Winlogon Trojan...

Computing.Net > Forums > Security and Virus > Winlogon Trojan...

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Winlogon Trojan...

Name: John (by 3li5ha)
Date: May 4, 2006 at 22:49:26 Pacific
OS: XP SP1
CPU/Ram: 1.30 Ghz, 224 Mb
Product: Acer Travel Mate

Comment:

Could someone help me with removing the winlogon trojan? I'll paste the required stuff...

Sponsored Link

Ads by Google

Response Number 1

Name: jabuck
Date: May 5, 2006 at 03:41:10 Pacific

Reply:

Run this free online scan from Kaspersky http://kaspersky.com/kos/english/kavwebscan.html
Click Accept
When the updates are finished downloading, click Next, Scan Settings
Under Scan using the following antivirus database:, select extended
Make sure the Scan Archives and Scan Mail Bases options are selected as well. Click OK
Click My Computer and wait for the scan to finish
Click Save Report As. Under Save as type:, select Text file. Save this log to your Desktop and post a copy of it here.
Please post a Hijack This log so that the files associated with the virus/spyware/hijacker can be identified. You can download Hijack This at this link http://www.tomcoyote.org/hjt/ then place it into a folder of it's on, such as C:\HJT, so that back up copies can be made and not clutter your desktop or other folders and the backup copies of deleted items can be easily located if needed.
Once saved double click HijackThis.exe, and press "Scan". When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, Ctrl-A to Select All, and copy its contents into the text editor at this forum.
Do not fix anything yet unless you know what you are doing. This is a powerful tool that can crash the computer if used improperly.
Please download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ We will need it later in safe mode
Download Ewido Security Suite then set it up this way Ewido Setup Instructions We will need this later in safe mode
Download killbox to your desktop from this link Killbox We will need it later in safe mode

Response Number 2

Name: John (by 3li5ha)
Date: May 5, 2006 at 18:39:44 Pacific

Reply:

---------------------
KASPERSKY ON-LINE SCANNER REPORT
Saturday, May 06, 2006 9:35:45 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 6/05/2006
Kaspersky Anti-Virus database records: 191992
---------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 36908
Number of viruses found: 10
Number of infected objects: 48
Number of suspicious objects: 0
Duration of the scan process: 00:24:37
Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\winwkz32.dll Infected: Trojan.Win32.Agent.qt skipped
C:\WINDOWS\system32\regperf.exe Infected: Trojan-Downloader.Win32.Zlob.ni skipped
C:\WINDOWS\system32\ld8D2C.tmp Infected: Trojan-Downloader.Win32.Zlob.ni skipped
C:\WINDOWS\system32\twain32.dll Infected: not-virus:Hoax.Win32.Renos.cu skipped
C:\WINDOWS\Temp\win221.tmp.exe Infected: Trojan.Win32.Dialer.oy skipped
C:\WINDOWS\mtuninst.exe Infected: not-a-virus:AdWare.Win32.MediaTickets.u skipped
C:\Documents and Settings\Acer\Local Settings\Temp\winDB.tmp.exe Infected: Trojan.Win32.Dialer.oy skipped
C:\Documents and Settings\Acer\Local Settings\Temporary Internet Files\Content.IE5\ILBSH83Q\drsmartload[1].exe Infected: Trojan-Downloader.Win32.VB.ach skipped
C:\Documents and Settings\Acer\Local Settings\Temporary Internet Files\Content.IE5\ILBSH83Q\l11[1].exe Infected: Trojan-Downloader.Win32.Zlob.ni skipped
C:\Documents and Settings\Acer\Local Settings\Temporary Internet Files\Content.IE5\TNBFLDGE\srvcqb[1].exe Infected: Trojan.Win32.Dialer.oy skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.61 skipped
C:\Program Files\Norton AntiVirus\Quarantine\63F31A50.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton AntiVirus\Quarantine\6407163B.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton AntiVirus\Quarantine\53B01DA4.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton AntiVirus\Quarantine\4C907B74 Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton AntiVirus\Quarantine\4D65248A Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton AntiVirus\Quarantine\4D8C1C5F Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton AntiVirus\Quarantine\5E3B2202 Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton AntiVirus\Quarantine\67F07154 Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Program Files\Norton AntiVirus\Quarantine\67F41B50 Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Program Files\Norton AntiVirus\Quarantine\4467668A Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
D:\Compaq Backup\Split 5 White\My documents\Black\5CP Class Design\Faiz 5CP Class Design\T-SHIRT\folder.htt Infected: Virus.VBS.Redlof.a skipped
D:\Compaq Backup\Split 5 White\Downloads\Mozilla Firefox Downloads\winzip100.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 5 White\Downloads\Mozilla Firefox Downloads\DivXPlayerInstaller.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 5 White\Downloads\Mozilla Firefox Downloads\rminstall.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 5 White\Downloads\Mozilla Firefox Downloads\iview397.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 5 White\Downloads\Mozilla Firefox Downloads\INSTALL_MSN_MESSENGER_9X.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 5 White\Downloads\Mozilla Firefox Downloads\wrar351.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 5 White\Downloads\Mozilla Firefox Downloads\IE 6 and Updates\ie6setup.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 5 White\Downloads\Mozilla Firefox Downloads\IE 6 and Updates\Q831167.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 5 White\Downloads\Millacious\pacemaker.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 5 White\Downloads\Millacious\PowerPointView97.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 5 White\Downloads\Millacious\LeosLyricsPlugin5V1.2.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 5 White\Downloads\Millacious\Firefox Setup 1.0.7.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 5 White\Downloads\Millacious\videocaster.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 5 White\Downloads\Millacious\videoeditmagic.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 5 White\Downloads\Millacious\ipod eph.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 5 White\Downloads\Millacious\WarezP2P.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 5 White\Downloads\Millacious\Playlist_Loader.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 5 White\Downloads\Millacious\opera8.5.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 5 White\Downloads\Millacious\winamp52_pro.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 1 Black\DSC-p9 Driver\USBDRVEN.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 1 Black\DSC-p9 Driver\QuickTimeFullInstaller.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 1 Black\DSC-p9 Driver\pd1000_cam_drivers\CtDrvIns.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 1 Black\DSC-p9 Driver\pd1000_cam_drivers\CtDrvStp.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 1 Black\DSC-p9 Driver\pd1000_cam_drivers\CTRUN.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 1 Black\DSC-p9 Driver\pd1000_cam_drivers\TWUNK_32.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 1 Black\Games\Cm\drivers\Tlove\Tlove\T_LOVE95.exe Infected: Virus.Win32.Parite.b skipped
Scan process completed.

Response Number 3

Name: John (by 3li5ha)
Date: May 5, 2006 at 18:41:57 Pacific

Reply:

Logfile of HijackThis v1.99.1
Scan saved at 9:37:48 AM, on 5/6/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Launch Manager\QtZgAcer.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Acer\Desktop\software\hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.exe
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe /IMEName
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe /SYNC
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {5D8844F9-1CB8-11D2-A0A0-00600859EB9F} (PatchCtl Class) - file://C:\Program Files\EA SPORTS\FIFA 2004\update.1.1\patchx2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C74030D-19A8-415B-82E5-C7D8E1EFE66E}: NameServer = 202.188.0.133 202.188.1.5
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ModuleUsage - C:\WINDOWS\system32\ir02l5do1.dll (file missing)
O20 - Winlogon Notify: winwkz32 - C:\WINDOWS\SYSTEM32\winwkz32.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Response Number 4

Name: John (by 3li5ha)
Date: May 5, 2006 at 18:46:25 Pacific

Reply:

---------------------
KASPERSKY ON-LINE SCANNER REPORT
Saturday, May 06, 2006 9:35:45 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 6/05/2006
Kaspersky Anti-Virus database records: 191992
---------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 36908
Number of viruses found: 10
Number of infected objects: 48
Number of suspicious objects: 0
Duration of the scan process: 00:24:37
Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\winwkz32.dll Infected: Trojan.Win32.Agent.qt skipped
C:\WINDOWS\system32\regperf.exe Infected: Trojan-Downloader.Win32.Zlob.ni skipped
C:\WINDOWS\system32\ld8D2C.tmp Infected: Trojan-Downloader.Win32.Zlob.ni skipped
C:\WINDOWS\system32\twain32.dll Infected: not-virus:Hoax.Win32.Renos.cu skipped
C:\WINDOWS\Temp\win221.tmp.exe Infected: Trojan.Win32.Dialer.oy skipped
C:\WINDOWS\mtuninst.exe Infected: not-a-virus:AdWare.Win32.MediaTickets.u skipped
C:\Documents and Settings\Acer\Local Settings\Temp\winDB.tmp.exe Infected: Trojan.Win32.Dialer.oy skipped
C:\Documents and Settings\Acer\Local Settings\Temporary Internet Files\Content.IE5\ILBSH83Q\drsmartload[1].exe Infected: Trojan-Downloader.Win32.VB.ach skipped
C:\Documents and Settings\Acer\Local Settings\Temporary Internet Files\Content.IE5\ILBSH83Q\l11[1].exe Infected: Trojan-Downloader.Win32.Zlob.ni skipped
C:\Documents and Settings\Acer\Local Settings\Temporary Internet Files\Content.IE5\TNBFLDGE\srvcqb[1].exe Infected: Trojan.Win32.Dialer.oy skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.61 skipped
C:\Program Files\Norton AntiVirus\Quarantine\63F31A50.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton AntiVirus\Quarantine\6407163B.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton AntiVirus\Quarantine\53B01DA4.exe Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton AntiVirus\Quarantine\4C907B74 Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton AntiVirus\Quarantine\4D65248A Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton AntiVirus\Quarantine\4D8C1C5F Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton AntiVirus\Quarantine\5E3B2202 Infected: Virus.Win32.Parite.b skipped
C:\Program Files\Norton AntiVirus\Quarantine\67F07154 Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Program Files\Norton AntiVirus\Quarantine\67F41B50 Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Program Files\Norton AntiVirus\Quarantine\4467668A Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
D:\Compaq Backup\Split 5 White\My documents\Black\5CP Class Design\Faiz 5CP Class Design\T-SHIRT\folder.htt Infected: Virus.VBS.Redlof.a skipped
D:\Compaq Backup\Split 5 White\Downloads\Mozilla Firefox Downloads\winzip100.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 5 White\Downloads\Mozilla Firefox Downloads\DivXPlayerInstaller.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 5 White\Downloads\Mozilla Firefox Downloads\rminstall.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 5 White\Downloads\Mozilla Firefox Downloads\iview397.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 5 White\Downloads\Mozilla Firefox Downloads\INSTALL_MSN_MESSENGER_9X.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 5 White\Downloads\Mozilla Firefox Downloads\wrar351.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 5 White\Downloads\Mozilla Firefox Downloads\IE 6 and Updates\ie6setup.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 5 White\Downloads\Mozilla Firefox Downloads\IE 6 and Updates\Q831167.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 5 White\Downloads\Millacious\pacemaker.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 5 White\Downloads\Millacious\PowerPointView97.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 5 White\Downloads\Millacious\LeosLyricsPlugin5V1.2.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 5 White\Downloads\Millacious\Firefox Setup 1.0.7.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 5 White\Downloads\Millacious\videocaster.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 5 White\Downloads\Millacious\videoeditmagic.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 5 White\Downloads\Millacious\ipod eph.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 5 White\Downloads\Millacious\WarezP2P.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 5 White\Downloads\Millacious\Playlist_Loader.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 5 White\Downloads\Millacious\opera8.5.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 5 White\Downloads\Millacious\winamp52_pro.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 1 Black\DSC-p9 Driver\USBDRVEN.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 1 Black\DSC-p9 Driver\QuickTimeFullInstaller.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 1 Black\DSC-p9 Driver\pd1000_cam_drivers\CtDrvIns.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 1 Black\DSC-p9 Driver\pd1000_cam_drivers\CtDrvStp.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 1 Black\DSC-p9 Driver\pd1000_cam_drivers\CTRUN.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 1 Black\DSC-p9 Driver\pd1000_cam_drivers\TWUNK_32.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 1 Black\Games\Cm\drivers\Tlove\Tlove\T_LOVE95.exe Infected: Virus.Win32.Parite.b skipped
Scan process completed.

Response Number 5

Name: John (by 3li5ha)
Date: May 5, 2006 at 18:55:25 Pacific

Reply:

i'm sorry about the repost... and thanks for helping out... xD

netbackup partial success launch manager PCG-7L1L winlogon 6004	update winlogon winlogon exchange winlogon nodisk
See More

Response Number 6

Name: jabuck
Date: May 5, 2006 at 19:33:29 Pacific

Reply:

Looks like you may have made a partially successful attempt to remove Look2Me. So lets check for it first.
For Look2Me Destroyer to work you will need to disable Norton's script blocking and real time protection for some of your antispyware. Do this after you have downloaded Look2ME destroyer.
Disable script blockingas so:
Start Norton AntiVirus.
If Norton AntiVirus is installed as part of Norton SystemWorks or Norton Internet Security, then start that program.
Click Options.
If you see a menu, click Norton AntiVirus.
In the left pane, click Script Blocking.
In the right pane, uncheck Enable Script Blocking (recommended).
Click OK.
Then follow the instructions here for real time protection Disable Realtime Protection
Please download Atribune's http://www.atribune.org/public-beta/Look2Me-Destroyer.exe to your desktop.
Close all windows before continuing.
Double-click Look2Me-Destroyer.exe to run it.
Put a check next to Run this program as a task.
You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
Once it's done scanning, click the Remove L2M button.
You will receive a Done Scanning message, click OK.
When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
Your computer will then shutdown.
Turn your computer back on.
Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.
If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX

Response Number 7

Name: John (by 3li5ha)
Date: May 5, 2006 at 21:28:18 Pacific

Reply:

Look2Me-Destroyer V1.0.12
Scanning for infected files.....
Scan started at 5/6/2006 12:22:12 PM
Infected! C:\WINDOWS\system32\ir02l5do1.dll
Attempting to delete infected files...
Making registry repairs.
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ModuleUsage
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{D138BB2A-EE65-4F7F-8B41-E60CCC02F195}"
HKCR\Clsid\{D138BB2A-EE65-4F7F-8B41-E60CCC02F195}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{4A153345-F214-4AFA-8A09-67AB872A2390}"
HKCR\Clsid\{4A153345-F214-4AFA-8A09-67AB872A2390}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{874B7B9D-A074-4DEB-94ED-4794F3C187CF}"
HKCR\Clsid\{874B7B9D-A074-4DEB-94ED-4794F3C187CF}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{FE59857A-1AFC-43B2-9673-34411AE2C780}"
HKCR\Clsid\{FE59857A-1AFC-43B2-9673-34411AE2C780}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{9A80D724-D198-42F9-86C7-8970031921E3}"
HKCR\Clsid\{9A80D724-D198-42F9-86C7-8970031921E3}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{E435248F-B2AD-496F-BEEF-18C0A8ED22A9}"
HKCR\Clsid\{E435248F-B2AD-496F-BEEF-18C0A8ED22A9}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{DCF78AE3-7180-4692-8F29-104D2572C2CB}"
HKCR\Clsid\{DCF78AE3-7180-4692-8F29-104D2572C2CB}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{298255CF-97A7-4847-846E-95A4254C16B2}"
HKCR\Clsid\{298255CF-97A7-4847-846E-95A4254C16B2}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{9F732ED4-05E7-4BFA-8A57-2F7583C68C2D}"
HKCR\Clsid\{9F732ED4-05E7-4BFA-8A57-2F7583C68C2D}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{05F6387F-81EB-482D-BF85-4CCDEC3F18F4}"
HKCR\Clsid\{05F6387F-81EB-482D-BF85-4CCDEC3F18F4}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{4EE9F996-521B-4341-9E34-EA36769E8BD0}"
HKCR\Clsid\{4EE9F996-521B-4341-9E34-EA36769E8BD0}
Restoring Windows certificates.
Replaced hosts file with default windows hosts file

Restoring SeDebugPrivilege for Administrators - Succeeded

Response Number 8

Name: John (by 3li5ha)
Date: May 5, 2006 at 21:29:32 Pacific

Reply:

Logfile of HijackThis v1.99.1
Scan saved at 12:26:56 PM, on 5/6/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Launch Manager\QtZgAcer.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Documents and Settings\Acer\Desktop\software\hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.exe
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe /IMEName
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe /SYNC
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {5D8844F9-1CB8-11D2-A0A0-00600859EB9F} (PatchCtl Class) - file://C:\Program Files\EA SPORTS\FIFA 2004\update.1.1\patchx2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C74030D-19A8-415B-82E5-C7D8E1EFE66E}: NameServer = 202.188.0.133 202.188.1.5
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: winwkz32 - C:\WINDOWS\SYSTEM32\winwkz32.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Response Number 9

Name: jabuck
Date: May 6, 2006 at 06:57:10 Pacific

Reply:

Looks like you killed "Look2Me", now for the other one.
Reboot into safe mode using these instructions if you need them Safe Mode
Run Ewido from safe mode and let it delete all that it finds.
Run ATF-CLeaner from safe mode. Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
Run Killbox from safe mode. Start Killbox place a tick next to [x]Delete on reboot "Press the All Files button"
Copy this whole list into the windows clipboard, all the bolded file paths below. Copy the following list of files to clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\WINDOWS\system32\winwkz32.dll
C:\WINDOWS\system32\regperf.exe
C:\WINDOWS\system32\twain32.dll
C:\WINDOWS\mtuninst.exe
C:\Program Files\mIRC\mirc.exe
Next in Killbox go to File > Paste from clipboard
"Click on the All Files button."
Next click on the button that has the red circle with the white X in the middle.
It will ask for confimation to delete the files on next reboot and ask you if you want to reboot now.
Click Yes and let the computer reboot.
Delete the contenets of C:\Program Files\Norton AntiVirus\Quarantine
If thee computer does not restart automatically just restart it manually.
Post a new Kaspersky scan and and anew HT log please.

Response Number 10

Name: John (by 3li5ha)
Date: May 6, 2006 at 08:23:41 Pacific

Reply:

---------------------
KASPERSKY ON-LINE SCANNER REPORT
Saturday, May 06, 2006 11:17:58 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 6/05/2006
Kaspersky Anti-Virus database records: 192134
---------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 39056
Number of viruses found: 4
Number of infected objects: 33
Number of suspicious objects: 0
Duration of the scan process: 00:25:10
Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\ld8AA0.tmp Infected: Trojan-Downloader.Win32.Zlob.ni skipped
C:\Documents and Settings\Acer\Local Settings\Temporary Internet Files\Content.IE5\ILBSH83Q\l11[1].exe Infected: Trojan-Downloader.Win32.Zlob.ni skipped
C:\!KillBox\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.61 skipped
C:\!KillBox\regperf.exe Infected: Trojan-Downloader.Win32.Zlob.ni skipped
C:\!KillBox\mirc.exe( 1) Infected: not-a-virus:Client-IRC.Win32.mIRC.61 skipped
C:\!KillBox\regperf.exe( 2) Infected: Trojan-Downloader.Win32.Zlob.ni skipped
D:\Compaq Backup\Split 5 White\My documents\Black\5CP Class Design\Faiz 5CP Class Design\T-SHIRT\folder.htt Infected: Virus.VBS.Redlof.a skipped
D:\Compaq Backup\Split 5 White\Downloads\Mozilla Firefox Downloads\winzip100.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 5 White\Downloads\Mozilla Firefox Downloads\DivXPlayerInstaller.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 5 White\Downloads\Mozilla Firefox Downloads\rminstall.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 5 White\Downloads\Mozilla Firefox Downloads\iview397.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 5 White\Downloads\Mozilla Firefox Downloads\INSTALL_MSN_MESSENGER_9X.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 5 White\Downloads\Mozilla Firefox Downloads\wrar351.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 5 White\Downloads\Mozilla Firefox Downloads\IE 6 and Updates\ie6setup.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 5 White\Downloads\Mozilla Firefox Downloads\IE 6 and Updates\Q831167.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 5 White\Downloads\Millacious\pacemaker.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 5 White\Downloads\Millacious\PowerPointView97.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 5 White\Downloads\Millacious\LeosLyricsPlugin5V1.2.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 5 White\Downloads\Millacious\Firefox Setup 1.0.7.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 5 White\Downloads\Millacious\videocaster.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 5 White\Downloads\Millacious\videoeditmagic.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 5 White\Downloads\Millacious\ipod eph.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 5 White\Downloads\Millacious\WarezP2P.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 5 White\Downloads\Millacious\Playlist_Loader.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 5 White\Downloads\Millacious\opera8.5.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 5 White\Downloads\Millacious\winamp52_pro.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 1 Black\DSC-p9 Driver\USBDRVEN.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 1 Black\DSC-p9 Driver\QuickTimeFullInstaller.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 1 Black\DSC-p9 Driver\pd1000_cam_drivers\CtDrvIns.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 1 Black\DSC-p9 Driver\pd1000_cam_drivers\CtDrvStp.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 1 Black\DSC-p9 Driver\pd1000_cam_drivers\CTRUN.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 1 Black\DSC-p9 Driver\pd1000_cam_drivers\TWUNK_32.exe Infected: Virus.Win32.Parite.b skipped
D:\Compaq Backup\Split 1 Black\Games\Cm\drivers\Tlove\Tlove\T_LOVE95.exe Infected: Virus.Win32.Parite.b skipped
Scan process completed.

Response Number 11

Name: John (by 3li5ha)
Date: May 6, 2006 at 08:24:21 Pacific

Reply:

Logfile of HijackThis v1.99.1
Scan saved at 11:18:32 PM, on 5/6/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Launch Manager\QtZgAcer.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Acer\Desktop\software\hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.exe
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe /IMEName
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe /SYNC
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {5D8844F9-1CB8-11D2-A0A0-00600859EB9F} (PatchCtl Class) - file://C:\Program Files\EA SPORTS\FIFA 2004\update.1.1\patchx2.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: winwkz32 - winwkz32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Response Number 12

Name: jabuck
Date: May 6, 2006 at 10:47:52 Pacific

Reply:

First make sure you have the latest update for Ewido. The are directions in response #1.
Reboot into safe mode.
Run Ht and remove this item:
O20 - Winlogon Notify: winwkz32 - winwkz32.dll (file missing)
Run Ewido from safe mode. When the scan has completed, Ewido will create a report.txt file. Click the "Save Report" button on the bottom of the screen and save the log to your desktop.
Run ATF-Cleaner from safe mode. Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
Run killbox from safe mode. Double-click on Killbox.exe to run it.
Put a tick by Standard File Kill.
In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time.
Click on the button that has the red circle with the X in the middle after you enter each file.
C:\WINDOWS\system32\ld8AA0.tmp
C:\Documents and Settings\Acer\Local Settings\Temporary Internet Files\Content.IE5\ILBSH83Q\l11[1].exe

It will ask for confimation to delete the file.
Click Yes.
Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.
Set up the computer to view hidden files by going to start>control panel>folder options>view tab>tick the circle beside "show hidden files and folders" and untick the box beside "hide extensions of known file types" and "hide protected system operating files">apply>ok.
Navigate to and delete this folder if found:
C:\Program Files\mIRC
Purge the system restor folder if you have it turned on.
For instructions on how to purge system restore click Here
To create a new restore point go Start>Run>type "msconfig" without the quotes>ok>Launch System Restore>Tick the circle beside "create a restore point">next>name it anything you wish>Create>home>restart the computer.
Reboot to normally and post the Ewido log and a new HT log.

Response Number 13

Name: John (by 3li5ha)
Date: May 6, 2006 at 23:52:20 Pacific

Reply:

ewido anti-malware - Scan report

+ Created on: 2:30:00 PM, 5/7/2006
+ Report-Checksum: 72D1523C
+ Scan result:
C:\Documents and Settings\Acer\Cookies\acer@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned without backup
C:\Documents and Settings\Acer\Cookies\acer@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned without backup
C:\Documents and Settings\Acer\Cookies\acer@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned without backup

::Report End
---------------
Logfile of HijackThis v1.99.1
Scan saved at 2:44:38 PM, on 5/7/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Launch Manager\QtZgAcer.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Administrator\Desktop\Software\Hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.exe
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe /IMEName
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe /SYNC
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {5D8844F9-1CB8-11D2-A0A0-00600859EB9F} (PatchCtl Class) - file://C:\Program Files\EA SPORTS\FIFA 2004\update.1.1\patchx2.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\Ewido anti-malware\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Response Number 14

Name: John (by 3li5ha)
Date: May 6, 2006 at 23:55:00 Pacific

Reply:

thanks allot jabuck... I can see allot of inprovement in my system... xD or maybe i still have sum things still lingering around... you think?

Response Number 15

Name: jabuck
Date: May 7, 2006 at 06:30:57 Pacific

Reply:

Your C: drive looks clean, but you have some items unchecked in msconfig so I can't be 100% sure.
You D: drive had a virus on it in the last Kaspersky scan.
Run this free online scan from Panda
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to the desktop, then copy/paste into the text editor and post it.

Response Number 16

Name: murr
Date: May 7, 2006 at 06:40:06 Pacific

Reply:

It looks fairly clean now.Make your own decision on the following entries and remove with hijackthis if you want them gone.
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
(Description: The WinAmp Agent. This puts a WinAmp icon is your system tray. It is completely unnecessary, and some viruses may hide in this file. Removing this entry will free up a small amount of system resources.)
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
(Description: Loads the System Tray icon for the WinAmp media player. Can be used to mantain file associations so programs like QuickTime and RealPlayer don't take over as default player for various media types. Available via Start -> Programs. If you don't use WinAmp constantly, removing this entry will free up some system resources. )
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
(Description: Sun Java update scheduler. Checks for updates. Not necessary. Removing this entry will free up a small amount of system resources.)
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
(Description: Intel hotkey applet. Unnecessary. Removing this will free up a small amount of system resources.)
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe
(Description: Microsoft Office startup assistant. Not necessary. Removing this entry will free up a significant amount of system resources.)
Remove these entries below with hijackthis.
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing).
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)

Sponsored Link

Ads by Google

Navadd, Howiper: browser ...

to many Symyntec log file...

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: Winlogon Trojan...

Winlogon Trojan and other problems

Summary

www.computing.net/answers/security/winlogon-trojan-and-other-problems/19899.html

Winlogon Trojan/Worm

Summary

www.computing.net/answers/security/winlogon-trojanworm/20240.html

Win2000 Prof - Winlogon, Trojan !

Summary

www.computing.net/answers/security/win2000-prof-winlogon-trojan-/10620.html

From the Geek Dictionary
PUG - A PUG is an Acronym for the term Pick Up group. PUG's almost allways consis...

Ask a Question!

Weekly Poll
What do you think of the new preview of Chrome OS?

Poll Finishes In 5 Days.
Discuss in The Lounge
Poll History

Recent Posts
Can a few people test this please?

d3d overrrider

Runnig Batch files.

Windows 7 Network share issue

Retrieve data from Active Directory

All Awaiting Reply

Tom's News
Woman Tracks Down Club Attacker on Facebook

Geolocation Functions Come to Twitter

New Craigslist Trend: Trade Sex for Rent?

Law Firm Investigates MS Over Xbox Live Bans

Amazon Charges $25 for Palm Pixi and $80 for Pre

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE