CCB-F Clock Issue
Results 1 to 11 of 11

Thread: CCB-F Clock Issue

  1. January 5th, 2009, 12:19 AM #1
    Jwoo
    Jwoo is offline Virtual Med Student
    Join Date
    Jan 2009
    Posts
    12

    CCB-F Clock Issue

    I noticed a while ago that I could not open a program because it gave me an error of
    Your system clock appears to have been set back possibly in an attempt to defeat the security system on this program . Please correct your system clock . If your clock is correct please contact the author of this program for instructions on correcting this error . Report code ( CCB-F )
    I found out that I have to set my clock ahead a month and a day, I have used many different spyware program and anti virius program and none of them have found any thing with it. I am hoping that you would be able to find something that is wrong with my computer here is my hijack log file


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:13:12 PM, on 1/4/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\arservice.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\WINDOWS\system32\lxdecoms.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Lexmark 4800 Series\lxdemon.exe
    C:\Program Files\Lexmark 4800 Series\lxdeamon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\zHotkey.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam\Quickcam.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\WhatPulse\WhatPulse.exe
    C:\Program Files\MySpace\IM\MySpaceIM.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\MySpace\IM\MySpaceIM.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Logitech\WebColct\webcolct.exe
    C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\Temporary Directory 2 for HiJackThis.zip\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\system32\SearchFilterHost.exe
    C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O1 - Hosts: 69.253.151.209 idenupdate.motorola.com
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [lxdemon.exe] "C:\Program Files\Lexmark 4800 Series\lxdemon.exe"
    O4 - HKLM\..\Run: [lxdeamon] "C:\Program Files\Lexmark 4800 Series\lxdeamon.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
    O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
    O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
    O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
    O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - blank (file missing)
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/p.../PCPitStop.CAB
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/actives.../as2stubie.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/Pog...rInstaller.CAB
    O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager...EGetPlugin.ocx
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor...fo/webscan.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/ge...nt/swflash.cab
    O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin_0.5.0.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: lxdeCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdeserv.exe
    O23 - Service: lxde_device - - C:\WINDOWS\system32\lxdecoms.exe
    O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
    O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

    --
    End of file - 13449 bytes

    Thanks for all your help

    Jay
    Reply With Quote Reply With Quote
  2. January 5th, 2009, 01:27 AM #2
    Train
    Train is offline Friend of Site Staff
    Join Date
    Apr 2000
    Location
    Sheboygan, WI
    Posts
    53,391
    Let us double check.

    Print these instructions out.

    NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to screw_you.exe

    1. Download SUPERAntiSpyware Free for Home Users:
    http://www.superantispyware.com/

    * Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    * An icon will be created on your desktop. Double-click that icon to launch the program.
    * If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
    * Close SUPERAntiSpyware.

    PHYSICALLY DISCONNECT FROM THE INTERNET

    Restart computer in Safe Mode.
    To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

    * Open SUPERAntiSpyware.
    * Under Configuration and Preferences, click the Preferences button.
    * Under [b]General and Startup" tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
    * Click the Scanning Control tab.
    * Under Scanner Options make sure the following are checked (leave all others unchecked):
    - Close browsers before scanning.
    - Scan for tracking cookies.
    - Terminate memory threats before quarantining.
    * Click the Close button to leave the control center screen.
    * Back on the main screen, under Scan for Harmful Software click Scan your computer.
    * On the left, make sure you check C:\Fixed Drive.
    * On the right, under Complete Scan, choose Perform Complete Scan.
    * Click Next to start the scan. Please be patient while it scans your computer.
    * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
    * Make sure everything has a checkmark next to it and click Next.
    * A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
    * If asked if you want to reboot, click Yes.
    * To retrieve the removal information after reboot, launch SUPERAntispyware again.
    - Click Preferences, then click the Statistics/Logs tab.
    - Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    - If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    - Please copy and paste the Scan Log results in your next reply.
    * Click Close to exit the program.
    Post SUPERAntiSpyware log.
    NOTE: Tracking cookies can be omitted from the log.

    RECONNECT TO THE INTERNET

    RESTART COMPUTER!

    2. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform full scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    RESTART COMPUTER!

    3. Download, install, and run HijackThis:
    http://www.snapfiles.com/get/hijackthis.html
    Post HijackThis log.
    Do NOT attempt to "fix" anything!


    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

    (Above layout courtesy of Broni)
    Reply With Quote Reply With Quote
  3. January 7th, 2009, 12:08 AM #3
    Jwoo
    Jwoo is offline Virtual Med Student
    Join Date
    Jan 2009
    Posts
    12
    I have done all the stuff in the previous post and here are all the log files from the scans


    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 01/05/2009 at 10:11 PM

    Application Version : 4.24.1004

    Core Rules Database Version : 3696
    Trace Rules Database Version: 1672

    Scan type : Complete Scan
    Total Scan Time : 01:12:39

    Memory items scanned : 189
    Memory threats detected : 0
    Registry items scanned : 6408
    Registry threats detected : 0
    File items scanned : 26626
    File threats detected : 134

    Adware.Tracking Cookie
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\owner@chitika[1].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\owner@focalex[1].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\owner@questionmarket[2].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\owner@realmedia[1].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\owner@dmtracker[1].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\owner@centralmediaserver[2].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\owner@coolsavings[1].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\[email protected][6].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\owner@cpvfeed[1].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\owner@eyewonder[2].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\owner@interclick[2].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\[email protected][9].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\owner@lynxtrack[2].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\owner@adinterax[2].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\[email protected][3].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\owner@specificmedia[2].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\owner@trafficmp[1].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\[email protected][4].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\owner@clickonhealth[2].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\owner@bizrate[2].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\[email protected][8].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\[email protected][7].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\owner@media6degrees[1].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\owner@tribalfusion[1].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\[email protected][11].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\owner@2o7[2].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\owner@clickbooth[1].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\[email protected][5].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\owner@trackzz[1].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\owner@collective-media[1].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\[email protected]
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\owner@optimost[1].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\owner@shawnsporn[1].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\owner@myroitracking[2].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\owner@invitemedia[2].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\owner@adultswim[1].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\[email protected][3].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\[email protected]
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\owner@serving-sys[2].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\[email protected][10].txt
    C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\[email protected][1].txt
    .adfarm1.adition.com [ C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\1m8t0wsn.default\cookies.txt ]
    .adinterax.com [ C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\1m8t0wsn.default\cookies.txt ]
    .adinterax.com [ C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\1m8t0wsn.default\cookies.txt ]
    .adinterax.com [ C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\1m8t0wsn.default\cookies.txt ]
    .adopt.euroclick.com [ C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\1m8t0wsn.default\cookies.txt ]
    .adopt.euroclick.com [ C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\1m8t0wsn.default\cookies.txt ]
    .adopt.euroclick.com [ C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\1m8t0wsn.default\cookies.txt ]
    .adopt.euroclick.com [ C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\1m8t0wsn.default\cookies.txt ]
    .centralmediaserver.com [ C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\1m8t0wsn.default\cookies.txt ]
    .centralmediaserver.com [ C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\1m8t0wsn.default\cookies.txt ]
    .centralmediaserver.com [ C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\1m8t0wsn.default\cookies.txt ]
    .centralmediaserver.com [ C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\1m8t0wsn.default\cookies.txt ]
    .centralmediaserver.com [ C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\1m8t0wsn.default\cookies.txt ]
    .collective-media.net [ C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\1m8t0wsn.default\cookies.txt ]
    .collective-media.net [ C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\1m8t0wsn.default\cookies.txt ]
    .collective-media.net [ C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\1m8t0wsn.default\cookies.txt ]
    .collective-media.net [ C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\1m8t0wsn.default\cookies.txt ]
    .dmtracker.com [ C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\1m8t0wsn.default\cookies.txt ]
    .enjoythelites.com [ C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\1m8t0wsn.default\cookies.txt ]
    .insightexpressai.com [ C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\1m8t0wsn.default\cookies.txt ]
    .insightexpressai.com [ C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\1m8t0wsn.default\cookies.txt ]
    .insightexpressai.com [ C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\1m8t0wsn.default\cookies.txt ]
    .insightexpressai.com [ C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\1m8t0wsn.default\cookies.txt ]
    .insightexpressai.com [ C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\1m8t0wsn.default\cookies.txt ]
    .interclick.com [ C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\1m8t0wsn.default\cookies.txt ]
    .interclick.com [ C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\1m8t0wsn.default\cookies.txt ]
    .kanoodle.com [ C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\1m8t0wsn.default\cookies.txt ]
    .kontera.com [ C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\1m8t0wsn.default\cookies.txt ]
    .kontera.com [ C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\1m8t0wsn.default\cookies.txt ]
    .kontera.com [ C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\1m8t0wsn.default\cookies.txt ]
    .monroecounty.gov [ C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\1m8t0wsn.default\cookies.txt ]
    .pornotube.com [ C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\1m8t0wsn.default\cookies.txt ]
    .revsci.net [ C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\1m8t0wsn.default\cookies.txt ]
    .revsci.net [ C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\1m8t0wsn.default\cookies.txt ]
    .revsci.net [ C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\1m8t0wsn.default\cookies.txt ]
    .revsci.net [ C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\1m8t0wsn.default\cookies.txt ]
    .revsci.net [ C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\1m8t0wsn.default\cookies.txt ]
    .revsci.net [ C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\1m8t0wsn.default\cookies.txt ]
    .r-kimedia.co.uk [ C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\1m8t0wsn.default\cookies.txt ]
    .specificmedia.com [ C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\1m8t0wsn.default\cookies.txt ]
    .specificmedia.com [ C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\1m8t0wsn.default\cookies.txt ]
    .tacoda.net [ C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\1m8t0wsn.default\cookies.txt ]
    .tacoda.net [ C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\1m8t0wsn.default\cookies.txt ]
    .tacoda.net [ C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\1m8t0wsn.default\cookies.txt ]
    .tacoda.net [ C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\1m8t0wsn.default\cookies.txt ]
    account.live.com [ C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\1m8t0wsn.default\cookies.txt ]
    account.live.com [ C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\1m8t0wsn.default\cookies.txt ]
    account.live.com [ C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\1m8t0wsn.default\cookies.txt ]
    adstats.cdfreaks.com [ C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\1m8t0wsn.default\cookies.txt ]
    bannerpie.com [ C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\1m8t0wsn.default\cookies.txt ]
    bannerpie.com [ C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\1m8t0wsn.default\cookies.txt ]
    banners.pictures.sprintpcs.com [ C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\1m8t0wsn.default\cookies.txt ]
    banners.pictures.sprintpcs.com [ C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\1m8t0wsn.default\cookies.txt ]
    stats.gamestop.com [ C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\1m8t0wsn.default\cookies.txt ]
    www.mediastoragecenter.com [ C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\1m8t0wsn.default\cookies.txt ]
    www.mediastoragecenter.com [ C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\1m8t0wsn.default\cookies.txt ]
    www.mediastoragecenter.com [ C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\1m8t0wsn.default\cookies.txt ]
    www.mediastoragecenter.com [ C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\1m8t0wsn.default\cookies.txt ]

    Adware.Lop-Variant
    C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\TWO SETUP MODE LOAD\LOCKS DEBUG.EXE

    Adware.Casino Games (Golden Palace Casino)
    C:\PROGRAM FILES\POGO AUTO\CASINO.EXE

    Trojan.Fake-Drop/Gen
    C:\WINDOWS\SYSTEM32\SVCPRMPT.DLL

    Rootkit.TDSServ-Trace
    C:\WINDOWS\SYSTEM32\TDSSKRAT.DAT
    Reply With Quote Reply With Quote
  4. January 7th, 2009, 12:10 AM #4
    Jwoo
    Jwoo is offline Virtual Med Student
    Join Date
    Jan 2009
    Posts
    12
    Secord Log

    Malwarebytes' Anti-Malware 1.32
    Database version: 1625
    Windows 5.1.2600 Service Pack 3

    1/6/2009 10:21:05 PM
    mbam-log-2009-01-06 (22-21-05).txt

    Scan type: Full Scan (C:\|D:\|)
    Objects scanned: 176450
    Time elapsed: 1 hour(s), 22 minute(s), 16 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 20
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 9
    Files Infected: 40

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{10125c2d-6821-4070-b24e-2e992501ad55} (Adware.Iwon) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{10125c2f-6821-4070-b24e-2e992501ad55} (Adware.Iwon) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{277e1fe0-cf65-11d3-b377-0800460222f0} (Adware.Iwon) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{6d54a7c0-c379-11d3-b377-0800460222f0} (Adware.Iwon) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{78429873-f771-11d3-ae1d-0050dac24e8f} (Adware.Iwon) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{70522fa0-4656-11d5-b0e9-0050dac24e8f} (Adware.iWon) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{70522fa0-4656-11d5-b0e9-0050dac24e8f} (Adware.iWon) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{70522fa0-4656-11d5-b0e9-0050dac24e8f} (Adware.iWon) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{70522fa1-4656-11d5-b0e9-0050dac24e8f} (Adware.iWon) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{70522fa1-4656-11d5-b0e9-0050dac24e8f} (Adware.iWon) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{70522fa1-4656-11d5-b0e9-0050dac24e8f} (Adware.iWon) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{70522fa2-4656-11d5-b0e9-0050dac24e8f} (Adware.iWon) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{70522fa2-4656-11d5-b0e9-0050dac24e8f} (Adware.iWon) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{70522fa2-4656-11d5-b0e9-0050dac24e8f} (Adware.iWon) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\Program Files\iWon (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonBar (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonBar\1.bin (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonBar\Cache (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonBar\History (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonBar\Settings (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonSlot (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonSlot\bin (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonSlot\Cache (Adware.iWon) -> Quarantined and deleted successfully.

    Files Infected:
    C:\Program Files\iWon\iWonBar\1.bin\IWONPLUGIN0PROXY.CLASS (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonBar\1.bin\NPIWON0.DLL (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonBar\Cache\026061C9 (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonBar\Cache\026062F2 (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonBar\Cache\02606350.bmp (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonBar\Cache\0260643A.bmp (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonBar\Cache\026064B7.bmp (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonBar\Cache\02606600.bmp (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonBar\Cache\0260665D.bmp (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonBar\Cache\026066BB.bmp (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonBar\Cache\02606719.bmp (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonBar\Cache\files.ini (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonBar\History\search (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonBar\Settings\prevcfg.htm (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonSlot\PM3.ico (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonSlot\bin\cpltSetp.exe (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonSlot\bin\iWonSlot.dll (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonSlot\bin\pm3.ico (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonSlot\Cache\025F166D (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonSlot\Cache\025F1C97.bin (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonSlot\Cache\025F2988.bin (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonSlot\Cache\025F360B.bin (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonSlot\Cache\025F4230.bin (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonSlot\Cache\025F42CD.bin (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonSlot\Cache\025F4415.bin (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonSlot\Cache\025F457C.bin (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonSlot\Cache\025F4676.bin (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonSlot\Cache\025F483B.bin (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonSlot\Cache\025F4983.bin (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonSlot\Cache\025F4A6E.bin (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonSlot\Cache\025F4B49.bin (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonSlot\Cache\025F578D.bin (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonSlot\Cache\025F580A.wav (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonSlot\Cache\025F5933.wav (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonSlot\Cache\025F5A3D.wav (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonSlot\Cache\025F5B94.wav (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonSlot\Cache\13396542 (Adware.iWon) -> Quarantined and deleted successfully.
    C:\Program Files\iWon\iWonSlot\Cache\files.ini (Adware.iWon) -> Quarantined and deleted successfully.
    C:\WINDOWS\hosts (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hosts (Trojan.Agent) -> Quarantined and deleted successfully.
    Reply With Quote Reply With Quote
  6. January 7th, 2009, 12:10 AM #5
    Jwoo
    Jwoo is offline Virtual Med Student
    Join Date
    Jan 2009
    Posts
    12
    Third Log


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:04:20 PM, on 1/6/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lexmark 4800 Series\lxdemon.exe
    C:\Program Files\Lexmark 4800 Series\lxdeamon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\zHotkey.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam\Quickcam.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\WhatPulse\WhatPulse.exe
    C:\Program Files\MySpace\IM\MySpaceIM.exe
    C:\Program Files\AIM\aim.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\arservice.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
    C:\WINDOWS\system32\lxdecoms.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\Program Files\MySpace\IM\MySpaceIM.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\system32\imapi.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O1 - Hosts: 69.253.151.209 idenupdate.motorola.com
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [lxdemon.exe] "C:\Program Files\Lexmark 4800 Series\lxdemon.exe"
    O4 - HKLM\..\Run: [lxdeamon] "C:\Program Files\Lexmark 4800 Series\lxdeamon.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
    O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
    O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
    O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
    O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - blank (file missing)
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/p.../PCPitStop.CAB
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/actives.../as2stubie.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/Pog...rInstaller.CAB
    O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager...EGetPlugin.ocx
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor...fo/webscan.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/ge...nt/swflash.cab
    O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin_0.5.0.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: lxdeCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdeserv.exe
    O23 - Service: lxde_device - - C:\WINDOWS\system32\lxdecoms.exe
    O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
    O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

    --
    End of file - 13383 bytes
    Reply With Quote Reply With Quote
  7. January 7th, 2009, 12:37 AM #6
    Broni's Avatar
    Broni
    Broni is offline Friend of Site Staff
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Did you make any changes to "hosts" file?
    If you didn't, or you don't know what I'm talking about...

    Download HostsXpert ( http://www.majorgeeks.com/Hoster_d4626.html ) and then follow the steps below:

    * Unzip HostsXpert.zip
    * It will create a folder named HostsXpert in whatever folder you extract it to.
    * Run HostsXpert.exe by double clicking on it.
    * click Restore MS Hosts File and then click OK.
    * Click the X to exit the program

    Post fresh HJT log.
    My Home Page
    Reply With Quote Reply With Quote
  8. January 7th, 2009, 07:54 PM #7
    Jwoo
    Jwoo is offline Virtual Med Student
    Join Date
    Jan 2009
    Posts
    12
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:53:38 PM, on 1/7/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lexmark 4800 Series\lxdemon.exe
    C:\Program Files\Lexmark 4800 Series\lxdeamon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\zHotkey.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam\Quickcam.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\WhatPulse\WhatPulse.exe
    C:\Program Files\MySpace\IM\MySpaceIM.exe
    C:\Program Files\AIM\aim.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\arservice.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
    C:\WINDOWS\system32\lxdecoms.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\Program Files\MySpace\IM\MySpaceIM.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [lxdemon.exe] "C:\Program Files\Lexmark 4800 Series\lxdemon.exe"
    O4 - HKLM\..\Run: [lxdeamon] "C:\Program Files\Lexmark 4800 Series\lxdeamon.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
    O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
    O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
    O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
    O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - blank (file missing)
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/p.../PCPitStop.CAB
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/actives.../as2stubie.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/Pog...rInstaller.CAB
    O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager...EGetPlugin.ocx
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor...fo/webscan.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/ge...nt/swflash.cab
    O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin_0.5.0.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: lxdeCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdeserv.exe
    O23 - Service: lxde_device - - C:\WINDOWS\system32\lxdecoms.exe
    O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
    O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

    --
    End of file - 13310 bytes
    Reply With Quote Reply With Quote
  9. January 7th, 2009, 08:29 PM #8
    Broni's Avatar
    Broni
    Broni is offline Friend of Site Staff
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Malware-wise, the log is clean, so let's do some housekeeping.

    *** Verify your Java version here: http://www.java.com/en/download/installed.jsp
    Update, if necessary.
    Uninstall all previous Java versions, through Add\Remove.

    *** Download, and run CTFMON-Remover: http://www.gerhard-schlager.at/en/pr...ctfmonremover/
    The CTFMON-Remover helps you removing the annoying CTFMON.EXE from your Windows operating system. The program is easy to use and displays whether the CTFMON.EXE is installed and running or not. If it was found then you can remove it within seconds. Just in case that you need the CTFMON sometime in the future there is also an option to restore the original one.
    Note:The CTFMON.EXE is among other things responsible for changing the language schema of your keyboard (e.g. for switching between the German and English keyboard layout). So in case you are using this feature you shouldn't remove or disable the CTFMON.EXE!
    NOTE. CTFMON.EXE is not a threat, but unnecessary startup, which can't be disabled in any other way.


    *** Download, and run QuickTime Killer: http://www.softpedia.com/get/System/...e-Killer.shtml
    After downloading, double click on EnGraphQuickTimeKillerInstaller.msi file.
    You may be asked to download, and install .NET Framework
    QuickTime Killer will remove QuickTime from start up and kill any running QuickTime processes. This application runs silently at start up and closes itself as soon as it takes care of QuickTime. QuickTime itself won't be removed from your computer, and will be available whenever needed.
    NOTE. QuickTime is not a threat, but unnecessary startup, which can't be disabled in any other way.

    1. Print this post out, since you won't have an access to it, at some point.

    2. Close all windows, except for HijackThis.

    3. Put a checkmark next to the following HijackThis entries (some entries will be checkmarked to disable unnecessary startups; in those cases [marked with *], no actual program will be removed):

    - O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    - *O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    - *O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    - *O4 - HKLM\..\Run: [lxdemon.exe] "C:\Program Files\Lexmark 4800 Series\lxdemon.exe"
    - *O4 - HKLM\..\Run: [lxdeamon] "C:\Program Files\Lexmark 4800 Series\lxdeamon.exe"
    - *O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    - *O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    - *O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
    - *O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    - *O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    - *O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
    - *O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
    - *O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe
    - *O4 - Global Startup: Logitech SetPoint.lnk = ?
    - *O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - blank (file missing)
    - *O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    4. Click on Fix checked button.

    5. Restart computer.

    When done.....

    Your computer is clean

    1. Download, and install CCleaner: http://www.ccleaner.com/download/builds. Get "Slim" version.
    Read CCleaner instruction here: http://www.jahewi.nl/ccleaner/ccleaner.html.
    Run CCleaner.

    2. Turn off System Restore:

    - Windows XP:
    1. Click Start.
    2. Right-click the My Computer icon, and then click Properties.
    3. Click the System Restore tab.
    4. Check "Turn off System Restore".
    5. Click Apply.
    6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
    7. Click OK.
    - Windows Vista:
    1. Click Start.
    2. Right-click the Computer icon, and then click Properties.
    3. Click on System Protection under the Tasks column on the left side
    4. Click on Continue on the "User Account Control" window that pops up
    5. Under the System Protection tab, find Available Disks
    6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
    7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
    8. Click OK

    3. Restart computer.

    4. Turn System Restore on.

    5. Make sure, Windows Updates are current.

    6. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    7. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    8. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    9. Let me know, how your computer is doing.

    NOTE If you're currently using Norton (Symantec), or McAfee security tools (antivirus/firewall), I strongly recommend switching to some other product, as soon, as your subscription expires.
    - To uninstall Norton, always use Norton Removal Tool: http://service1.symantec.com/Support...05033108162039
    - To uninstall McAfee, always use McAfee Consumer Product Removal Tool: http://majorgeeks.com/McAfee_Consume...ool_d5420.html

    Free alternatives:
    1. Firewall - Windows firewall is fine, however it offers only one way protection (inbound). Your personal data is not protected from being sent out. For an excellent two ways firewall, and an antivirus in one package, check:
    - COMODO Internet Security: http://www.comodo.com/
    - standalone free firewall - - free PC Tools Firewall Plus: http://www.pctools.com/firewall/
    2. Antivirus (use only ONE):
    - Avast! free antivirus: http://filehippo.com/download_avast_antivirus/
    - Avira free antivirus: http://www.free-av.com/en/download/index.html
    My Home Page
    Reply With Quote Reply With Quote
  11. January 7th, 2009, 11:06 PM #9
    Jwoo
    Jwoo is offline Virtual Med Student
    Join Date
    Jan 2009
    Posts
    12
    So after reading what you posted, how does this fix my clock issue with the ccb-f error???
    Reply With Quote Reply With Quote
  12. January 7th, 2009, 11:16 PM #10
    Broni's Avatar
    Broni
    Broni is offline Friend of Site Staff
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    My goal was to make sure, your computer is clean.
    Now, because in HJT forum only limited number of people can post replies, I propose, you re-post your problem in Windows XP forum, and we'll go from there.
    Include the link to this thread.
    My Home Page
    Reply With Quote Reply With Quote
  13. January 7th, 2009, 11:37 PM #11
    Train
    Train is offline Friend of Site Staff
    Join Date
    Apr 2000
    Location
    Sheboygan, WI
    Posts
    53,391
    R-click the time and select Adjust date and Time
    You can make the adjustment there.

    Also you can select the internet tab and Set your clock automatically

    http://www.microsoft.com/windowsxp/u.../setclock.mspx

    You can type time-a.nist.gov if the addresses listed do not work. That one does for me.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules