No.: 33,131 Operating System: Windows XP Pro	Your hijackthis log appears to be clean except for some incomplete harmless entries that were not deleted. Please do the following: STEP 1. ====== Regscan Please download RegScan. Within RegScan.zip you will find the file regscan.vbs You may have to allow this script to run or disable anti-spyware again in order for it to run. A window will open titled RegFinder.vbs and you will see place to input search terms. Please enter the search terms: 200B3EE9-7242-4EFD-B1E4-D97EE825BA53 After the search has completed a window titled Results.txt will open. Please copy the results and post(reply) back. Please repeat the above with the following search terms: CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA This post has been edited by Susan528: Jan 3 2007, 11:08 AM

cpzspeeder View Member Profile	Jan 3 2007, 09:17 PM Post #13
Authentic Member Group: Authentic Member Posts: 20 Joined: 31-December 06 Member No.: 65,877 Operating System: windows xp pro	Howdy, thanks for hangin in there. here's the info you requested 200B3EE9-7242-4EFD-B1E4-D97EE825BA53 Windows Registry Editor Version 5.00 ; Regscan.vbs Version: 1.2 by rand1038 ; 07-01-03 09:55:56 PM ; Search Term(s) Used: "200B3EE9-7242-4EFD-B1E4-D97EE825BA53" ; 7 matches were found. ; The search took 1 minute and 21 seconds. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{200B3EE9-7242-4EFD-B1E4-D97EE825BA53}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{200B3EE9-7242-4EFD-B1E4-D97EE825BA53}\Contains] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{200B3EE9-7242-4EFD-B1E4-D97EE825BA53}\Contains\Files] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{200B3EE9-7242-4EFD-B1E4-D97EE825BA53}\DownloadInformation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{200B3EE9-7242-4EFD-B1E4-D97EE825BA53}\InstalledVersion] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/hpobjinstaller_gmn.dll] ".Owner"="{200B3EE9-7242-4EFD-B1E4-D97EE825BA53}" "{200B3EE9-7242-4EFD-B1E4-D97EE825BA53}"="" CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA Windows Registry Editor Version 5.00 ; Regscan.vbs Version: 1.2 by rand1038 ; 07-01-03 09:57:49 PM ; Search Term(s) Used: "CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA" ; 11 matches were found. ; The search took 57 seconds. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\Contains] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\DownloadInformation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\InstalledVersion] [HKEY_USERS\S-1-5-21-1202660629-1383384898-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}] [HKEY_USERS\S-1-5-21-1202660629-1383384898-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\InprocServer32] [HKEY_USERS\S-1-5-21-1202660629-1383384898-725345543-1003\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}] [HKEY_USERS\S-1-5-21-1202660629-1383384898-725345543-1003\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\InprocServer32] [HKEY_USERS\S-1-5-21-1202660629-1383384898-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}] [HKEY_USERS\S-1-5-21-1202660629-1383384898-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\InprocServer32] CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA Windows Registry Editor Version 5.00 ; Regscan.vbs Version: 1.2 by rand1038 ; 07-01-03 09:59:19 PM ; Search Term(s) Used: "CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA" ; 9 matches were found. ; The search took 56 seconds. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\Contains] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\DownloadInformation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\InstalledVersion] [HKEY_USERS\S-1-5-21-1202660629-1383384898-725345543-1003\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}] [HKEY_USERS\S-1-5-21-1202660629-1383384898-725345543-1003\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\InprocServer32] [HKEY_USERS\S-1-5-21-1202660629-1383384898-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}] [HKEY_USERS\S-1-5-21-1202660629-1383384898-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\InprocServer32] CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA Windows Registry Editor Version 5.00 ; Regscan.vbs Version: 1.2 by rand1038 ; 07-01-03 10:04:50 PM ; Search Term(s) Used: "CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA" ; 9 matches were found. ; The search took 56 seconds. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\Contains] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\DownloadInformation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\InstalledVersion] [HKEY_USERS\S-1-5-21-1202660629-1383384898-725345543-1003\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}] [HKEY_USERS\S-1-5-21-1202660629-1383384898-725345543-1003\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\InprocServer32] [HKEY_USERS\S-1-5-21-1202660629-1383384898-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}] [HKEY_USERS\S-1-5-21-1202660629-1383384898-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\InprocServer32]

cpzspeeder View Member Profile	Jan 5 2007, 11:19 AM Post #14
Authentic Member Group: Authentic Member Posts: 20 Joined: 31-December 06 Member No.: 65,877 Operating System: windows xp pro	Hi again Susan528, Just wondering what to do about the results posted above awaiting your helpful advice

Susan528 View Member Profile	Jan 5 2007, 04:37 PM Post #15
SuperMember Group: Authentic Member Posts: 3,194 Joined: 25-May 05 From: L.A. (lower Alabama) Member No.: 33,131 Operating System: Windows XP Pro	I am sorry. I am seeking some advice on this one. The entries in the hijackthis log are incomplete and not harmful but I am not sure about what registy entries to delete in order to eliminate them from the hijackthis log.

« Next Oldest · Virus, Spyware & Malware Removal · Next Newest »

3 Pages

1 2 3 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies	Topic Starter	Views	Last Action
Virus, Spyware & Malware Removal Strange Processes	5	nubcake	1,188	12th June 2004 - 08:48 AM Last post by: Daemon
Virus, Spyware & Malware Removal Suspicious Hits In Google Search Results	6	beach..	1,677	15th September 2004 - 05:35 AM Last post by: ChrisRLG
Virus, Spyware & Malware Removal Running Processes Hijack This Log	5	skick	1,802	25th December 2004 - 01:52 PM Last post by: little eagle
Virus, Spyware & Malware Removal Pop Ups And Malicious Processes 123	32	mpmccarty	1,960	27th November 2004 - 07:30 AM Last post by: Daemon
Virus, Spyware & Malware Removal Multiple Bogus Processes At Start-up	4	sharkey21	1,854	11th December 2004 - 05:24 PM Last post by: Micah_6:8