[Resolved] I think i have a problem (win32/virut)

Welcome Guest to What the Tech! ( Log In | Register ) • We clean malware from computers for free, and answer tech questions for fun.
• It's fast, friendly and 100% free! • Register Now • Spyware, Virus, Trojan, Rootkit? Read this before posting • Learn how it works

What the Tech > Spyware / Malware / Virus Removal > Virus, Spyware & Malware Removal

[Resolved] I think i have a problem (win32/virut)

Options

ozzieoutlaw View Member Profile	Nov 1 2007, 05:00 PM Post #1
New Member Group: Authentic Member Posts: 16 Joined: 28-October 07 From: Victoria Australia Member No.: 73,859 Operating System: windows xp	Hi...My AVG has started intermittently bringing up "found virus" windows. It appears to be systematically going through all my programs and finding "win32/virut" below please find my HJT log for perusal. Any and all help greatly appreciated Regards Doug Logfile of HijackThis v1.99.1 Scan saved at 9:53:45 AM, on 2/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\GlobLink\GlobLink RF PS2-USB Keyboard V1.2\GLRFKB.EXE C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\TomTom HOME\TomTomHOME.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\NudgeMania\NudgeMania.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Paltalk Messenger\palstart.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\windows\system32\rlvknlg.exe C:\DOCUME~1\Duggy\LOCALS~1\Temp\nsy3.tmp\NM.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgvv.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Hijackthis\HijackThis.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [EPSON Stylus Photo R310 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3F2.EXE /P30 "EPSON Stylus Photo R310 Series" /O6 "USB001" /M "Stylus Photo R310" O4 - HKLM\..\Run: [GLRFKB.EXE] "C:\Program Files\GlobLink\GlobLink RF PS2-USB Keyboard V1.2\GLRFKB.EXE" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [PCTVRemote] C:\Program Files\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [NudgeMania] C:\Program Files\NudgeMania\NudgeMania.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: PalStart.lnk = C:\Program Files\Paltalk Messenger\palstart.exe O4 - Global Startup: Pinnacle Scheduler.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O17 - HKLM\System\CCS\Services\Tcpip\..\{B1CB62B8-1450-497E-88C5-DC72037B670A}: NameServer = 192.168.1.254 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

LDTate View Member Profile	Nov 1 2007, 05:15 PM Post #2
Forum God Group: Root Admin Posts: 55,838 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	Hello and Welcome to the forum. I'm not seeing the normal infected files that come with some "win32/virut" infections which is very good. Usually the only way to remove it is to reformat. I can't promise to totally clean your PC, but lets give it a go. The infection you have can cause you to lose your internet connection. If you lose your internet connection, just run lspfix again. Start the program and then check the I know what I'm doing box. First: Download LSPfix here: http://www.cexx.org/lspfix.htm Start the program and then check the I know what I'm doing box. Move all instances of 'rlls.dll' (and nothing else), to the Remove pane. Click the Finish Button and reboot. Find and delete the file c:\windows\system32\rlls.dll Next: Please download ATF Cleaner by Atribune. Download - ATF Cleaner» Or from here: http://www.snapfiles.com/get/atfcleaner.html Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. (If you use FireFox or the Opera browser To keep saved passwords, click No at the prompt.) It's normal after running ATF cleaner that the PC will be slower to boot the first time. Reboot and "copy/paste" a new HijackThis log file into this thread. Also please describe how your computer behaves at the moment.

ozzieoutlaw View Member Profile	Nov 1 2007, 06:51 PM Post #3
New Member Group: Authentic Member Posts: 16 Joined: 28-October 07 From: Victoria Australia Member No.: 73,859 Operating System: windows xp	Hi and thanx for your response i have done as asked and below is new HJT log. Computer seems to be running ok although it was only bringing up errors sayevery two hours but i have confidence is better regards Doug Logfile of HijackThis v1.99.1 Scan saved at 11:46:52 AM, on 2/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\Program Files\GlobLink\GlobLink RF PS2-USB Keyboard V1.2\GLRFKB.EXE C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe C:\Program Files\TomTom HOME\TomTomHOME.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\NudgeMania\NudgeMania.exe C:\DOCUME~1\Duggy\LOCALS~1\Temp\nsp3.tmp\NM.exe C:\Program Files\Paltalk Messenger\palstart.exe C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Hijackthis\HijackThis.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [EPSON Stylus Photo R310 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3F2.EXE /P30 "EPSON Stylus Photo R310 Series" /O6 "USB001" /M "Stylus Photo R310" O4 - HKLM\..\Run: [GLRFKB.EXE] "C:\Program Files\GlobLink\GlobLink RF PS2-USB Keyboard V1.2\GLRFKB.EXE" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [PCTVRemote] C:\Program Files\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [NudgeMania] C:\Program Files\NudgeMania\NudgeMania.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: PalStart.lnk = C:\Program Files\Paltalk Messenger\palstart.exe O4 - Global Startup: Pinnacle Scheduler.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O17 - HKLM\System\CCS\Services\Tcpip\..\{B1CB62B8-1450-497E-88C5-DC72037B670A}: NameServer = 192.168.1.254 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

LDTate View Member Profile	Nov 1 2007, 06:58 PM Post #4
Forum God Group: Root Admin Posts: 55,838 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	I suggest you do this: Double-click My Computer. Click the Tools menu, and then click Folder Options. Click the View tab. Clear "Hide file extensions for known file types." Under the "Hidden files" folder, select "Show hidden files and folders." Clear "Hide protected operating system files." Click Apply, and then click OK. Please do not delete anything unless instructed to. Next: Please download ATF Cleaner by Atribune. Download - ATF Cleaner» Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. (If you use FireFox or the Opera browser To keep saved passwords, click No at the prompt.) It's normal after running ATF cleaner that the PC will be slower to boot the first time. Next: Download ComboFix from Here to your Desktop. Double click combofix.exe and follow the prompts. When finished, it shall produce a log for you, combofix.txt. Post that log and a HiJackthis log in your next reply Note: Do not mouseclick while its running. That may cause it to stall

ozzieoutlaw View Member Profile	Nov 1 2007, 08:57 PM Post #5
New Member Group: Authentic Member Posts: 16 Joined: 28-October 07 From: Victoria Australia Member No.: 73,859 Operating System: windows xp	hi again done as requested please find new HJT log and CF log. Regards Doug ComboFix 07-11-01.1 - Duggy 2007-11-02 13:41:43.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.194 [GMT 11:00] Running from: C:\Documents and Settings\Duggy\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Duggy\Application Data\macromedia\Flash Player\#SharedObjects\7PKYEAZF\www.broadcaster.com C:\Documents and Settings\Duggy\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com C:\Documents and Settings\Duggy\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol C:\WINDOWS\system32\ldpackage.dll C:\WINDOWS\system32\model.dat C:\WINDOWS\system32\rlvknlg.exe C:\WINDOWS\system32\rlxf.dll C:\WINDOWS\system32\silc_dll.dll . ((((((((((((((((((((((((( Files Created from 2007-10-02 to 2007-11-02 ))))))))))))))))))))))))))))))) . 2007-11-02 13:41 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-30 10:22 <DIR> d-------- C:\Program Files\Google 2007-10-30 09:08 712,704 --a------ C:\WINDOWS\system32\rlph.dll 2007-10-28 07:16 1,358,156 --a------ C:\WINDOWS\system32\silc.dat 2007-10-16 08:42 <DIR> d-------- C:\WINDOWS\Downloaded Installations 2007-10-11 17:36 <DIR> d-------- C:\Program Files\MSN Messenger 2007-10-11 17:32 <DIR> d-------- C:\WINDOWS\SxsCaPendDel 2007-10-11 17:27 <DIR> d-------- C:\Program Files\Windows Journal Viewer 2007-10-09 04:00 <DIR> d-------- C:\Program Files\MSXML 4.0 2007-10-08 22:03 8,464 --a------ C:\WINDOWS\system32\sporder.dll 2007-10-08 21:54 <DIR> d-------- C:\Program Files\NudgeMania 2007-10-07 12:11 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys 2007-10-07 12:11 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys 2007-10-07 12:05 <DIR> d-------- C:\Program Files\Common Files\FotoWire 2007-10-07 12:05 <DIR> d-------- C:\Documents and Settings\Duggy\Application Data\FotoWire 2007-10-07 12:03 471,232 --a------ C:\WINDOWS\system32\drivers\lvcm.sys 2007-10-07 12:03 372,736 --a------ C:\WINDOWS\system32\LVUI2RC.dll 2007-10-07 12:03 208,896 --a------ C:\WINDOWS\system32\LVCodec2.dll 2007-10-07 12:03 204,800 --a------ C:\WINDOWS\system32\LVUI2.dll 2007-10-07 12:03 106,496 --a------ C:\WINDOWS\system32\lvcoinst.dll 2007-10-07 12:03 53,248 -ra------ C:\WINDOWS\system32\InstMed.exe 2007-10-07 12:03 19,968 --a------ C:\WINDOWS\system32\drivers\LVUSBSta.sys 2007-10-07 12:02 81,920 -r------- C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe 2007-10-07 07:56 <DIR> d-------- C:\Documents and Settings\Duggy\Contacts 2007-10-07 07:54 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-01 22:45 --------- d-----w C:\Documents and Settings\Duggy\Application Data\AVG7 2007-11-01 20:16 --------- d-----w C:\Program Files\uTorrent 2007-10-30 22:29 --------- d-----w C:\Program Files\DVDFab HD Decrypter 3 2007-10-30 22:29 --------- d-----w C:\Program Files\DVD Shrink 2007-10-30 22:28 --------- d-----w C:\Program Files\DVD Decrypter 2007-10-29 23:40 --------- d-----w C:\Program Files\Java 2007-10-29 22:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7 2007-10-23 00:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2007-10-22 02:38 --------- d-----w C:\Documents and Settings\Duggy\Application Data\dvdcss 2007-10-15 21:46 --------- d-----w C:\Program Files\Common Files\Adobe 2007-10-07 01:05 --------- d-----w C:\Program Files\Logitech 2007-10-07 01:03 --------- d-----w C:\Program Files\Common Files\Logitech 2007-10-07 01:02 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-10-04 03:38 --------- d-----w C:\Documents and Settings\Duggy\Application Data\Vso 2007-09-23 02:10 --------- d-----w C:\Documents and Settings\Duggy\Application Data\LimeWire 2007-09-19 20:49 --------- d-----w C:\Program Files\EPSON Print CD 2007-09-14 22:44 22,384 ----a-w C:\Documents and Settings\Duggy\Application Data\GDIPFONTCACHEV1.DAT 2007-05-12 00:47 87,608 ----a-w C:\Documents and Settings\Duggy\Application Data\ezpinst.exe 2007-05-12 00:47 47,360 ----a-w C:\Documents and Settings\Duggy\Application Data\pcouffin.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2005-02-23 21:13 C:\WINDOWS\SOUNDMAN.EXE] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-05 13:35] "HydraVisionDesktopManager"="C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe" [2003-04-01 17:41] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-30 09:19] "EPSON Stylus Photo R310 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3F2.exe" [2003-09-11 14:00] "GLRFKB.EXE"="C:\Program Files\GlobLink\GlobLink RF PS2-USB Keyboard V1.2\GLRFKB.EXE" [2001-09-24 22:40] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40] "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2006-03-23 18:06] "PCTVRemote"="C:\Program Files\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe" [2002-10-11 15:40] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35] "TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2007-03-14 17:52] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-05-21 20:11] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-06-01 12:09] "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-06-01 12:03] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 12:09] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:07] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54] "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-06-01 21:46] "NudgeMania"="C:\Program Files\NudgeMania\NudgeMania.exe" [2007-02-26 03:08] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-10-07 12:03:01] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04] PalStart.lnk - C:\Program Files\Paltalk Messenger\palstart.exe [2007-05-04 09:35:48] Pinnacle Scheduler.lnk - C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe [2007-06-16 11:05:31] R0 iteraid;ITERAID_Service_Install;C:\WINDOWS\system32\DRIVERS\iteraid.sys R0 SI3112r;Silicon Image SiI 3512 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys R3 pctvvbi;PCTVVBI;C:\WINDOWS\system32\DRIVERS\pctvvbi.sys R3 VKGLRF;GlobLink PS2 RF Keyboard;C:\WINDOWS\system32\drivers\vkglrf.sys R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys S3 LGKFTR;GlobLink USB RF Keyboard;C:\WINDOWS\system32\drivers\lgkftr.sys S3 UGKFTR;GlobLink USB RF Keyboard Control;C:\WINDOWS\system32\drivers\ugkftr.sys S3 WmFilter;Logitech WingMan HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys S3 WmHidLo;Logitech WingMan USB Filter Driver;C:\WINDOWS\system32\drivers\WmHidLo.sys S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db55a2e6-3439-11dc-8844-000d6169f051}] \Shell\AutoRun\command - G:\InstallTomTomHOME.exe . ************************************************************************ catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-02 13:46:04 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2007-11-02 13:49:41 - machine was rebooted . --- E O F --- Logfile of HijackThis v1.99.1 Scan saved at 1:54:35 PM, on 2/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\GlobLink\GlobLink RF PS2-USB Keyboard V1.2\GLRFKB.EXE C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe C:\Program Files\TomTom HOME\TomTomHOME.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\NudgeMania\NudgeMania.exe C:\Program Files\Paltalk Messenger\palstart.exe C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe C:\DOCUME~1\Duggy\LOCALS~1\Temp\nsj5.tmp\NM.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Hijackthis\HijackThis.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [EPSON Stylus Photo R310 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3F2.EXE /P30 "EPSON Stylus Photo R310 Series" /O6 "USB001" /M "Stylus Photo R310" O4 - HKLM\..\Run: [GLRFKB.EXE] "C:\Program Files\GlobLink\GlobLink RF PS2-USB Keyboard V1.2\GLRFKB.EXE" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [PCTVRemote] C:\Program Files\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [NudgeMania] C:\Program Files\NudgeMania\NudgeMania.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: PalStart.lnk = C:\Program Files\Paltalk Messenger\palstart.exe O4 - Global Startup: Pinnacle Scheduler.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O17 - HKLM\System\CCS\Services\Tcpip\..\{B1CB62B8-1450-497E-88C5-DC72037B670A}: NameServer = 192.168.1.254 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

LDTate View Member Profile	Nov 2 2007, 03:43 PM Post #6
Forum God Group: Root Admin Posts: 55,838 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	Open notepad and copy/paste the text in the quotebox below into it: QUOTE File:: C:\WINDOWS\system32\rlph.dll C:\Program Files\Paltalk Messenger\palstart.exe Folder:: C:\Program Files\Paltalk Messenger Save this as Save this as "CFScript" Refering to the picture above, drag CFScript.txt into ComboFix.exe Then post the results log and a new HijackThis log.

ozzieoutlaw View Member Profile	Nov 2 2007, 05:40 PM Post #7
New Member Group: Authentic Member Posts: 16 Joined: 28-October 07 From: Victoria Australia Member No.: 73,859 Operating System: windows xp	Good morning....done as asked just before finishing i recieved the following. "sed.cfexe has encountered a problem and needs to close" also it appears we have deleted my "paltalk" program ??? anyway here is the latest cfix and hjt logs. Regards Doug ComboFix 07-11-01.1 - Duggy 2007-11-03 9:42:46.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.203 [GMT 11:00] Running from: C:\Documents and Settings\Duggy\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Duggy\Desktop\CFScript.txt * Created a new restore point FILE:: C:\Program Files\Paltalk Messenger\palstart.exe C:\WINDOWS\system32\rlph.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\Paltalk Messenger C:\Program Files\Paltalk Messenger\AviFileCtrl.dll C:\Program Files\Paltalk Messenger\ctrlkey.dll C:\Program Files\Paltalk Messenger\CustomScrollRT.dll C:\Program Files\Paltalk Messenger\eFax3.ico C:\Program Files\Paltalk Messenger\ELVideoCapture.dll C:\Program Files\Paltalk Messenger\freeby.txt C:\Program Files\Paltalk Messenger\from jo.txt C:\Program Files\Paltalk Messenger\from jo2.txt C:\Program Files\Paltalk Messenger\ftpclient.dll C:\Program Files\Paltalk Messenger\gsmproj.dll C:\Program Files\Paltalk Messenger\ijl11.dll C:\Program Files\Paltalk Messenger\IRIMG1.JPG C:\Program Files\Paltalk Messenger\IRIMG2.JPG C:\Program Files\Paltalk Messenger\IRIMG3.JPG C:\Program Files\Paltalk Messenger\IRIMG4.JPG C:\Program Files\Paltalk Messenger\irunin.dat C:\Program Files\Paltalk Messenger\irunin.xml C:\Program Files\Paltalk Messenger\License.doc C:\Program Files\Paltalk Messenger\License.txt C:\Program Files\Paltalk Messenger\pallauncher.dll C:\Program Files\Paltalk Messenger\palsound.dll C:\Program Files\Paltalk Messenger\palstart.exe C:\Program Files\Paltalk Messenger\paltalk.exe C:\Program Files\Paltalk Messenger\PalTextCtl.dll C:\Program Files\Paltalk Messenger\ReceivedFiles\brq.txt C:\Program Files\Paltalk Messenger\reminder.txt C:\Program Files\Paltalk Messenger\shfolder.dll C:\Program Files\Paltalk Messenger\spexproj.dll C:\Program Files\Paltalk Messenger\upgrade.ico C:\Program Files\Paltalk Messenger\WebVideo.dll C:\Program Files\Paltalk Messenger\welcome.avi C:\WINDOWS\system32\rlph.dll . ((((((((((((((((((((((((( Files Created from 2007-10-02 to 2007-11-02 ))))))))))))))))))))))))))))))) . 2007-11-02 15:17 <DIR> d-------- C:\WINDOWS\Sun 2007-11-02 13:41 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-30 10:22 <DIR> d-------- C:\Program Files\Google 2007-10-28 07:16 1,358,156 --a------ C:\WINDOWS\system32\silc.dat 2007-10-16 08:42 <DIR> d-------- C:\WINDOWS\Downloaded Installations 2007-10-11 17:36 <DIR> d-------- C:\Program Files\MSN Messenger 2007-10-11 17:32 <DIR> d-------- C:\WINDOWS\SxsCaPendDel 2007-10-11 17:27 <DIR> d-------- C:\Program Files\Windows Journal Viewer 2007-10-09 04:00 <DIR> d-------- C:\Program Files\MSXML 4.0 2007-10-08 22:03 8,464 --a------ C:\WINDOWS\system32\sporder.dll 2007-10-08 21:54 <DIR> d-------- C:\Program Files\NudgeMania 2007-10-07 12:11 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys 2007-10-07 12:11 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys 2007-10-07 12:05 <DIR> d-------- C:\Program Files\Common Files\FotoWire 2007-10-07 12:05 <DIR> d-------- C:\Documents and Settings\Duggy\Application Data\FotoWire 2007-10-07 12:03 471,232 --a------ C:\WINDOWS\system32\drivers\lvcm.sys 2007-10-07 12:03 372,736 --a------ C:\WINDOWS\system32\LVUI2RC.dll 2007-10-07 12:03 208,896 --a------ C:\WINDOWS\system32\LVCodec2.dll 2007-10-07 12:03 204,800 --a------ C:\WINDOWS\system32\LVUI2.dll 2007-10-07 12:03 106,496 --a------ C:\WINDOWS\system32\lvcoinst.dll 2007-10-07 12:03 53,248 -ra------ C:\WINDOWS\system32\InstMed.exe 2007-10-07 12:03 19,968 --a------ C:\WINDOWS\system32\drivers\LVUSBSta.sys 2007-10-07 12:02 81,920 -r------- C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe 2007-10-07 07:56 <DIR> d-------- C:\Documents and Settings\Duggy\Contacts 2007-10-07 07:54 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-02 10:01 --------- d-----w C:\Program Files\uTorrent 2007-11-01 22:45 --------- d-----w C:\Documents and Settings\Duggy\Application Data\AVG7 2007-10-30 22:29 --------- d-----w C:\Program Files\DVDFab HD Decrypter 3 2007-10-30 22:29 --------- d-----w C:\Program Files\DVD Shrink 2007-10-30 22:28 --------- d-----w C:\Program Files\DVD Decrypter 2007-10-29 23:40 --------- d-----w C:\Program Files\Java 2007-10-29 22:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7 2007-10-23 00:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2007-10-22 02:38 --------- d-----w C:\Documents and Settings\Duggy\Application Data\dvdcss 2007-10-15 21:46 --------- d-----w C:\Program Files\Common Files\Adobe 2007-10-07 01:05 --------- d-----w C:\Program Files\Logitech 2007-10-07 01:03 --------- d-----w C:\Program Files\Common Files\Logitech 2007-10-07 01:02 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-10-04 03:38 --------- d-----w C:\Documents and Settings\Duggy\Application Data\Vso 2007-09-23 02:10 --------- d-----w C:\Documents and Settings\Duggy\Application Data\LimeWire 2007-09-19 20:49 --------- d-----w C:\Program Files\EPSON Print CD 2007-09-14 22:44 22,384 ----a-w C:\Documents and Settings\Duggy\Application Data\GDIPFONTCACHEV1.DAT 2007-05-12 00:47 87,608 ----a-w C:\Documents and Settings\Duggy\Application Data\ezpinst.exe 2007-05-12 00:47 47,360 ----a-w C:\Documents and Settings\Duggy\Application Data\pcouffin.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2005-02-23 21:13 C:\WINDOWS\SOUNDMAN.EXE] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-05 13:35] "HydraVisionDesktopManager"="C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe" [2003-04-01 17:41] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-30 09:19] "EPSON Stylus Photo R310 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3F2.exe" [2003-09-11 14:00] "GLRFKB.EXE"="C:\Program Files\GlobLink\GlobLink RF PS2-USB Keyboard V1.2\GLRFKB.EXE" [2001-09-24 22:40] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40] "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2006-03-23 18:06] "PCTVRemote"="C:\Program Files\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe" [2002-10-11 15:40] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35] "TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2007-03-14 17:52] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-05-21 20:11] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-06-01 12:09] "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-06-01 12:03] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 12:09] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:07] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54] "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-06-01 21:46] "NudgeMania"="C:\Program Files\NudgeMania\NudgeMania.exe" [2007-02-26 03:08] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-10-07 12:03:01] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04] PalStart.lnk - C:\qoobox\Quarantine\C\Program Files\Paltalk Messenger\palstart.exe.vir [2007-05-04 09:35:48] Pinnacle Scheduler.lnk - C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe [2007-06-16 11:05:31] R0 iteraid;ITERAID_Service_Install;C:\WINDOWS\system32\DRIVERS\iteraid.sys R0 SI3112r;Silicon Image SiI 3512 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys R3 pctvvbi;PCTVVBI;C:\WINDOWS\system32\DRIVERS\pctvvbi.sys R3 VKGLRF;GlobLink PS2 RF Keyboard;C:\WINDOWS\system32\drivers\vkglrf.sys R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys S3 LGKFTR;GlobLink USB RF Keyboard;C:\WINDOWS\system32\drivers\lgkftr.sys S3 UGKFTR;GlobLink USB RF Keyboard Control;C:\WINDOWS\system32\drivers\ugkftr.sys S3 WmFilter;Logitech WingMan HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys S3 WmHidLo;Logitech WingMan USB Filter Driver;C:\WINDOWS\system32\drivers\WmHidLo.sys S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db55a2e6-3439-11dc-8844-000d6169f051}] \Shell\AutoRun\command - G:\InstallTomTomHOME.exe . ************************************************************************ catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-03 09:47:11 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2007-11-03 10:32:21 - machine was rebooted C:\ComboFix2.txt ... 2007-11-02 13:49 . --- E O F --- Logfile of HijackThis v1.99.1 Scan saved at 10:37:19 AM, on 3/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\GlobLink\GlobLink RF PS2-USB Keyboard V1.2\GLRFKB.EXE C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\TomTom HOME\TomTomHOME.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\NudgeMania\NudgeMania.exe C:\DOCUME~1\Duggy\LOCALS~1\Temp\nsn4.tmp\NM.exe C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Hijackthis\HijackThis.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [EPSON Stylus Photo R310 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3F2.EXE /P30 "EPSON Stylus Photo R310 Series" /O6 "USB001" /M "Stylus Photo R310" O4 - HKLM\..\Run: [GLRFKB.EXE] "C:\Program Files\GlobLink\GlobLink RF PS2-USB Keyboard V1.2\GLRFKB.EXE" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [PCTVRemote] C:\Program Files\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [NudgeMania] C:\Program Files\NudgeMania\NudgeMania.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: PalStart.lnk = C:\qoobox\Quarantine\C\Program Files\Paltalk Messenger\palstart.exe.vir O4 - Global Startup: Pinnacle Scheduler.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O17 - HKLM\System\CCS\Services\Tcpip\..\{B1CB62B8-1450-497E-88C5-DC72037B670A}: NameServer = 192.168.1.254 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

LDTate View Member Profile	Nov 2 2007, 05:51 PM Post #8
Forum God Group: Root Admin Posts: 55,838 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	QUOTE http://www.superadblocker.com/definition/palstart/ Description of PALSTART.EXE PalTalk is an IM client that is advertising supported. It may not be harmful to have on your computer, but it will serve various types of advertising. Adware applications, toolbars and browser extensions may serve advertisements even while you are not surfing the Internet. This application may serve various types of advertising, not limited to pop-up ads. QUOTE http://www.softwaretipsandtricks.com/dange...alstartexe.html Palstart.exe is Trojan/Backdoor. Kill the process palstart.exe and remove palstart.exe from Windows startup. Click START then RUN Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there. If shown the disclaimer, Select "2" Reboot and also please describe how your computer behaves at the moment.

ozzieoutlaw View Member Profile	Nov 2 2007, 06:06 PM Post #9
New Member Group: Authentic Member Posts: 16 Joined: 28-October 07 From: Victoria Australia Member No.: 73,859 Operating System: windows xp	Hi...Done the uninstall..rebooted seems ok but i was wondering about one thing, when closing down the following appears. "end program CCC.EXE" do you know what ccc is please. otherwise thanks for all your help i greatly appreciate it. Regards Doug

LDTate View Member Profile	Nov 2 2007, 06:21 PM Post #10
Forum God Group: Root Admin Posts: 55,838 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	ATI Catalyst Control Centre. http://www.pro-networks.org/forum/about91247.html Look for updates for your ATI video card. Do this before anything else: Here's my usual all clean post Log looks good You need to create a new Clean restore point. Note: This will remove all previous Restore Points Turn off System Restore: On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. Check Turn off System Restore. Click Apply, and then click OK. Restart your computer, turn it back on. On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. Remove the Check Turn off System Restore. Click Apply, and then click OK. Double-click My Computer. Click the Tools menu, and then click Folder Options. Click the View tab. Check "Hide file extensions for known file types." Under the "Hidden files" folder, Uncheck "Show hidden files and folders." Check "Hide protected operating system files." Click Apply, and then click OK. Make your Internet Explorer more secure - This can be done by following these simple instructions: From within Internet Explorer click on the Tools menu and then click on Options. Click once on the Security tab Click once on the Internet icon so it becomes highlighted. Click once on the Custom Level button. Change the Download signed ActiveX controls to Prompt Change the Download unsigned ActiveX controls to Disable Change the Initialize and script ActiveX controls not marked as safe to Disable Change the Installation of desktop items to Prompt Change the Launching programs and files in an IFRAME to Prompt Change the Navigate sub-frames across different domains to Prompt When all these settings have been made, click on the OK button. If it prompts you as to whether or not you want to save the settings, press the Yes button. Next press the Apply button and then the OK to exit the Internet Properties page. Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly. For a tutorial on Firewalls and a listing of some available ones see the link below: Understanding and Using Firewalls Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates. Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with this program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here: Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A tutorial on installing & using this product can be found here: Using SpywareBlaster to protect your computer from Spyware and Malware IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. Using IE-SPYAD to help block unwanted sites and activities Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. Only run one Anti-Virus and Firewall program. I would also suggest you read this: So how did I get infected in the first place? by Tony Klein

ozzieoutlaw View Member Profile	Nov 2 2007, 07:09 PM Post #11
New Member Group: Authentic Member Posts: 16 Joined: 28-October 07 From: Victoria Australia Member No.: 73,859 Operating System: windows xp	All done updated drivers etc all seems ok now thank you for all your help.

LDTate View Member Profile	Nov 2 2007, 07:11 PM Post #12
Forum God Group: Root Admin Posts: 55,838 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	Great job You're more then welcome. Glad we were able to help Peace be with you

LDTate View Member Profile	Nov 2 2007, 07:12 PM Post #13
Forum God Group: Root Admin Posts: 55,838 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

« Next Oldest · Virus, Spyware & Malware Removal · Next Newest »

Topic Title	Replies	Topic Starter	Views	Last Action
Virus, Spyware & Malware Removal Window Search Problem	5	-David Worrell-	2,700	10th November 2003 - 07:06 PM Last post by: cnm
Virus, Spyware & Malware Removal Address Bar Problem	4	-janky@adelphia.net-	1,756	13th November 2003 - 07:42 PM Last post by: cnm
Virus, Spyware & Malware Removal Persistant About:blank & Sp Problem 12	17	NickArnold	2,180	26th March 2005 - 08:47 PM Last post by: LDTate
Virus, Spyware & Malware Removal Problem Accessing A Web-site	10	Biker-T	1,401	16th March 2005 - 08:12 PM Last post by: lethal
Browsers, Internet and email Connection Problem	2	SonFlower2002	1,037	15th October 2006 - 02:58 PM Last post by: SonFlower2002