virus(es) from dailykeys. please help! [RESOLVED]

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

2 Pages

1 2 >

virus(es) from dailykeys. please help! [RESOLVED], hijackthis logs incl.

Options

jksl View Member Profile	Nov 4 2008, 11:51 AM Post #1
Member Posts: 11 OS: windows xp home edition	i opened an .exe from dailykeys (like a noob). please help! Here's what i've done so far: created a hijackthis log. started sdfix and logged it. created another hijackthis log. ran combofix. Here are the logs: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:50:57 AM, on 04/11/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Common Files\AOL\1158220783\ee\AOLSoftware.exe C:\Program Files\MarkAny\ContentSAFER\MAAgent.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\DOCUME~1\john\LOCALS~1\Temp\winlogen.exe C:\WINDOWS\System32\rs32net.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe C:\DOCUME~1\john\LOCALS~1\Temp\csrssc.exe C:\Documents and Settings\john\Application Data\gadcom\gadcom.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\drivers\services.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1158220783\ee\AOLSoftware.exe O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSAFER\MAAgent.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN O4 - HKLM\..\Run: [ksjf93orkekfniw73nfdd] C:\DOCUME~1\john\LOCALS~1\Temp\winlogen.exe O4 - HKLM\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe O4 - HKLM\..\Run: [[system]] C:\WINDOWS\system32\drivers\services.exe O4 - HKLM\..\Run: [winlogon] C:\Documents and Settings\john\svchost.exe O4 - HKLM\..\Run: [b45089a6] rundll32.exe "C:\WINDOWS\system32\tpmumrul.dll",b O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Fileguri] "C:\Program Files\Freechal\Fileguri\Fileguri.exe" PathFileguri /background O4 - HKCU\..\Run: [ksjf93orkekfniw73nfdd] C:\DOCUME~1\john\LOCALS~1\Temp\winlogen.exe O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\john\LOCALS~1\Temp\csrssc.exe O4 - HKCU\..\Run: [[system]] C:\WINDOWS\system32\drivers\services.exe O4 - HKCU\..\Run: [winlogon] C:\Documents and Settings\john\svchost.exe O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\john\Application Data\gadcom\gadcom.exe" 61A847B5BBF7281337983D466188719AB689201522886B092CBD44BD8689220221DD3257 O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Jnskdfmf9eldfd] C:\WINDOWS\TEMP\csrssc.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: NaturalColorLoad.lnk = ? O4 - Startup: userinit.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: NaturalColorLoad.lnk = ? O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.4.24.0\gears.dll O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.4.24.0\gears.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://.sbs.co.kr O15 - ESC Trusted Zone: http://.update.microsoft.com O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cab O16 - DPF: {07B71B24-4261-42F0-AD54-469ACA9C7377} (MuzFavorites Class) - http://image.muz.co.kr/activex/MuzFavo.cab O16 - DPF: {0B96BF84-DA5C-46F4-A7FC-5319CFF74163} (MnetLauncher Control) - http://player.mnet.com/package/cjmuset.cab O16 - DPF: {15C4019C-C917-4905-999A-99B4EC71B7CF} (DaumPlayerPan Class) - http://listen.daum.net/52st/DaumMPlayer/DaumMPlayer.dll O16 - DPF: {173C3614-4DAD-4772-82A6-E8BE8733CE14} (CViewManager3 Object) - http://www.mtv.co.kr/component/WM_WebInteraction.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1793C95A-F259-48E5-B914-6DC3C938EE8E} (Einsdigital VOD Web Player Control) - http://music.imbc.com/Player/OCX/p3einsvod.cab O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB O16 - DPF: {2086592C-34CB-46BC-A042-715910AFBE81} (EBSSessionCheck.SessionCheck) - http://img.ebs.co.kr/ActiveX/Session/EBSSessionCheck.CAB O16 - DPF: {2FDAF918-389E-4402-9DA1-F5348615BC30} (axMROpen Control) - http://www.dosirak.co.kr/Commons/Activex/MROpen.cab O16 - DPF: {3450032D-92DA-4033-8672-4E0A2E7C4A7C} (SliderControl Control) - http://music.imbc.com/Player/OCX/SliderControl.ocx O16 - DPF: {3942BD43-B5CE-465F-9AC3-16BA93994273} (DosirakControl Control) - http://www.dosirak.com/Commons/Activex/DosirakControl.ocx O16 - DPF: {3F0031D3-8F91-4653-8EDF-2D3E88DDDFF3} (MnS_Player) - http://music.mnshome.com/download/WAVAA_Player.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {5D9446DB-E849-4B95-9872-D0C21343ABF0} (MAWizard Class) - http://www.csafer.net/ActiveX/MASetupWizard.cab O16 - DPF: {5DAEF053-DEF0-4752-A963-CCE9B49B0B79} (Gogs Class) - http://bridge.item2.naver.com/music/cab/nbgm.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1130390787484 O16 - DPF: {67BFB996-900D-4885-91A3-63F288526F69} (DosirakControl Control) - http://www.dosirak.com/Commons/Activex/DosirakControl.cab O16 - DPF: {68253470-5D4F-4CDF-8D9C-353C14A2F013} (SVPorsche Control) - http://img.yahoo.co.kr/multi/2005/tool/pla...9/SVPorsche.cab O16 - DPF: {6A2E758A-028B-46BB-A11D-0608AB5A4ED3} (DaumBGMCtrl Class) - http://listen.daum.net/52st/bgmplayer/Daum52stBGMPlayer.cab O16 - DPF: {6DB55C83-1CBE-4D7B-AC74-318B0B1717E6} (ToonsXHanarum Control) - http://img2.manhwa.co.kr/unity_viewer/tns_...XHanarumOld.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155459271093 O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} (GomWeb Control) - http://app.gomtv.com/gom/GomWeb.cab O16 - DPF: {858033B9-13BC-4DFE-B62A-78E1FAA0DFD7} (MABugsDownload Control) - http://www.csafer.net/activex/mabugsdownload.cab O16 - DPF: {85AF9A98-3423-45E4-8BAD-85645F16AC31} (P3 Bugs VoD Loader Class) - http://player.bugs.co.kr/install/mv/p3bvset.cab O16 - DPF: {882A7CC6-0163-4BC1-8BC1-505E36C9FFA2} (MnetHelper Control) - http://www.mnet.com/Ver2/App/totalApp/maxh...r/maxhelper.cab O16 - DPF: {8DE79080-8535-4F7B-A2A0-5492A89EC18E} (SayClub & JukeOn Music Control) - http://music.imbc.com/Player/OCX/p3ed.cab O16 - DPF: {8ED577E0-25F4-4477-866B-3C572B7FB603} - http://viout.com/downloader/ViOutActive.cab O16 - DPF: {8EEB54D5-CC70-40E4-B015-AC478C02ECC8} (SLViewer Control) - http://www.ebsi.co.kr/ebs/ActiveX/SLViewer.cab O16 - DPF: {92D0D610-A6FA-48D8-94CB-BD47FDF68655} - http://app.ipop.co.kr/ipop/ipopx.cab O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/activex/dmcc2.c...ersion=1,0,0,10 O16 - DPF: {970E1B88-8AC1-4E31-86D6-BFA769CEF7A6} (eGSignPlus For_EBS Class) - http://www.ebs-space.co.kr/eGEBS.cab O16 - DPF: {9B75502C-BBED-4BBD-8FE2-822E5E0AD32C} (MagicLockOCX Control) - http://www.tvcf.co.kr/activx/Down_YZ/MagicLockOCX.cab O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.co.kr/install/XTools.cab O16 - DPF: {9C33ABEA-52B6-4895-85B0-E3BAB337EE3E} (Pull0PlayerX Control) - http://pullshot.pullbbang.com/images/Pull0Player.ocx O16 - DPF: {9DA9609B-9237-40D3-A66D-24FE73CE3CD0} (IB_SiteSigning.IBSiteSigning) - http://img.sbs.co.kr/vobos/site/IB_SiteSigning.CAB O16 - DPF: {A65552CC-8138-4D22-BEC8-4D0AFB2786BC} (melonset Class) - http://www.melon.com/utility/player/vod/package/melonset.cab O16 - DPF: {AF11AA64-87A5-4146-AF3B-A7BD0F278485} (SBStarter Control) - http://download.soribada.com/down/Soribada...830/SBStart.CAB O16 - DPF: {B3FE4217-1335-4D02-A7C0-9A5CE9E6640E} (MADanalCtrl Control) - http://www.ohdio.com/common/ctrl/MADanalCtrl2.cab O16 - DPF: {B7F6F3B0-F5D3-4C9D-A610-1619059CF55A} (ClickPopWeb Control) - http://activexdown.paran.com/paranactivex/data/ClickPop2.cab O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - http://cafeimg.hanmail.net/cto/xman.cab?ver=1,2,3,5 O16 - DPF: {BCEF5CDE-BAD4-4532-A30B-9D16D502DE69} (BugsInstallEx Control) - http://install.bugs.co.kr/install/BugsInstallerEx.cab O16 - DPF: {BD6BB450-7C69-43B8-96F3-689CAE57AB51} (SBSWebPlayer Class) - http://netv.sbs.co.kr/object/player/SBSWebPlayer.cab O16 - DPF: {BD6F8792-B90E-4431-B0AB-08CF414E9D35} (DamoimBGMPlayerX Control) - http://bgm.iple.com/Cab/SMMusicPlayerX.cab O16 - DPF: {BDD22343-1DF0-4983-947F-7604DD9838F8} (MagicController Control) - http://home.ebs.co.kr/wizard/contents/view...agicSpeeder.cab O16 - DPF: {BFB6D72C-1030-47E4-88A2-614ACCC92467} (MaxMp3VSet Class) - http://www.mnet.com/MaxMP3/Html/MPlayer/Mo...ge/p3mxvset.cab O16 - DPF: {C2C16510-10F4-46FE-A82C-4846435EBDEB} (p3muzset Class) - http://player.muz.co.kr/package/p3muzset.cab O16 - DPF: {C487029E-1890-487D-AFC3-DE4F59D1B035} (SBSActiveX Control) - http://toolbar.sbs.co.kr/toolbar/SBSGoreal...SBSActiveX3.cab O16 - DPF: {CD8456F2-691D-42D8-8E01-69C62934445C} (MusicLoader Control) - http://www.mnet.com/drm/PdnLoader/MusicLoader.cab O16 - DPF: {CEE326E8-7571-4086-B347-3C0ACA9A9DE8} (PcubeSet Class) - http://music.msn.co.kr/player/aod/dll/p3msnset.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {DF6B7F10-E995-4327-87CF-1300D974B82C} (EBS_TopMost.EBS_Top) - http://www.ebs.co.kr/Player/EBS.CAB O16 - DPF: {EC9B6257-B5E7-49EC-8CBB-FF5D9A8C2E5B} - http://dl.jukeon.co.kr/jukeon/jukeon2/2007...01/jukeonax.cab O16 - DPF: {F9483795-6A21-47A0-949B-77E3E8A41989} (KTHPlayerCtrl Control) - http://mbox.paran.com/mbox/cabinets/KTHPlayerCtrl.cab O20 - AppInit_DLLs: sfnzwm.dll O22 - SharedTaskScheduler: lksdfj98w3rmsekfnaui3rgfdgf - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\WINDOWS\system32\ksaf83hfd.dll O23 - Service: Microsoft ASPI Manager (aspimgr) - Unknown owner - C:\WINDOWS\system32\aspimgr.exe (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Google Update Service (gupdate1c937c9314a8175) (gupdate1c937c9314a8175) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ICF (icf) - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe O23 - Service: psyche - Unknown owner - C:\WINDOWS\System32\psyche.exe (file missing) O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 16385 bytes -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- SDFix: Version 1.239 Run by john on 04/11/2008 at 04:07 AM Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Checking Services : Rootkit Found : C:\WINDOWS\system32\drivers\ATI5WCXX.sys - Rootkit Pandex/Cutwail - Protect.sys C:\WINDOWS\system32\drivers\60eae236.sys - Rustock.B/Spam-Mailbot.c Name : aspimgr ICF psyche restore {def85c80-216a-43ab-af70-1665edbe2780} ATI5WCXX 60eae236 Path : C:\WINDOWS\system32\aspimgr.exe C:\WINDOWS\system32\svchost.exe:ext.exe %SystemRoot%\System32\psyche.exe -k netsvcs \??\C:\WINDOWS\system32\drivers\restore.sys \??\C:\WINDOWS\TEMP\5C6.tmp System32\Drivers\ati5wcxx.sys \SystemRoot\System32\drivers\60eae236.sys aspimgr - Deleted ICF - Deleted psyche - Deleted restore - Deleted {def85c80-216a-43ab-af70-1665edbe2780} - Deleted ATI5WCXX - Deleted 60eae236 - Deleted Restoring Default Security Values Restoring Default Hosts File Restoring Default Schedule Service Path Rebooting Service ATI5WCXX - Deleted Checking Files : Trojan Files Found: C:\WINDOWS\system32\tuvTkJDw.dll - Deleted C:\WINDOWS\system32\DHAXOYC.dll - Deleted C:\WINDOWS\system32\WINXTX32.dll - Deleted C:\WINDOWS\system32\ksaf83hfd.dll - Deleted C:\WINDOWS\SYSTEM32\ERASEM~1.EXE - Deleted C:\-12697~1 - Deleted C:\WINDOWS\system32\eraseme_22258.exe - Deleted C:\Documents and Settings\john\Start Menu\Programs\Startup\userinit.exe - Deleted C:\DOCUME~1\john\LOCALS~1\Temp\Csrssc.exe - Deleted C:\DOCUME~1\john\LOCALS~1\Temp\winlogen.exe - Deleted C:\WINDOWS\s32.txt - Deleted C:\WINDOWS\system32\124909\124909.dll - Deleted C:\WINDOWS\system32\alog.txt - Deleted C:\WINDOWS\system32\bb1.dat - Deleted C:\WINDOWS\system32\gcomd32.dll - Deleted C:\WINDOWS\system32\i - Deleted C:\WINDOWS\system32\lm.dat - Deleted C:\WINDOWS\system32\rs32net.exe - Deleted C:\WINDOWS\system32\tb.dr - Deleted C:\WINDOWS\Temp\bca4e2da.$$$ - Deleted C:\WINDOWS\Temp\csrssc.exe - Deleted C:\WINDOWS\Temp\ed47fa.$ - Deleted C:\WINDOWS\Temp\fa56d7ec.$$$ - Deleted C:\WINDOWS\ws386.ini - Deleted C:\WINDOWS\system32\drivers\services.exe - Deleted C:\WINDOWS\system32\drivers\ATI5WCXX.sys - Deleted C:\WINDOWS\system32\drivers\60eae236.sys - Deleted Note - Files associated with the MBR Rootkit have been found on this system, to check the PC use the MBR Rootkit Detector by Gmer Folder C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 - Removed Folder C:\WINDOWS\system32\124909 - Removed Removing Temp Files ADS Check : C:\WINDOWS\system32\svchost.exe : ADS Found! svchost.exe: deleted 25088 bytes in 1 streams. Checking for remaining Streams C:\WINDOWS\system32\svchost.exe No streams found. Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-04 04:20:38 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0002760c62c8] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0002760c62c8] scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher] "TracesProcessed"=dword:00000225 "TracesSuccessful"=dword:00000003 scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"="C:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe::Enabled:Rise of Nations" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe::Enabled:eMule" "C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe::Enabled:BitComet - a BitTorrent Client" "C:\\Documents and Settings\\john\\Desktop\\utorrent.exe"="C:\\Documents and Settings\\john\\Desktop\\utorrent.exe::Enabled:μTorrent" "C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe::Enabled:Firefox" "C:\\WINDOWS\\system32\\BugsSvr.exe"="C:\\WINDOWS\\system32\\BugsSvr.exe::Enabled:Bugs Music Player Control" "C:\\WINDOWS\\system32\\p3bvsvr.exe"="C:\\WINDOWS\\system32\\p3bvsvr.exe::Enabled:Bugs Music VoD Control" "C:\\Program Files\\Soulseek\\slsk.exe"="C:\\Program Files\\Soulseek\\slsk.exe::Enabled:SoulSeek" "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe::Enabled:VLC media player" "C:\\Program Files\\Freechal\\Fileguri\\FileguriMain.exe"="C:\\Program Files\\Freechal\\Fileguri\\FileguriMain.exe::Enabled:�AAI��" "C:\\WINDOWS\\system32\\jukeon_e.exe"="C:\\WINDOWS\\system32\\jukeon_e.exe::Enabled:SayClub & JukeOn Music Control" "C:\\WINDOWS\\system32\\jukeon_v.exe"="C:\\WINDOWS\\system32\\jukeon_v.exe::Enabled:JukeOn VOD Control" "C:\\WINDOWS\\system32\\P3MxSvr.exe"="C:\\WINDOWS\\system32\\P3MxSvr.exe::Enabled:Maxmp3 AoD Control" "C:\\WINDOWS\\system32\\p3mxvsvr.exe"="C:\\WINDOWS\\system32\\p3mxvsvr.exe::Enabled:MAXMP3 VOD Control" "C:\\Program Files\\Orbitdownloader\\orbitdm.exe"="C:\\Program Files\\Orbitdownloader\\orbitdm.exe::Enabled:Orbit" "C:\\Program Files\\Orbitdownloader\\orbitnet.exe"="C:\\Program Files\\Orbitdownloader\\orbitnet.exe::Enabled:Orbit" "C:\\WINDOWS\\system32\\wjview.exe"="C:\\WINDOWS\\system32\\wjview.exe::Enabled:Microsoft� VM Command Line Interpreter" "C:\\WINDOWS\\system32\\pdrtvsvr.exe"="C:\\WINDOWS\\system32\\pdrtvsvr.exe::Enabled:PandoraTV VoD Control" "C:\\Program Files\\pandora.tv\\minilite\\MiniStream.exe"="C:\\Program Files\\pandora.tv\\minilite\\MiniStream.exe::Enabled:MiniStream.exe" "C:\\WINDOWS\\system32\\mnetasvr.exe"="C:\\WINDOWS\\system32\\mnetasvr.exe::Enabled:MNet AoD Server" "C:\\WINDOWS\\system32\\mnetvsvr.exe"="C:\\WINDOWS\\system32\\mnetvsvr.exe::Enabled:MNet VoD Server" "C:\\Program Files\\pandora.tv\\minilite\\MiniLite.exe"="C:\\Program Files\\pandora.tv\\minilite\\MiniLite.exe::Enabled:MiniLite.exe" "C:\\WINDOWS\\system32\\skcbgm.exe"="C:\\WINDOWS\\system32\\skcbgm.exe::Enabled:SK Communications Cyworld BGM Player" "C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe::Enabled:Veoh Client" "C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\system32\\LEXPPS.EXE::Enabled:LEXPPS.EXE" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe::Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe::Enabled:Windows Live Messenger (Phone)" "C:\\WINDOWS\\system32\\muzmvsvr.exe"="C:\\WINDOWS\\system32\\muzmvsvr.exe::Enabled:MUZ VOD Control" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe::Enabled:Windows Messenger" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe::Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe::Enabled:Windows Live Messenger (Phone)" Remaining Files* : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Sun 26 Jun 2005 616,448 A.SHR --- "C:\Program Files\Replay AV 8\cygwin1.dll" Wed 22 Jun 2005 45,568 A.SHR --- "C:\Program Files\Replay AV 8\cygz.dll" Thu 19 Jan 2006 56 ..SHR --- "C:\WINDOWS\system32\9F7029BEE5.sys" Thu 14 Jul 2005 27,648 A.SH. --- "C:\WINDOWS\system32\AVSredirect.dll" Thu 19 Jan 2006 10,022 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys" Mon 3 Jul 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Fri 5 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Finished! ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:28:34 AM, on 04/11/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Google\Update\GoogleUpdate.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\conime.exe C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Common Files\AOL\1158220783\ee\AOLSoftware.exe C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe C:\Program Files\MarkAny\ContentSAFER\MAAgent.exe C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\PC Tools AntiVirus\PCTAV.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Documents and Settings\john\Application Data\gadcom\gadcom.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1158220783\ee\AOLSoftware.exe O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSAFER\MAAgent.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN O4 - HKLM\..\Run: [b45089a6] rundll32.exe "C:\WINDOWS\system32\tpmumrul.dll",b O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Fileguri] "C:\Program Files\Freechal\Fileguri\Fileguri.exe" PathFileguri /background O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\john\Application Data\gadcom\gadcom.exe" 61A847B5BBF7281337983D466188719AB689201522886B092CBD44BD8689220221DD3257 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: NaturalColorLoad.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: NaturalColorLoad.lnk = ? O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.4.24.0\gears.dll O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.4.24.0\gears.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://.sbs.co.kr O15 - ESC Trusted Zone: http://.update.microsoft.com O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cab O16 - DPF: {07B71B24-4261-42F0-AD54-469ACA9C7377} (MuzFavorites Class) - http://image.muz.co.kr/activex/MuzFavo.cab O16 - DPF: {0B96BF84-DA5C-46F4-A7FC-5319CFF74163} (MnetLauncher Control) - http://player.mnet.com/package/cjmuset.cab O16 - DPF: {15C4019C-C917-4905-999A-99B4EC71B7CF} (DaumPlayerPan Class) - http://listen.daum.net/52st/DaumMPlayer/DaumMPlayer.dll O16 - DPF: {173C3614-4DAD-4772-82A6-E8BE8733CE14} (CViewManager3 Object) - http://www.mtv.co.kr/component/WM_WebInteraction.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1793C95A-F259-48E5-B914-6DC3C938EE8E} (Einsdigital VOD Web Player Control) - http://music.imbc.com/Player/OCX/p3einsvod.cab O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB O16 - DPF: {2086592C-34CB-46BC-A042-715910AFBE81} (EBSSessionCheck.SessionCheck) - http://img.ebs.co.kr/ActiveX/Session/EBSSessionCheck.CAB O16 - DPF: {2FDAF918-389E-4402-9DA1-F5348615BC30} (axMROpen Control) - http://www.dosirak.co.kr/Commons/Activex/MROpen.cab O16 - DPF: {3450032D-92DA-4033-8672-4E0A2E7C4A7C} (SliderControl Control) - http://music.imbc.com/Player/OCX/SliderControl.ocx O16 - DPF: {3942BD43-B5CE-465F-9AC3-16BA93994273} (DosirakControl Control) - http://www.dosirak.com/Commons/Activex/DosirakControl.ocx O16 - DPF: {3F0031D3-8F91-4653-8EDF-2D3E88DDDFF3} (MnS_Player) - http://music.mnshome.com/download/WAVAA_Player.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {5D9446DB-E849-4B95-9872-D0C21343ABF0} (MAWizard Class) - http://www.csafer.net/ActiveX/MASetupWizard.cab O16 - DPF: {5DAEF053-DEF0-4752-A963-CCE9B49B0B79} (Gogs Class) - http://bridge.item2.naver.com/music/cab/nbgm.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1130390787484 O16 - DPF: {67BFB996-900D-4885-91A3-63F288526F69} (DosirakControl Control) - http://www.dosirak.com/Commons/Activex/DosirakControl.cab O16 - DPF: {68253470-5D4F-4CDF-8D9C-353C14A2F013} (SVPorsche Control) - http://img.yahoo.co.kr/multi/2005/tool/pla...9/SVPorsche.cab O16 - DPF: {6A2E758A-028B-46BB-A11D-0608AB5A4ED3} (DaumBGMCtrl Class) - http://listen.daum.net/52st/bgmplayer/Daum52stBGMPlayer.cab O16 - DPF: {6DB55C83-1CBE-4D7B-AC74-318B0B1717E6} (ToonsXHanarum Control) - http://img2.manhwa.co.kr/unity_viewer/tns_...XHanarumOld.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155459271093 O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} (GomWeb Control) - http://app.gomtv.com/gom/GomWeb.cab O16 - DPF: {858033B9-13BC-4DFE-B62A-78E1FAA0DFD7} (MABugsDownload Control) - http://www.csafer.net/activex/mabugsdownload.cab O16 - DPF: {85AF9A98-3423-45E4-8BAD-85645F16AC31} (P3 Bugs VoD Loader Class) - http://player.bugs.co.kr/install/mv/p3bvset.cab O16 - DPF: {882A7CC6-0163-4BC1-8BC1-505E36C9FFA2} (MnetHelper Control) - http://www.mnet.com/Ver2/App/totalApp/maxh...r/maxhelper.cab O16 - DPF: {8DE79080-8535-4F7B-A2A0-5492A89EC18E} (SayClub & JukeOn Music Control) - http://music.imbc.com/Player/OCX/p3ed.cab O16 - DPF: {8ED577E0-25F4-4477-866B-3C572B7FB603} - http://viout.com/downloader/ViOutActive.cab O16 - DPF: {8EEB54D5-CC70-40E4-B015-AC478C02ECC8} (SLViewer Control) - http://www.ebsi.co.kr/ebs/ActiveX/SLViewer.cab O16 - DPF: {92D0D610-A6FA-48D8-94CB-BD47FDF68655} - http://app.ipop.co.kr/ipop/ipopx.cab O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/activex/dmcc2.c...ersion=1,0,0,10 O16 - DPF: {970E1B88-8AC1-4E31-86D6-BFA769CEF7A6} (eGSignPlus For_EBS Class) - http://www.ebs-space.co.kr/eGEBS.cab O16 - DPF: {9B75502C-BBED-4BBD-8FE2-822E5E0AD32C} (MagicLockOCX Control) - http://www.tvcf.co.kr/activx/Down_YZ/MagicLockOCX.cab O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.co.kr/install/XTools.cab O16 - DPF: {9C33ABEA-52B6-4895-85B0-E3BAB337EE3E} (Pull0PlayerX Control) - http://pullshot.pullbbang.com/images/Pull0Player.ocx O16 - DPF: {9DA9609B-9237-40D3-A66D-24FE73CE3CD0} (IB_SiteSigning.IBSiteSigning) - http://img.sbs.co.kr/vobos/site/IB_SiteSigning.CAB O16 - DPF: {A65552CC-8138-4D22-BEC8-4D0AFB2786BC} (melonset Class) - http://www.melon.com/utility/player/vod/package/melonset.cab O16 - DPF: {AF11AA64-87A5-4146-AF3B-A7BD0F278485} (SBStarter Control) - http://download.soribada.com/down/Soribada...830/SBStart.CAB O16 - DPF: {B3FE4217-1335-4D02-A7C0-9A5CE9E6640E} (MADanalCtrl Control) - http://www.ohdio.com/common/ctrl/MADanalCtrl2.cab O16 - DPF: {B7F6F3B0-F5D3-4C9D-A610-1619059CF55A} (ClickPopWeb Control) - http://activexdown.paran.com/paranactivex/data/ClickPop2.cab O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - http://cafeimg.hanmail.net/cto/xman.cab?ver=1,2,3,5 O16 - DPF: {BCEF5CDE-BAD4-4532-A30B-9D16D502DE69} (BugsInstallEx Control) - http://install.bugs.co.kr/install/BugsInstallerEx.cab O16 - DPF: {BD6BB450-7C69-43B8-96F3-689CAE57AB51} (SBSWebPlayer Class) - http://netv.sbs.co.kr/object/player/SBSWebPlayer.cab O16 - DPF: {BD6F8792-B90E-4431-B0AB-08CF414E9D35} (DamoimBGMPlayerX Control) - http://bgm.iple.com/Cab/SMMusicPlayerX.cab O16 - DPF: {BDD22343-1DF0-4983-947F-7604DD9838F8} (MagicController Control) - http://home.ebs.co.kr/wizard/contents/view...agicSpeeder.cab O16 - DPF: {BFB6D72C-1030-47E4-88A2-614ACCC92467} (MaxMp3VSet Class) - http://www.mnet.com/MaxMP3/Html/MPlayer/Mo...ge/p3mxvset.cab O16 - DPF: {C2C16510-10F4-46FE-A82C-4846435EBDEB} (p3muzset Class) - http://player.muz.co.kr/package/p3muzset.cab O16 - DPF: {C487029E-1890-487D-AFC3-DE4F59D1B035} (SBSActiveX Control) - http://toolbar.sbs.co.kr/toolbar/SBSGoreal...SBSActiveX3.cab O16 - DPF: {CD8456F2-691D-42D8-8E01-69C62934445C} (MusicLoader Control) - http://www.mnet.com/drm/PdnLoader/MusicLoader.cab O16 - DPF: {CEE326E8-7571-4086-B347-3C0ACA9A9DE8} (PcubeSet Class) - http://music.msn.co.kr/player/aod/dll/p3msnset.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {DF6B7F10-E995-4327-87CF-1300D974B82C} (EBS_TopMost.EBS_Top) - http://www.ebs.co.kr/Player/EBS.CAB O16 - DPF: {EC9B6257-B5E7-49EC-8CBB-FF5D9A8C2E5B} - http://dl.jukeon.co.kr/jukeon/jukeon2/2007...01/jukeonax.cab O16 - DPF: {F9483795-6A21-47A0-949B-77E3E8A41989} (KTHPlayerCtrl Control) - http://mbox.paran.com/mbox/cabinets/KTHPlayerCtrl.cab O20 - AppInit_DLLs: sfnzwm.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Google Update Service (gupdate1c937c9314a8175) (gupdate1c937c9314a8175) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 15403 bytes ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ComboFix 08-11-03.04 - john 2008-11-04 11:38:44.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.949.82.1033.18.185 [GMT -5:00] Running from: c:\documents and settings\john\Desktop\Combo-Fix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\john\Local Settings\Temporary Internet Files\BgsV.cfg c:\documents and settings\john\Local Settings\Temporary Internet Files\BgsV0.che c:\documents and settings\john\Local Settings\Temporary Internet Files\BgsV1.che c:\documents and settings\john\Local Settings\Temporary Internet Files\BgsV2.che c:\documents and settings\john\Local Settings\Temporary Internet Files\BgsV3.che c:\documents and settings\john\Local Settings\Temporary Internet Files\BgsV4.che c:\documents and settings\john\Local Settings\Temporary Internet Files\BgsV5.che c:\documents and settings\john\Local Settings\Temporary Internet Files\BgsV6.che c:\documents and settings\john\Local Settings\Temporary Internet Files\BgsV7.che c:\documents and settings\john\Local Settings\Temporary Internet Files\BgsV8.che c:\documents and settings\john\Local Settings\Temporary Internet Files\BgsV9.che c:\documents and settings\john\Local Settings\Temporary Internet Files\BugsM.cfg c:\documents and settings\john\Local Settings\Temporary Internet Files\BugsM0.che c:\documents and settings\john\Local Settings\Temporary Internet Files\BugsM1.che c:\documents and settings\john\Local Settings\Temporary Internet Files\BugsM2.che c:\documents and settings\john\Local Settings\Temporary Internet Files\BugsM3.che c:\documents and settings\john\Local Settings\Temporary Internet Files\BugsM4.che c:\documents and settings\john\Local Settings\Temporary Internet Files\BugsM5.che c:\documents and settings\john\Local Settings\Temporary Internet Files\BugsM6.che c:\documents and settings\john\Local Settings\Temporary Internet Files\BugsM7.che c:\documents and settings\john\Local Settings\Temporary Internet Files\BugsM8.che c:\documents and settings\john\Local Settings\Temporary Internet Files\BugsM9.che c:\documents and settings\john\Local Settings\Temporary Internet Files\BUGSV.cfg c:\documents and settings\john\Local Settings\Temporary Internet Files\BUGSV0.che c:\documents and settings\john\Local Settings\Temporary Internet Files\BUGSV1.che c:\documents and settings\john\Local Settings\Temporary Internet Files\BUGSV2.che c:\documents and settings\john\Local Settings\Temporary Internet Files\BUGSV3.che c:\documents and settings\john\Local Settings\Temporary Internet Files\BUGSV4.che c:\documents and settings\john\Local Settings\Temporary Internet Files\BUG

jksl View Member Profile	Nov 4 2008, 11:53 AM Post #2
Member Posts: 11 OS: windows xp home edition	The last log got cut off> Here it is in full: ComboFix 08-11-03.04 - john 2008-11-04 11:38:44.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.949.82.1033.18.185 [GMT -5:00] Running from: c:\documents and settings\john\Desktop\Combo-Fix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\john\Local Settings\Temporary Internet Files\BgsV.cfg c:\documents and settings\john\Local Settings\Temporary Internet Files\BgsV0.che c:\documents and settings\john\Local Settings\Temporary Internet Files\BgsV1.che c:\documents and settings\john\Local Settings\Temporary Internet Files\BgsV2.che c:\documents and settings\john\Local Settings\Temporary Internet Files\BgsV3.che c:\documents and settings\john\Local Settings\Temporary Internet Files\BgsV4.che c:\documents and settings\john\Local Settings\Temporary Internet Files\BgsV5.che c:\documents and settings\john\Local Settings\Temporary Internet Files\BgsV6.che c:\documents and settings\john\Local Settings\Temporary Internet Files\BgsV7.che c:\documents and settings\john\Local Settings\Temporary Internet Files\BgsV8.che c:\documents and settings\john\Local Settings\Temporary Internet Files\BgsV9.che c:\documents and settings\john\Local Settings\Temporary Internet Files\BugsM.cfg c:\documents and settings\john\Local Settings\Temporary Internet Files\BugsM0.che c:\documents and settings\john\Local Settings\Temporary Internet Files\BugsM1.che c:\documents and settings\john\Local Settings\Temporary Internet Files\BugsM2.che c:\documents and settings\john\Local Settings\Temporary Internet Files\BugsM3.che c:\documents and settings\john\Local Settings\Temporary Internet Files\BugsM4.che c:\documents and settings\john\Local Settings\Temporary Internet Files\BugsM5.che c:\documents and settings\john\Local Settings\Temporary Internet Files\BugsM6.che c:\documents and settings\john\Local Settings\Temporary Internet Files\BugsM7.che c:\documents and settings\john\Local Settings\Temporary Internet Files\BugsM8.che c:\documents and settings\john\Local Settings\Temporary Internet Files\BugsM9.che c:\documents and settings\john\Local Settings\Temporary Internet Files\BUGSV.cfg c:\documents and settings\john\Local Settings\Temporary Internet Files\BUGSV0.che c:\documents and settings\john\Local Settings\Temporary Internet Files\BUGSV1.che c:\documents and settings\john\Local Settings\Temporary Internet Files\BUGSV2.che c:\documents and settings\john\Local Settings\Temporary Internet Files\BUGSV3.che c:\documents and settings\john\Local Settings\Temporary Internet Files\BUGSV4.che c:\documents and settings\john\Local Settings\Temporary Internet Files\BUGSV5.che c:\documents and settings\john\Local Settings\Temporary Internet Files\BUGSV6.che c:\documents and settings\john\Local Settings\Temporary Internet Files\BUGSV7.che c:\documents and settings\john\Local Settings\Temporary Internet Files\BUGSV8.che c:\documents and settings\john\Local Settings\Temporary Internet Files\BUGSV9.che c:\documents and settings\john\Local Settings\Temporary Internet Files\ED.cfg c:\documents and settings\john\Local Settings\Temporary Internet Files\ED0.che c:\documents and settings\john\Local Settings\Temporary Internet Files\ED1.che c:\documents and settings\john\Local Settings\Temporary Internet Files\ED2.che c:\documents and settings\john\Local Settings\Temporary Internet Files\ED3.che c:\documents and settings\john\Local Settings\Temporary Internet Files\ED4.che c:\documents and settings\john\Local Settings\Temporary Internet Files\ED5.che c:\documents and settings\john\Local Settings\Temporary Internet Files\ED6.che c:\documents and settings\john\Local Settings\Temporary Internet Files\ED7.che c:\documents and settings\john\Local Settings\Temporary Internet Files\ED8.che c:\documents and settings\john\Local Settings\Temporary Internet Files\ED9.che c:\documents and settings\john\Local Settings\Temporary Internet Files\EinV.cfg c:\documents and settings\john\Local Settings\Temporary Internet Files\EinV0.che c:\documents and settings\john\Local Settings\Temporary Internet Files\EinV1.che c:\documents and settings\john\Local Settings\Temporary Internet Files\EinV2.che c:\documents and settings\john\Local Settings\Temporary Internet Files\EinV3.che c:\documents and settings\john\Local Settings\Temporary Internet Files\EinV4.che c:\documents and settings\john\Local Settings\Temporary Internet Files\EinV5.che c:\documents and settings\john\Local Settings\Temporary Internet Files\EinV6.che c:\documents and settings\john\Local Settings\Temporary Internet Files\EinV7.che c:\documents and settings\john\Local Settings\Temporary Internet Files\EinV8.che c:\documents and settings\john\Local Settings\Temporary Internet Files\EinV9.che c:\documents and settings\john\Local Settings\Temporary Internet Files\fbk.sts c:\documents and settings\john\Local Settings\Temporary Internet Files\MNETA.cfg c:\documents and settings\john\Local Settings\Temporary Internet Files\MNETA0.che c:\documents and settings\john\Local Settings\Temporary Internet Files\MNETA1.che c:\documents and settings\john\Local Settings\Temporary Internet Files\MNETA2.che c:\documents and settings\john\Local Settings\Temporary Internet Files\MNETA3.che c:\documents and settings\john\Local Settings\Temporary Internet Files\MNETA4.che c:\documents and settings\john\Local Settings\Temporary Internet Files\MNETA5.che c:\documents and settings\john\Local Settings\Temporary Internet Files\MNETA6.che c:\documents and settings\john\Local Settings\Temporary Internet Files\MNETA7.che c:\documents and settings\john\Local Settings\Temporary Internet Files\MNETA8.che c:\documents and settings\john\Local Settings\Temporary Internet Files\MNETA9.che c:\documents and settings\john\Local Settings\Temporary Internet Files\MNETV.cfg c:\documents and settings\john\Local Settings\Temporary Internet Files\MNETV0.che c:\documents and settings\john\Local Settings\Temporary Internet Files\MNETV1.che c:\documents and settings\john\Local Settings\Temporary Internet Files\MNETV2.che c:\documents and settings\john\Local Settings\Temporary Internet Files\MNETV3.che c:\documents and settings\john\Local Settings\Temporary Internet Files\MNETV4.che c:\documents and settings\john\Local Settings\Temporary Internet Files\MNETV5.che c:\documents and settings\john\Local Settings\Temporary Internet Files\MNETV6.che c:\documents and settings\john\Local Settings\Temporary Internet Files\MNETV7.che c:\documents and settings\john\Local Settings\Temporary Internet Files\MNETV8.che c:\documents and settings\john\Local Settings\Temporary Internet Files\MNETV9.che c:\documents and settings\john\Local Settings\Temporary Internet Files\MUZAoD.cfg c:\documents and settings\john\Local Settings\Temporary Internet Files\MUZAoD0.che c:\documents and settings\john\Local Settings\Temporary Internet Files\MUZAoD1.che c:\documents and settings\john\Local Settings\Temporary Internet Files\MUZAoD2.che c:\documents and settings\john\Local Settings\Temporary Internet Files\MUZAoD3.che c:\documents and settings\john\Local Settings\Temporary Internet Files\MUZAoD4.che c:\documents and settings\john\Local Settings\Temporary Internet Files\MUZAoD5.che c:\documents and settings\john\Local Settings\Temporary Internet Files\MUZAoD6.che c:\documents and settings\john\Local Settings\Temporary Internet Files\MUZAoD7.che c:\documents and settings\john\Local Settings\Temporary Internet Files\MUZAoD8.che c:\documents and settings\john\Local Settings\Temporary Internet Files\MUZAoD9.che c:\documents and settings\john\Local Settings\Temporary Internet Files\MUZMV.cfg c:\documents and settings\john\Local Settings\Temporary Internet Files\MUZMV0.che c:\documents and settings\john\Local Settings\Temporary Internet Files\MUZMV1.che c:\documents and settings\john\Local Settings\Temporary Internet Files\MUZMV2.che c:\documents and settings\john\Local Settings\Temporary Internet Files\MUZMV3.che c:\documents and settings\john\Local Settings\Temporary Internet Files\MUZMV4.che c:\documents and settings\john\Local Settings\Temporary Internet Files\MUZMV5.che c:\documents and settings\john\Local Settings\Temporary Internet Files\MUZMV6.che c:\documents and settings\john\Local Settings\Temporary Internet Files\MUZMV7.che c:\documents and settings\john\Local Settings\Temporary Internet Files\MUZMV8.che c:\documents and settings\john\Local Settings\Temporary Internet Files\MUZMV9.che c:\documents and settings\john\Local Settings\Temporary Internet Files\P3MXV.cfg c:\documents and settings\john\Local Settings\Temporary Internet Files\P3MXV0.che c:\documents and settings\john\Local Settings\Temporary Internet Files\P3MXV1.che c:\documents and settings\john\Local Settings\Temporary Internet Files\P3MXV2.che c:\documents and settings\john\Local Settings\Temporary Internet Files\P3MXV3.che c:\documents and settings\john\Local Settings\Temporary Internet Files\P3MXV4.che c:\documents and settings\john\Local Settings\Temporary Internet Files\P3MXV5.che c:\documents and settings\john\Local Settings\Temporary Internet Files\P3MXV6.che c:\documents and settings\john\Local Settings\Temporary Internet Files\P3MXV7.che c:\documents and settings\john\Local Settings\Temporary Internet Files\P3MXV8.che c:\documents and settings\john\Local Settings\Temporary Internet Files\P3MXV9.che c:\documents and settings\john\Local Settings\Temporary Internet Files\SKBGM.cfg c:\documents and settings\john\Local Settings\Temporary Internet Files\SKBGM0.che c:\documents and settings\john\Local Settings\Temporary Internet Files\SKBGM1.che c:\documents and settings\john\Local Settings\Temporary Internet Files\SKBGM2.che c:\documents and settings\john\Local Settings\Temporary Internet Files\SKBGM3.che c:\documents and settings\john\Local Settings\Temporary Internet Files\SKBGM4.che c:\documents and settings\john\Local Settings\Temporary Internet Files\SKBGM5.che c:\documents and settings\john\Local Settings\Temporary Internet Files\SKBGM6.che c:\documents and settings\john\Local Settings\Temporary Internet Files\SKBGM7.che c:\documents and settings\john\Local Settings\Temporary Internet Files\SKBGM8.che c:\documents and settings\john\Local Settings\Temporary Internet Files\SKBGM9.che c:\program files\INSTALL.LOG c:\windows\Downloaded Program Files\setup.inf c:\windows\g32.txt c:\windows\system32\awtqnkhf.dll c:\windows\system32\gOVxwyxx.ini c:\windows\system32\gOVxwyxx.ini2 c:\windows\system32\hgapt32.dll c:\windows\system32\hhpcxyjo.dll c:\windows\system32\lurmumpt.ini c:\windows\system32\sfnzwm.dll c:\windows\system32\tpmumrul.dll c:\windows\system32\xxywxVOg.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF -------\Legacy_VFILT -------\Service_NPF ((((((((((((((((((((((((( Files Created from 2008-10-04 to 2008-11-04 ))))))))))))))))))))))))))))))) . 2008-11-04 04:04 . 2008-11-04 04:04 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll 2008-11-04 03:58 . 2008-11-04 03:58 <DIR> d-------- c:\windows\ERUNT 2008-11-04 03:52 . 2008-11-04 04:25 <DIR> d-------- C:\SDFix 2008-11-04 03:50 . 2008-11-04 03:50 <DIR> d-------- c:\program files\Trend Micro 2008-11-03 21:17 . 2008-11-03 21:17 <DIR> d-------- c:\documents and settings\Administrator\Application Data\PC Tools 2008-11-03 21:16 . 2008-11-03 21:16 <DIR> d-------- c:\documents and settings\Administrator 2008-11-03 21:06 . 2008-04-11 22:13 82,432 --a------ c:\windows\system32\404Fix.exe 2008-11-03 20:42 . 2008-11-03 20:42 <DIR> d-------- c:\documents and settings\john\Application Data\gadcom 2008-11-03 20:42 . 2008-11-03 20:42 705 --a------ C:\mhggott.exe 2008-11-03 20:42 . 2008-11-03 20:42 705 --a------ C:\feifvyj.exe 2008-11-03 20:41 . 2008-11-03 20:42 77,950 --a------ C:\mavnnjdx.exe 2008-11-03 20:41 . 2008-11-03 20:41 32,768 --a------ C:\vipja.exe 2008-11-02 00:43 . 2008-11-02 00:43 1,836,384 --a------ c:\windows\system32\DaumActiveX_2_0_0_4.dll 2008-11-01 22:58 . 2008-11-01 22:58 722,672 --a------ c:\windows\system32\muzmvctl.dll 2008-11-01 22:58 . 2008-11-01 22:58 198,384 --a------ c:\windows\system32\muzmvf2.dll 2008-11-01 22:58 . 2008-11-01 22:58 182,000 --a------ c:\windows\system32\muzmvsvr.exe 2008-11-01 22:58 . 2008-11-01 22:58 149,232 --a------ c:\windows\system32\muzmvf1.dll 2008-10-27 18:24 . 2008-10-27 18:24 268 --ah----- C:\sqmdata03.sqm 2008-10-27 18:24 . 2008-10-27 18:24 244 --ah----- C:\sqmnoopt03.sqm 2008-10-27 15:25 . 2008-08-26 12:20 311,296 --a------ c:\windows\system32\Bugsctrl.dll 2008-10-27 15:25 . 2008-08-26 15:25 167,936 --a------ c:\windows\system32\jukeon_e.exe 2008-10-27 15:25 . 2008-08-26 12:25 135,168 --a------ c:\windows\system32\Bugsedf1.dll 2008-10-26 18:19 . 2008-07-10 13:02 19,734 --a------ c:\windows\hanafos.ico 2008-10-26 18:19 . 2008-07-10 13:02 18,718 --a------ c:\windows\Mnet 마이스타.ico 2008-10-26 18:19 . 2008-07-10 13:02 17,574 --a------ c:\windows\Mnet 음악감상.ico 2008-10-26 18:03 . 2008-09-08 05:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys 2008-10-26 18:01 . 2008-08-14 05:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2008-10-26 18:01 . 2008-08-14 05:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2008-10-26 18:01 . 2008-08-14 04:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2008-10-26 18:01 . 2008-08-14 04:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2008-10-26 18:01 . 2008-09-15 07:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys 2008-10-26 18:01 . 2008-10-15 11:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-04 16:47 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2008-11-04 16:46 --------- d-----w c:\program files\PC Tools AntiVirus 2008-11-04 08:50 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2008-11-04 01:39 --------- d-----w c:\program files\Total Video Converter 2008-11-04 01:18 --------- d-----w c:\documents and settings\john\Application Data\Orbit 2008-11-04 01:03 --------- d-----w c:\documents and settings\john\Application Data\uTorrent 2008-10-30 23:47 --------- d-----w c:\program files\Microsoft Silverlight 2008-10-27 20:25 --------- d-----w c:\program files\Bugs 2008-10-27 00:16 --------- d-----w c:\program files\Google 2008-10-06 04:59 --------- d-----w c:\program files\NOS 2008-10-06 04:59 --------- d-----w c:\documents and settings\All Users\Application Data\NOS 2008-09-08 10:41 333,824 ----a-w c:\windows\system32\drivers\srv.sys 2006-09-18 13:01 25,080 ----a-w c:\documents and settings\john\Application Data\GDIPFONTCACHEV1.DAT 2006-02-14 09:25 774,144 ----a-w c:\program files\RngInterstitial.dll 2006-01-19 05:30 56 --sh--r c:\windows\system32\9F7029BEE5.sys 2005-07-14 19:31 27,648 --sha-w c:\windows\system32\AVSredirect.dll 2006-01-19 05:30 10,022 --sha-w c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-08 94208] "gadcom"="c:\documents and settings\john\Application Data\gadcom\gadcom.exe" [2008-11-03 56832] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "PHIME2002ASync"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168] "PHIME2002A"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-10-23 962560] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-10-27 155648] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "NeroFilterCheck"="c:\windows\System32\NeroCheck.exe" [2001-07-09 155648] "SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632] "HostManager"="c:\program files\Common Files\AOL\1158220783\ee\AOLSoftware.exe" [2006-04-20 50792] "Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-03-28 57344] "MAAgent"="c:\program files\MarkAny\ContentSAFER\MAAgent.exe" [2006-06-02 57344] "PCTAVApp"="c:\program files\PC Tools AntiVirus\PCTAV.exe" [2008-03-05 1238928] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 c:\windows\system32\bthprops.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360] c:\documents and settings\john\Start Menu\Programs\Startup\ NaturalColorLoad.lnk - c:\program files\SEC\Natural Color\NaturalColorLoad.exe [2005-10-27 155715] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696] ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-08-12 45056] Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-09-18 561213] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] NaturalColorLoad.lnk - c:\program files\SEC\Natural Color\NaturalColorLoad.exe [2005-10-27 155715] Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2006-03-26 257752] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{88485281-8b4b-4f8d-9ede-82e29a064277}"= "c:\progra~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=sfnzwm.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "MSACM.MI-SC4"= MI-SC4.acm "VIDC.HFYU"= huffyuv.dll "MSVideo"= CSvidcap.dll "msacm.divxa32"= msaud32_divx.acm [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Documents and Settings\\john\\Desktop\\utorrent.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\WINDOWS\\system32\\BugsSvr.exe"= "c:\\WINDOWS\\system32\\p3bvsvr.exe"= "c:\\Program Files\\Soulseek\\slsk.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\\WINDOWS\\system32\\jukeon_e.exe"= "c:\\WINDOWS\\system32\\jukeon_v.exe"= "c:\\WINDOWS\\system32\\P3MxSvr.exe"= "c:\\WINDOWS\\system32\\p3mxvsvr.exe"= "c:\\Program Files\\Orbitdownloader\\orbitdm.exe"= "c:\\Program Files\\Orbitdownloader\\orbitnet.exe"= "c:\\WINDOWS\\system32\\wjview.exe"= "c:\\WINDOWS\\system32\\pdrtvsvr.exe"= "c:\\Program Files\\pandora.tv\\minilite\\MiniStream.exe"= "c:\\WINDOWS\\system32\\mnetasvr.exe"= "c:\\WINDOWS\\system32\\mnetvsvr.exe"= "c:\\Program Files\\pandora.tv\\minilite\\MiniLite.exe"= "c:\\WINDOWS\\system32\\skcbgm.exe"= "c:\\WINDOWS\\system32\\LEXPPS.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\WINDOWS\\system32\\muzmvsvr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "10994:TCP"= 10994:TCP:BitComet 10994 TCP "10994:UDP"= 10994:UDP:BitComet 10994 UDP "10995:TCP"= 10995:TCP:BitComet 10995 TCP "10995:UDP"= 10995:UDP:BitComet 10995 UDP . Contents of the 'Scheduled Tasks' folder 2008-11-04 c:\windows\Tasks\GoogleUpdateTaskMachine.job - c:\program files\Google\Update\GoogleUpdate.exe [2008-10-26 19:15] . - - - - ORPHANS REMOVED - - - - BHO-{ABC94D30-CDA1-4A14-9966-2D985126D270} - c:\windows\system32\xxywxVOg.dll HKCU-Run-Fileguri - c:\program files\Freechal\Fileguri\Fileguri.exe HKLM-Run-b45089a6 - c:\windows\system32\tpmumrul.dll HKLM-Run-NWEReboot - (no file) HKLM-Run-ClubBox - (no file) . ------- Supplementary Scan ------- . FireFox -: Profile - c:\documents and settings\john\Application Data\Mozilla\Firefox\Profiles\laegm06f.default\ FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll FF -: plugin - c:\program files\DivX\DivX Content Uploader\npUpload.dll FF -: plugin - c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll FF -: plugin - c:\program files\Google\Update\1.2.131.25\npGoogleOneClick6.dll FF -: plugin - c:\program files\Microsoft Silverlight\2.0.30523.8\npctrl.dll FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30401.0.dll FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\np_gp.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\npracplug.dll FF -: plugin - c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-04 11:46:20 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\vsdatant] "ImagePath"="" . ------------------------ Other Running Processes ------------------------ . c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\program files\Sygate\SPF\Smc.exe c:\windows\system32\LEXBCES.EXE c:\windows\system32\LEXPPS.EXE c:\windows\system32\conime.exe c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe c:\program files\PC Tools AntiVirus\PCTAVSvc.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\windows\system32\rundll32.exe c:\program files\Lexmark X1100 Series\lxbkbmon.exe c:\program files\Windows Desktop Search\WindowsSearchIndexer.exe . ************************************************************************ . Completion time: 2008-11-04 12:02:57 - machine was rebooted ComboFix-quarantined-files.txt 2008-11-04 17:02:30 Pre-Run: 23,717,085,184 bytes free Post-Run: 23,725,793,280 bytes free 339 --- E O F --- 2008-11-04 16:57:44

Essexboy View Member Profile	Nov 8 2008, 10:38 AM Post #3
GeekU Moderator Posts: 18,766 From: Darkest Cornwall OS: Vista Ultimate & Windows 7	Hi there and sorry for the delay, but if you answer yourself we will bypass you as we look for zero replies. Nuff said I would like a fresh look at your system and what problems are you experiencing now ? To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link. Download OTScanit to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop. Close ALL OTHER PROGRAMS. Open the OTScanit folder and double-click on OTScanit.exe to start the program. Check the box that says Scan All User Accounts Check the Radio button for Rootkit check YES Check the Radio buttons for Files/Folders Created Within 90 Days and Files/Folders Modified Within 90 Days Under Additional Scans check the following: File - Lop Check Reg - BotCheck File - Additional Folder Scans File - Purity Scan Now click the Run Scan button on the toolbar. Let it run unhindered until it finishes. When the scan is complete Notepad will open with the report file loaded in it. Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it. Please attach the log in your next post. To attach a file, do the following: Click Add Reply Under the reply panel is the Attachments Panel Browse for the attachment file you want to upload, then click the green Upload button Once it has uploaded, click the Manage Current Attachments drop down box Click on to insert the attachment into your post

jksl View Member Profile	Nov 8 2008, 02:31 PM Post #4
Member Posts: 11 OS: windows xp home edition	Thanks for the reply! i attached the file One of the problems i'm facing right now is that everytime i try to open IE, i get a security warning. there's an attempt to run navcancl.htm. so, i'm using firefox instead. This post has been edited by jksl: Nov 8 2008, 02:34 PM Attached File(s) OTScanIt.Txt ( 343.36K ) Number of downloads: 162

Essexboy View Member Profile	Nov 8 2008, 04:44 PM Post #5
GeekU Moderator Posts: 18,766 From: Darkest Cornwall OS: Vista Ultimate & Windows 7	Run this fix whilst I research the navcancel problem as it is a very old exploit for IE7 which should be blocked now. Start OTScanit. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button. CODE [Unregister Dlls] [Registry - Non-Microsoft Only] < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs AppInit_DLLs -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls YN -> sfnzwm.dll -> < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ YN -> sbs.co.kr .[http] -> Trusted sites YN -> sbs.co.kr .[https] -> Trusted sites < Trusted Sites Domains [HKEY_USERS\S-1-5-21-1659004503-1417001333-725345543-1004\] > -> HKEY_USERS\S-1-5-21-1659004503-1417001333-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ YN -> sbs.co.kr .[http] -> Trusted sites YN -> sbs.co.kr .[https] -> Trusted sites < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ YN -> {92D0D610-A6FA-48D8-94CB-BD47FDF68655}[HKEY_LOCAL_MACHINE] -> http://app.ipop.co.kr/ipop/ipopx.cab[Reg Error: Key does not exist or could not be opened.] YN -> {9C33ABEA-52B6-4895-85B0-E3BAB337EE3E}[HKEY_LOCAL_MACHINE] -> http://pullshot.pullbbang.com/images/Pull0Player.ocx[Pull0PlayerX Control] [Files/Folders - Modified Within 90 days] NY -> qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat NY -> qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat [Extra Files] c:\documents and settings\john\Application Data\gadcom C:\mhggott.exe C:\feifvyj.exe C:\vipja.exe C:\mavnnjdx.exe [Empty Temp Folders] The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new Hijackthis log. I will review the information when it comes back in. Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

jksl View Member Profile	Nov 8 2008, 08:39 PM Post #6
Member Posts: 11 OS: windows xp home edition	Yeah, there is another problem i noticed. When i look at videos online like from youtube, i would notice lag every now and then. During those times, my page file usage would sky rocket and stay high. thanks again, here is the log from OTScanIt: [Registry - Non-Microsoft Only] Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:sfnzwm.dll deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sbs.co.kr\\http deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sbs.co.kr\\https deleted successfully. Registry key HKEY_USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sbs.co.kr not found. Registry key HKEY_USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sbs.co.kr not found. Starting removal of ActiveX control {92D0D610-A6FA-48D8-94CB-BD47FDF68655} C:\WINDOWS\Downloaded Program Files\ipopx.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92D0D610-A6FA-48D8-94CB-BD47FDF68655}\ not found. Starting removal of ActiveX control {9C33ABEA-52B6-4895-85B0-E3BAB337EE3E} Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9C33ABEA-52B6-4895-85B0-E3BAB337EE3E}\DownloadInformation\\INF . Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C33ABEA-52B6-4895-85B0-E3BAB337EE3E}\ deleted successfully. [Files/Folders - Modified Within 90 days] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat moved successfully. C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat moved successfully. [Extra Files] < c:\documents and settings\john\Application Data\gadcom > File/Folder c:\documents and settings\john\Application Data\gadcom not found. < C:\mhggott.exe > File/Folder C:\mhggott.exe not found. < C:\feifvyj.exe > File/Folder C:\feifvyj.exe not found. < C:\vipja.exe > File/Folder C:\vipja.exe not found. < C:\mavnnjdx.exe > File/Folder C:\mavnnjdx.exe not found. [Empty Temp Folders] File delete failed. C:\Documents and Settings\john\Local Settings\temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\john\Local Settings\temp\History\History.IE5\MSHist012008110820081109\index.dat scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\john\Local Settings\temp\History\History.IE5\index.dat scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\john\Local Settings\temp\Cookies\index.dat scheduled to be deleted on reboot. User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. Local Service Temporary Internet Files folder emptied. Windows Temp folder emptied. Java cache emptied. FireFox cache emptied. RecycleBin -> emptied. < End of fix log > OTScanIt by OldTimer - Version 1.0.19.0 fix logfile created on 11082008_211141 Files moved on Reboot... C:\Documents and Settings\john\Local Settings\temp\Temporary Internet Files\Content.IE5\index.dat moved successfully. C:\Documents and Settings\john\Local Settings\temp\History\History.IE5\MSHist012008110820081109\index.dat moved successfully. C:\Documents and Settings\john\Local Settings\temp\History\History.IE5\index.dat moved successfully. C:\Documents and Settings\john\Local Settings\temp\Cookies\index.dat moved successfully. Here is the hijackthis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:20:33 PM, on 08/11/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Common Files\AOL\1158220783\ee\AOLSoftware.exe C:\Program Files\MarkAny\ContentSAFER\MAAgent.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\PC Tools AntiVirus\PCTAV.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1158220783\ee\AOLSoftware.exe O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSAFER\MAAgent.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: NaturalColorLoad.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: NaturalColorLoad.lnk = ? O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.4.24.0\gears.dll O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.4.24.0\gears.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - ESC Trusted Zone: http://*.update.microsoft.com O16 - DPF: {07B71B24-4261-42F0-AD54-469ACA9C7377} (MuzFavorites Class) - http://image.muz.co.kr/activex/MuzFavo.cab O16 - DPF: {0B96BF84-DA5C-46F4-A7FC-5319CFF74163} (MnetLauncher Control) - http://player.mnet.com/package/cjmuset.cab O16 - DPF: {15C4019C-C917-4905-999A-99B4EC71B7CF} (DaumPlayerPan Class) - http://listen.daum.net/52st/DaumMPlayer/DaumMPlayer.dll O16 - DPF: {173C3614-4DAD-4772-82A6-E8BE8733CE14} (CViewManager3 Object) - http://www.mtv.co.kr/component/WM_WebInteraction.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1793C95A-F259-48E5-B914-6DC3C938EE8E} (Einsdigital VOD Web Player Control) - http://music.imbc.com/Player/OCX/p3einsvod.cab O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB O16 - DPF: {2086592C-34CB-46BC-A042-715910AFBE81} (EBSSessionCheck.SessionCheck) - http://img.ebs.co.kr/ActiveX/Session/EBSSessionCheck.CAB O16 - DPF: {2FDAF918-389E-4402-9DA1-F5348615BC30} (axMROpen Control) - http://www.dosirak.co.kr/Commons/Activex/MROpen.cab O16 - DPF: {3450032D-92DA-4033-8672-4E0A2E7C4A7C} (SliderControl Control) - http://music.imbc.com/Player/OCX/SliderControl.ocx O16 - DPF: {3942BD43-B5CE-465F-9AC3-16BA93994273} (DosirakControl Control) - http://www.dosirak.com/Commons/Activex/DosirakControl.ocx O16 - DPF: {3F0031D3-8F91-4653-8EDF-2D3E88DDDFF3} (MnS_Player) - http://music.mnshome.com/download/WAVAA_Player.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {5D9446DB-E849-4B95-9872-D0C21343ABF0} (MAWizard Class) - http://www.csafer.net/ActiveX/MASetupWizard.cab O16 - DPF: {5DAEF053-DEF0-4752-A963-CCE9B49B0B79} (Gogs Class) - http://bridge.item2.naver.com/music/cab/nbgm.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1130390787484 O16 - DPF: {67BFB996-900D-4885-91A3-63F288526F69} (DosirakControl Control) - http://www.dosirak.com/Commons/Activex/DosirakControl.cab O16 - DPF: {68253470-5D4F-4CDF-8D9C-353C14A2F013} (SVPorsche Control) - http://img.yahoo.co.kr/multi/2005/tool/pla...9/SVPorsche.cab O16 - DPF: {6A2E758A-028B-46BB-A11D-0608AB5A4ED3} (DaumBGMCtrl Class) - http://listen.daum.net/52st/bgmplayer/Daum52stBGMPlayer.cab O16 - DPF: {6DB55C83-1CBE-4D7B-AC74-318B0B1717E6} (ToonsXHanarum Control) - http://img2.manhwa.co.kr/unity_viewer/tns_...XHanarumOld.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155459271093 O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} (GomWeb Control) - http://app.gomtv.com/gom/GomWeb.cab O16 - DPF: {858033B9-13BC-4DFE-B62A-78E1FAA0DFD7} (MABugsDownload Control) - http://www.csafer.net/activex/mabugsdownload.cab O16 - DPF: {85AF9A98-3423-45E4-8BAD-85645F16AC31} (P3 Bugs VoD Loader Class) - http://player.bugs.co.kr/install/mv/p3bvset.cab O16 - DPF: {882A7CC6-0163-4BC1-8BC1-505E36C9FFA2} (MnetHelper Control) - http://www.mnet.com/Ver2/App/totalApp/maxh...r/maxhelper.cab O16 - DPF: {8DE79080-8535-4F7B-A2A0-5492A89EC18E} (SayClub & JukeOn Music Control) - http://music.imbc.com/Player/OCX/p3ed.cab O16 - DPF: {8ED577E0-25F4-4477-866B-3C572B7FB603} - http://viout.com/downloader/ViOutActive.cab O16 - DPF: {8EEB54D5-CC70-40E4-B015-AC478C02ECC8} (SLViewer Control) - http://www.ebsi.co.kr/ebs/ActiveX/SLViewer.cab O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/activex/dmcc2.c...ersion=1,0,0,10 O16 - DPF: {970E1B88-8AC1-4E31-86D6-BFA769CEF7A6} (eGSignPlus For_EBS Class) - http://www.ebs-space.co.kr/eGEBS.cab O16 - DPF: {9B75502C-BBED-4BBD-8FE2-822E5E0AD32C} (MagicLockOCX Control) - http://www.tvcf.co.kr/activx/Down_YZ/MagicLockOCX.cab O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.co.kr/install/XTools.cab O16 - DPF: {9DA9609B-9237-40D3-A66D-24FE73CE3CD0} (IB_SiteSigning.IBSiteSigning) - http://img.sbs.co.kr/vobos/site/IB_SiteSigning.CAB O16 - DPF: {A65552CC-8138-4D22-BEC8-4D0AFB2786BC} (melonset Class) - http://www.melon.com/utility/player/vod/package/melonset.cab O16 - DPF: {AF11AA64-87A5-4146-AF3B-A7BD0F278485} (SBStarter Control) - http://download.soribada.com/down/Soribada...830/SBStart.CAB O16 - DPF: {B3FE4217-1335-4D02-A7C0-9A5CE9E6640E} (MADanalCtrl Control) - http://www.ohdio.com/common/ctrl/MADanalCtrl2.cab O16 - DPF: {B7F6F3B0-F5D3-4C9D-A610-1619059CF55A} (ClickPopWeb Control) - http://activexdown.paran.com/paranactivex/data/ClickPop2.cab O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - http://cafeimg.hanmail.net/cto/xman.cab?ver=1,2,3,5 O16 - DPF: {BCEF5CDE-BAD4-4532-A30B-9D16D502DE69} (BugsInstallEx Control) - http://install.bugs.co.kr/install/BugsInstallerEx.cab O16 - DPF: {BD6BB450-7C69-43B8-96F3-689CAE57AB51} (SBSWebPlayer Class) - http://netv.sbs.co.kr/object/player/SBSWebPlayer.cab O16 - DPF: {BD6F8792-B90E-4431-B0AB-08CF414E9D35} (DamoimBGMPlayerX Control) - http://bgm.iple.com/Cab/SMMusicPlayerX.cab O16 - DPF: {BDD22343-1DF0-4983-947F-7604DD9838F8} (MagicController Control) - http://home.ebs.co.kr/wizard/contents/view...agicSpeeder.cab O16 - DPF: {BFB6D72C-1030-47E4-88A2-614ACCC92467} (MaxMp3VSet Class) - http://www.mnet.com/MaxMP3/Html/MPlayer/Mo...ge/p3mxvset.cab O16 - DPF: {C2C16510-10F4-46FE-A82C-4846435EBDEB} (p3muzset Class) - http://player.muz.co.kr/package/p3muzset.cab O16 - DPF: {C487029E-1890-487D-AFC3-DE4F59D1B035} (SBSActiveX Control) - http://toolbar.sbs.co.kr/toolbar/SBSGoreal...SBSActiveX3.cab O16 - DPF: {CD8456F2-691D-42D8-8E01-69C62934445C} (MusicLoader Control) - http://www.mnet.com/drm/PdnLoader/MusicLoader.cab O16 - DPF: {CEE326E8-7571-4086-B347-3C0ACA9A9DE8} (PcubeSet Class) - http://music.msn.co.kr/player/aod/dll/p3msnset.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {DF6B7F10-E995-4327-87CF-1300D974B82C} (EBS_TopMost.EBS_Top) - http://www.ebs.co.kr/Player/EBS.CAB O16 - DPF: {EC9B6257-B5E7-49EC-8CBB-FF5D9A8C2E5B} - http://dl.jukeon.co.kr/jukeon/jukeon2/2007...01/jukeonax.cab O16 - DPF: {F9483795-6A21-47A0-949B-77E3E8A41989} (KTHPlayerCtrl Control) - http://mbox.paran.com/mbox/cabinets/KTHPlayerCtrl.cab O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Google Update Service (gupdate1c937c9314a8175) (gupdate1c937c9314a8175) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 14114 bytes

Essexboy View Member Profile	Nov 9 2008, 06:38 AM Post #7
GeekU Moderator Posts: 18,766 From: Darkest Cornwall OS: Vista Ultimate & Windows 7	Now we will see if you have an MBR rootkit Download Dr.Web CureIt to the desktop: ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe Doubleclick the drweb-cureit.exe file and Allow to run the express scan This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan. Once the short scan has finished, mark the drives that you want to scan. Select all drives. A red dot shows which drives have been chosen. Click the green arrow at the right, and the scan will start. Click 'Yes to all' if it asks if you want to cure/move the file. When the scan has finished, in the menu, click file and choose save report list Save the report to your desktop. The report will be called DrWeb.csv Close Dr.Web Cureit.

jksl View Member Profile	Nov 9 2008, 05:00 PM Post #8
Member Posts: 11 OS: windows xp home edition	i ran drweb, but i can't attach the csv file. so, i upped it to mediafire http://www.mediafire.com/?sharekey=6593c40...2db6fb9a8902bda

Essexboy View Member Profile	Nov 10 2008, 01:21 PM Post #9
GeekU Moderator Posts: 18,766 From: Darkest Cornwall OS: Vista Ultimate & Windows 7	Well that looked OK it just killed some restore elements and parts of combofix To help with the page loading times Please download ATF Cleaner by Atribune. This program is for XP, Vista and Windows 2000 only Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu. Then on completion of the rest go for a defragmentation I will give a link at the end as it will be your final task Now the best part of the day ----- Your log now appears clean A good workman always cleans up after himself so...Download and run this small programme and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep We will now confirm that your hidden files are set to that, as some of the tools I use will change that Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select Do not show hidden files and folders. Click Yes to confirm. Click OK. Please download JavaRa to your desktop and unzip it to its own folder Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions. Accept any prompts. Open JavaRa.exe again and select Search For Updates. Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer. XP Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method: Select Start > All Programs > Accessories > System tools > System Restore. On the dialogue box that appears select Create a Restore Point Click NEXT Enter a name e.g. Clean Click CREATE You now have a clean restore point, to get rid of the bad ones: Select Start > All Programs > Accessories > System tools > Disk Cleanup. In the Drop down box that appears select your main drive e.g. C Click OK The System will do some calculation and the display a dialogue box with TABS Select the More Options Tab. At the bottom will be a system restore box with a CLEANUP button click this Accept the Warning and select OK again, the program will close and you are done Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes: SpywareBlaster to help prevent spyware from installing in the first place. SuperAntispyware Run weekly to keep your system clean It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit Secunia Software inspector To check your programme update status Microsoft Windows Update To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ? Keep safe Finally the defrgmenter programme Download and run Auslogics Free Disc Defragmenter

jksl View Member Profile	Nov 10 2008, 04:27 PM Post #10
Member Posts: 11 OS: windows xp home edition	I still have that navcancl.dll problem though if i try to access windows update from start menu. And on automatic windows update, it says i'm missing KB956390. i would install it, but it keeps failing to do so.... i can't be sure if this is some malware/trojan/virus issue or not.. If this isn't a malware or virus issue, i guess my problem is solved and thread can be closed.. Thanks for the help Essexboy computer does run a bit faster now though.

Essexboy View Member Profile	Nov 10 2008, 04:59 PM Post #11
GeekU Moderator Posts: 18,766 From: Darkest Cornwall OS: Vista Ultimate & Windows 7	Here is a direct link to the download. Download to your desktop and then run it from there let me know how it goes and whether it cures the problem LINK

jksl View Member Profile	Nov 10 2008, 05:27 PM Post #12
Member Posts: 11 OS: windows xp home edition	i tried installing, and during install there was some kind of error. it said that 'setup cannot copy ieapfltr.dat' so, i cancelled the install, just in case. Anyway, i shut off the phishing filter in IE and the navcancl thing went away. i can access windows update through start menu now. But, i still can't download that KB file, it's weird...

Essexboy View Member Profile	Nov 11 2008, 12:23 PM Post #13
GeekU Moderator Posts: 18,766 From: Darkest Cornwall OS: Vista Ultimate & Windows 7	It may be because you have SP3 and I believe that was included. So lets reset windows update and see if that cures it Lets try the Automated Windows Update Fix from Castlecops Download WUFix.zip and unzip to your desktop. Double-Click WUFix.bat to run fix. You will see a window open and commands processing. When the window closes the fix will have completed. Restart the computer. This fix will clear the proxy cache, places Windows Update sites in the Trusted Zone, places Windows Update sites in the exception list of IE Popup Blocker, starts all dependent services, registers required DLLS, empties the Windows Update temporary folder (with backup), renames the catroot2 folder, retains update history and Event log, and deletes BITS pending download queue. Once done, go back to the Windows Update Website (You must use the Microsoft Internet Explorer to do this). Check your history to see if the update is already installed.

jksl View Member Profile	Nov 11 2008, 05:02 PM Post #14
Member Posts: 11 OS: windows xp home edition	thanks for replying i followed the steps, went to check history at the windows update website with IE and it shows that update is not installed. the automatic updates pops up on the taskbar telling me this as well...

Essexboy View Member Profile	Nov 11 2008, 05:06 PM Post #15
GeekU Moderator Posts: 18,766 From: Darkest Cornwall OS: Vista Ultimate & Windows 7	Have you tried to install it ?

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

2 Pages

1 2 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal Smitfrad virus has me stumped! Please help! [RESOLVED] 12	25 / 3,867	4th July 2005 - 07:33 AM crowfoot started - last by thatman
Virus, Spyware and Trojan Removal ? about virus XMLid.Exploit, Please help! [RESOLVED]	11 / 1,325	3rd August 2005 - 05:20 PM jen147 started - last by greyknight17
Virus, Spyware and Trojan Removal Numerous Pop Ups, Win 32 virus? Please Help! [RESOLVED] 12	21 / 2,131	14th December 2007 - 03:56 PM jannah2424 started - last by Rorschach112
Virus, Spyware and Trojan Removal Virus attack, outerinfo , please help! [RESOLVED] 12	15 / 920	15th May 2008 - 07:54 AM dadpcfixer1 started - last by ScHwErV