HIJACK LOG, malware signs

speedaccordinly · 02-02-2008, 10:55 PM

Hey ceewi1, I got another one for you.. it states there is malware when I run the adaware scan. Here is a hijack and combo fix log. Thanks again.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:59, on 2008-02-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\PROGRA~1\NORTON~1\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.ex e
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\SSP Solutions\NetSign CAC\CrdStart.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = proxy1.monmouth.army.mil:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.Monmouth.Army.mil;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\sw g.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.5\masqform.exe -RunOnce
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.v bs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: AutoCAD LT Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: CardStart.lnk = C:\Program Files\SSP Solutions\NetSign CAC\CrdStart.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5852F5ED-8BF4-11D4-A245-0080C6F74284} (isInstalled Class) - http://monm020018.nae.ds.army.mil:80...ows-i586-p.exe
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = nae.ds.army.mil
O17 - HKLM\Software\..\Telephony: DomainName = nae.ds.army.mil
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = nae.ds.army.mil
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = nae.ds.army.mil
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\GHOSTS~2.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NetOp Helper ver. 8.00 (2005048) (NetOp Host for NT Service) - Danware Data A/S - C:\Program Files\Danware Data\NetOp Remote Control\HOST\NHOSTSVC.EXE
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NetSign AutoUpdate Service (NsAUSvc) - Litronic, Inc. - C:\Program Files\SSP Solutions\NetSign CAC\NsAUSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VPRemote Install Bootstrap Service (VPREMOTE) - Unknown owner - C:\TEMP\Clt-Inst\vpremote.exe (file missing)
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 13000 bytes

ComboFix 08-02.03.1 - Yuihong.Lee 2008-02-02 16:50:21.1 - NTFSx86
Running from: C:\Documents and Settings\yui.lee\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\8.tmp
C:\9.tmp
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://134.80.6.19:80
.
((((((((((((((((((((((((( Files Created from 2008-01-02 to 2008-02-02 )))))))))))))))))))))))))))))))
.

2008-01-31 02:52 . 2008-01-31 02:53 <DIR> d-------- C:\Zip
2008-01-31 02:50 . 2001-08-17 13:53 17,792 --a------ C:\WINDOWS\system32\drivers\ppa.sys
2008-01-31 02:50 . 2001-08-17 13:53 17,792 --a--c--- C:\WINDOWS\system32\dllcache\ppa.sys
2008-01-27 17:03 . 2008-01-27 17:03 <DIR> d--h----- C:\Documents and Settings\yui.lee\Application Data\GTek
2008-01-27 17:03 . 2008-01-27 17:03 <DIR> d-------- C:\Documents and Settings\localshark\Application Data\Gtek
2008-01-27 17:03 . 2008-01-27 17:03 <DIR> d-------- C:\Documents and Settings\Default User\Application Data\Gtek
2008-01-27 17:03 . 2008-01-27 17:03 <DIR> d-------- C:\Documents and Settings\dcats\Application Data\Gtek
2008-01-27 17:02 . 2008-01-27 17:03 <DIR> d-------- C:\Program Files\Linksys EasyLink Advisor
2008-01-27 17:02 . 2008-01-27 17:04 <DIR> d-ah----- C:\Documents and Settings\All Users\Application Data\GTek
2008-01-26 10:08 . 2008-01-26 10:08 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-26 10:08 . 2008-01-26 10:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-26 10:07 . 2008-01-26 10:07 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-12 13:14 . 2008-01-12 13:18 3,128 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-12 13:00 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-01-12 13:00 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-01-12 13:00 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-12 13:00 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-12 13:00 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-02-02 15:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-02 15:55 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-01 20:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-01-31 07:38 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-31 07:36 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-01-11 03:13 --------- d-----w C:\Program Files\Spyware Doctor
2007-12-28 19:08 --------- d-----w C:\Program Files\Trend Micro
2007-12-26 02:52 --------- d-----w C:\Program Files\Common Files\AOL
2007-12-14 16:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2004-03-10 22:15 32 --sha-w C:\WINDOWS\{1E44662E-2818-4316-BD30-5A277E05CB0F}.dat
2004-03-10 22:16 32 --sha-w C:\WINDOWS\{2B9198DD-3F6F-4C4E-B055-CC5CB413C2FE}.dat
2004-03-10 22:17 32 --sha-w C:\WINDOWS\{6AF94781-B607-4DFF-8858-676326E9ECFE}.dat
2004-03-10 22:15 32 --sha-w C:\WINDOWS\{8EF1032F-F8C1-4EA2-B727-F15317DD79D9}.dat
2004-03-10 22:17 32 --sha-w C:\WINDOWS\{CBCFBA5C-3E17-4C7B-8E63-4A5F2623A565}.dat
2004-03-10 22:15 32 --sha-w C:\WINDOWS\{F7E34CF0-8946-4EC5-A22D-3BDD6536637F}.dat
2004-03-10 22:15 32 --sha-w C:\WINDOWS\system32\{0C98EFC5-50EE-4D09-BFA6-3B55AE7EA158}.dat
2004-03-10 22:17 32 --sha-w C:\WINDOWS\system32\{5DF43A34-0663-427F-A4FC-1F1775A40385}.dat
2004-03-10 22:16 32 --sha-w C:\WINDOWS\system32\{66AB61C6-1CC4-4ECB-A32D-CF7B9C8342EF}.dat
2004-03-10 22:15 32 --sha-w C:\WINDOWS\system32\{AD7201A0-2293-4FC8-A316-9AA00D1BD2B3}.dat
2004-03-10 22:15 32 --sha-w C:\WINDOWS\system32\{F5369D90-38DE-4289-B1BF-1922BCD212CC}.dat
2004-03-10 22:17 32 --sha-w C:\WINDOWS\system32\{F9EBF11E-4553-46C4-8556-15CDA47044F4}.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 14:35 67112]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-07-09 20:31 68856]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 18:16 454784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-01-11 11:45 344064]
"GhostStartTrayApp"="C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe" [2002-08-14 18:21 94208]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 13:59 385024]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 15:07 49263]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 14:57 282624]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 19:26 52896]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-09-27 20:33 125168]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 20:52 483328]
"masqform.exe"="C:\Program Files\PureEdge\Viewer 6.5\masqform.exe" [2005-07-04 09:50 643072]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-10-02 16:27 1065288]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-03 23:56 53760 C:\WINDOWS\system32\narrator.exe]
"TSClientMSIUninstaller"="cmd.exe" [2004-08-03 23:56 388608 C:\WINDOWS\system32\cmd.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2006-12-20 09:40:55 25214]
AutoCAD LT Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2005-03-05 08:18:22 10872]
CardStart.lnk - C:\Program Files\SSP Solutions\NetSign CAC\CrdStart.exe [2005-08-02 19:34:48 73785]
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [2005-09-13 11:56:31 1421328]
Printkey2000.lnk - C:\Program Files\PrintKey2000\Printkey2000.exe [2004-03-10 17:49:13 869376]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2005-09-13 12:50:41 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"scforceoption"= 1 (0x1)
"LogonType"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 15:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~ 1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\group policy\state\Machine\Scripts\Shutdown\0\0]
"Script"=\\MONM607\scripts\boxoff.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script"=\\MONM607\scripts\ftmonmeo.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\group policy\state\Machine\Scripts\Startup\0\1]
"Script"=\\MONM607\scripts\scforceoptionOn.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\group policy\state\S-1-5-21-329068152-448539723-839522115-119929\Scripts\Logoff\0\0]
"Script"=\\MONM607\scripts\boxoff.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\group policy\state\S-1-5-21-329068152-448539723-839522115-119929\Scripts\Logon\0\0]
"Script"=\\MONM607\scripts\login.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\group policy\state\S-1-5-21-329068152-448539723-839522115-119929\Scripts\Logon\0\1]
"Script"=\\MONM040505\emwbatch\emwprof.bat

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2006-08-01 14:35 67112 C:\Program Files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2007-09-03 13:31 1836544 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-07-09 20:31 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"sdCoreService"=2 (0x2)
"sdAuxService"=2 (0x2)
"GoogleDesktopManager"=3 (0x3)
"aawservice"=2 (0x2)

R1 GhPciScan;GhostPciScanner;C:\Program Files\Norton SystemWorks\Norton Ghost\ghpciscan.sys [2002-08-14 18:11]
R1 NHostNT1;NetOp Driver 1 ver. 8.00 (2005048);C:\WINDOWS\system32\Drivers\NHOSTNT1.SYS [2005-02-17 07:00]
R2 CcmExec;SMS Agent Host;C:\WINDOWS\system32\CCM\CcmExec.exe [2006-02-09 01:50]
R2 NetOp Host for NT Service;NetOp Helper ver. 8.00 (2005048);"C:\Program Files\Danware Data\NetOp Remote Control\HOST\NHOSTSVC.EXE" [2005-02-17 07:00]
R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtip ci21.sys [2004-05-03 15:26]
R3 NHOSTNT3;NetOp Driver 3 ver. 8.00 (2005048) (NHOSTNT3);C:\WINDOWS\system32\Drivers\NHOSTNT3.SY S [2005-02-17 07:00]
R3 NPDriver;Norton Unerase Protection Driver;C:\WINDOWS\System32\Drivers\NPDRIVER.SYS [2002-08-14 09:03]
S0 ppa;Iomega Parallel Port Filter Driver;C:\WINDOWS\system32\DRIVERS\ppa.sys [2001-08-17 13:53]
S3 O2SCBUS;O2Micro SmartCardBus Reader;C:\WINDOWS\system32\DRIVERS\ozscr.sys [2002-11-08 16:13]
S3 prepdrvr;SMS Process Event Driver;C:\WINDOWS\system32\CCM\prepdrv.sys [2006-02-09 01:50]
S3 VPREMOTE;VPRemote Install Bootstrap Service;C:\TEMP\Clt-Inst\vpremote.exe []

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\DTSP_Launcher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{37462cd2-f648-11da-9938-0013ce0f1c8e}]
\Shell\AutoRun\command - F:\JDSecure\Windows\JDSecure31.exe

*Newly Created Service* - ERASERUTILDRV10720
.
Contents of the 'Scheduled Tasks' folder
"2008-02-02 05:44:17 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-02-01 22:30:07 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job"
- C:\Program Files\Norton SystemWorks\OBC.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-02 16:53:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-02-02 16:54:32
ComboFix-quarantined-files.txt 2008-02-02 21:54:16

**ceewi1** · 02-03-2008, 01:04 AM

I don't see anything malicious there, can you post the Ad-Aware log? To do so open up Ad-Aware and click on the Log Files button under the Status tab. Select the most recent log from the drop down menu and copy/paste the results here.

speedaccordinly · 02-03-2008, 01:50 AM

this is not malicious?
O23 - Service: VPRemote Install Bootstrap Service (VPREMOTE) - Unknown owner - C:\TEMP\Clt-Inst\vpremote.exe (file missing)

speedaccordinly · 02-03-2008, 03:33 AM

it says WIN32.TROJAN.KILLPROC

**ceewi1** · 02-03-2008, 10:05 AM

Quote:

Originally Posted by speedaccordinly

this is not malicious?
O23 - Service: VPRemote Install Bootstrap Service (VPREMOTE) - Unknown owner - C:\TEMP\Clt-Inst\vpremote.exe (file missing)

There's no file attached to it. You can fix the entry in HijackThis for cleanup purposes, but it's not malicious

Quote:

Originally Posted by speedaccordinly

it says WIN32.TROJAN.KILLPROC

Which file is showing as infected?

connersdad19 · 06-06-2008, 09:05 PM

.....ment to make a new thread.

02-02-2008, 10:55 PM	#1 (permalink)
speedaccordinly Silver Member Join Date: Apr 2006 Posts: 148	HIJACK LOG, malware signs Hey ceewi1, I got another one for you.. it states there is malware when I run the adaware scan. Here is a hijack and combo fix log. Thanks again. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:59, on 2008-02-02 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\PROGRA~1\NORTON~1\NORTON~1\GHOSTS~2.EXE C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.ex e C:\WINDOWS\system32\CCM\CcmExec.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AIM\aim.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe C:\Program Files\SSP Solutions\NetSign CAC\CrdStart.exe C:\Program Files\PrintKey2000\Printkey2000.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = proxy1.monmouth.army.mil:3128 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = .Monmouth.Army.mil;<local> R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\sw g.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.5\masqform.exe -RunOnce O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.v bs" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: AutoCAD LT Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe O4 - Global Startup: CardStart.lnk = C:\Program Files\SSP Solutions\NetSign CAC\CrdStart.exe O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5852F5ED-8BF4-11D4-A245-0080C6F74284} (isInstalled Class) - http://monm020018.nae.ds.army.mil:80...ows-i586-p.exe O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = nae.ds.army.mil O17 - HKLM\Software\..\Telephony: DomainName = nae.ds.army.mil O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = nae.ds.army.mil O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = nae.ds.army.mil O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\GHOSTS~2.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: NetOp Helper ver. 8.00 (2005048) (NetOp Host for NT Service) - Danware Data A/S - C:\Program Files\Danware Data\NetOp Remote Control\HOST\NHOSTSVC.EXE O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: NetSign AutoUpdate Service (NsAUSvc) - Litronic, Inc. - C:\Program Files\SSP Solutions\NetSign CAC\NsAUSvc.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: VPRemote Install Bootstrap Service (VPREMOTE) - Unknown owner - C:\TEMP\Clt-Inst\vpremote.exe (file missing) O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 13000 bytes ComboFix 08-02.03.1 - Yuihong.Lee 2008-02-02 16:50:21.1 - NTFSx86 Running from: C:\Documents and Settings\yui.lee\Desktop\ComboFix.exe Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\8.tmp C:\9.tmp C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ----- BITS: Possible infected sites ----- hxxp://134.80.6.19:80 . ((((((((((((((((((((((((( Files Created from 2008-01-02 to 2008-02-02 ))))))))))))))))))))))))))))))) . 2008-01-31 02:52 . 2008-01-31 02:53 <DIR> d-------- C:\Zip 2008-01-31 02:50 . 2001-08-17 13:53 17,792 --a------ C:\WINDOWS\system32\drivers\ppa.sys 2008-01-31 02:50 . 2001-08-17 13:53 17,792 --a--c--- C:\WINDOWS\system32\dllcache\ppa.sys 2008-01-27 17:03 . 2008-01-27 17:03 <DIR> d--h----- C:\Documents and Settings\yui.lee\Application Data\GTek 2008-01-27 17:03 . 2008-01-27 17:03 <DIR> d-------- C:\Documents and Settings\localshark\Application Data\Gtek 2008-01-27 17:03 . 2008-01-27 17:03 <DIR> d-------- C:\Documents and Settings\Default User\Application Data\Gtek 2008-01-27 17:03 . 2008-01-27 17:03 <DIR> d-------- C:\Documents and Settings\dcats\Application Data\Gtek 2008-01-27 17:02 . 2008-01-27 17:03 <DIR> d-------- C:\Program Files\Linksys EasyLink Advisor 2008-01-27 17:02 . 2008-01-27 17:04 <DIR> d-ah----- C:\Documents and Settings\All Users\Application Data\GTek 2008-01-26 10:08 . 2008-01-26 10:08 <DIR> d-------- C:\Program Files\Lavasoft 2008-01-26 10:08 . 2008-01-26 10:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-01-26 10:07 . 2008-01-26 10:07 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-01-12 13:14 . 2008-01-12 13:18 3,128 --a------ C:\WINDOWS\system32\tmp.reg 2008-01-12 13:00 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-01-12 13:00 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-01-12 13:00 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-01-12 13:00 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-01-12 13:00 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2008-02-02 15:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-02-02 15:55 --------- d-----w C:\Program Files\Common Files\Adobe 2008-02-01 20:00 --------- d-----w C:\Program Files\Norton Security Scan 2008-01-31 07:38 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-01-31 07:36 --------- d-----w C:\Program Files\Symantec AntiVirus 2008-01-11 03:13 --------- d-----w C:\Program Files\Spyware Doctor 2007-12-28 19:08 --------- d-----w C:\Program Files\Trend Micro 2007-12-26 02:52 --------- d-----w C:\Program Files\Common Files\AOL 2007-12-14 16:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2004-03-10 22:15 32 --sha-w C:\WINDOWS\{1E44662E-2818-4316-BD30-5A277E05CB0F}.dat 2004-03-10 22:16 32 --sha-w C:\WINDOWS\{2B9198DD-3F6F-4C4E-B055-CC5CB413C2FE}.dat 2004-03-10 22:17 32 --sha-w C:\WINDOWS\{6AF94781-B607-4DFF-8858-676326E9ECFE}.dat 2004-03-10 22:15 32 --sha-w C:\WINDOWS\{8EF1032F-F8C1-4EA2-B727-F15317DD79D9}.dat 2004-03-10 22:17 32 --sha-w C:\WINDOWS\{CBCFBA5C-3E17-4C7B-8E63-4A5F2623A565}.dat 2004-03-10 22:15 32 --sha-w C:\WINDOWS\{F7E34CF0-8946-4EC5-A22D-3BDD6536637F}.dat 2004-03-10 22:15 32 --sha-w C:\WINDOWS\system32\{0C98EFC5-50EE-4D09-BFA6-3B55AE7EA158}.dat 2004-03-10 22:17 32 --sha-w C:\WINDOWS\system32\{5DF43A34-0663-427F-A4FC-1F1775A40385}.dat 2004-03-10 22:16 32 --sha-w C:\WINDOWS\system32\{66AB61C6-1CC4-4ECB-A32D-CF7B9C8342EF}.dat 2004-03-10 22:15 32 --sha-w C:\WINDOWS\system32\{AD7201A0-2293-4FC8-A316-9AA00D1BD2B3}.dat 2004-03-10 22:15 32 --sha-w C:\WINDOWS\system32\{F5369D90-38DE-4289-B1BF-1922BCD212CC}.dat 2004-03-10 22:17 32 --sha-w C:\WINDOWS\system32\{F9EBF11E-4553-46C4-8556-15CDA47044F4}.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360] "AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 14:35 67112] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-07-09 20:31 68856] "EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 18:16 454784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-01-11 11:45 344064] "GhostStartTrayApp"="C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe" [2002-08-14 18:21 94208] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 13:59 385024] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 15:07 49263] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 14:57 282624] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 19:26 52896] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-09-27 20:33 125168] "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 20:52 483328] "masqform.exe"="C:\Program Files\PureEdge\Viewer 6.5\masqform.exe" [2005-07-04 09:50 643072] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312] "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-10-02 16:27 1065288] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2004-08-03 23:56 53760 C:\WINDOWS\system32\narrator.exe] "TSClientMSIUninstaller"="cmd.exe" [2004-08-03 23:56 388608 C:\WINDOWS\system32\cmd.exe] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2006-12-20 09:40:55 25214] AutoCAD LT Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2005-03-05 08:18:22 10872] CardStart.lnk - C:\Program Files\SSP Solutions\NetSign CAC\CrdStart.exe [2005-08-02 19:34:48 73785] Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [2005-09-13 11:56:31 1421328] Printkey2000.lnk - C:\Program Files\PrintKey2000\Printkey2000.exe [2004-03-10 17:49:13 869376] WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2005-09-13 12:50:41 118784] [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system] "scforceoption"= 1 (0x1) "LogonType"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 15:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~ 1.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\group policy\state\Machine\Scripts\Shutdown\0\0] "Script"=\\MONM607\scripts\boxoff.cmd [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\group policy\state\Machine\Scripts\Startup\0\0] "Script"=\\MONM607\scripts\ftmonmeo.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\group policy\state\Machine\Scripts\Startup\0\1] "Script"=\\MONM607\scripts\scforceoptionOn.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\group policy\state\S-1-5-21-329068152-448539723-839522115-119929\Scripts\Logoff\0\0] "Script"=\\MONM607\scripts\boxoff.cmd [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\group policy\state\S-1-5-21-329068152-448539723-839522115-119929\Scripts\Logon\0\0] "Script"=\\MONM607\scripts\login.cmd [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\group policy\state\S-1-5-21-329068152-448539723-839522115-119929\Scripts\Logon\0\1] "Script"=\\MONM040505\emwbatch\emwprof.bat [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM] --a------ 2006-08-01 14:35 67112 C:\Program Files\AIM\aim.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] --a------ 2007-09-03 13:31 1836544 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-07-09 20:31 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 (0x3) "sdCoreService"=2 (0x2) "sdAuxService"=2 (0x2) "GoogleDesktopManager"=3 (0x3) "aawservice"=2 (0x2) R1 GhPciScan;GhostPciScanner;C:\Program Files\Norton SystemWorks\Norton Ghost\ghpciscan.sys [2002-08-14 18:11] R1 NHostNT1;NetOp Driver 1 ver. 8.00 (2005048);C:\WINDOWS\system32\Drivers\NHOSTNT1.SYS [2005-02-17 07:00] R2 CcmExec;SMS Agent Host;C:\WINDOWS\system32\CCM\CcmExec.exe [2006-02-09 01:50] R2 NetOp Host for NT Service;NetOp Helper ver. 8.00 (2005048);"C:\Program Files\Danware Data\NetOp Remote Control\HOST\NHOSTSVC.EXE" [2005-02-17 07:00] R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtip ci21.sys [2004-05-03 15:26] R3 NHOSTNT3;NetOp Driver 3 ver. 8.00 (2005048) (NHOSTNT3);C:\WINDOWS\system32\Drivers\NHOSTNT3.SY S [2005-02-17 07:00] R3 NPDriver;Norton Unerase Protection Driver;C:\WINDOWS\System32\Drivers\NPDRIVER.SYS [2002-08-14 09:03] S0 ppa;Iomega Parallel Port Filter Driver;C:\WINDOWS\system32\DRIVERS\ppa.sys [2001-08-17 13:53] S3 O2SCBUS;O2Micro SmartCardBus Reader;C:\WINDOWS\system32\DRIVERS\ozscr.sys [2002-11-08 16:13] S3 prepdrvr;SMS Process Event Driver;C:\WINDOWS\system32\CCM\prepdrv.sys [2006-02-09 01:50] S3 VPREMOTE;VPRemote Install Bootstrap Service;C:\TEMP\Clt-Inst\vpremote.exe [] [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\E] \Shell\AutoRun\command - E:\DTSP_Launcher.exe [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{37462cd2-f648-11da-9938-0013ce0f1c8e}] \Shell\AutoRun\command - F:\JDSecure\Windows\JDSecure31.exe Newly Created Service - ERASERUTILDRV10720 . Contents of the 'Scheduled Tasks' folder "2008-02-02 05:44:17 C:\WINDOWS\Tasks\Norton Security Scan.job" - C:\Program Files\Norton Security Scan\Nss.exe "2008-02-01 22:30:07 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job" - C:\Program Files\Norton SystemWorks\OBC.exe . ************************************************ ******************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-02 16:53:44 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************** ********************** . Completion time: 2008-02-02 16:54:32 ComboFix-quarantined-files.txt 2008-02-02 21:54:16

02-03-2008, 01:04 AM	#2 (permalink)
ceewi1 Moderator Join Date: Dec 2005 Location: Melbourne, Australia Age: 22 Posts: 5,418	I don't see anything malicious there, can you post the Ad-Aware log? To do so open up Ad-Aware and click on the Log Files button under the Status tab. Select the most recent log from the drop down menu and copy/paste the results here. __________________ CPU: Core 2 Duo E6600 / MOBO: Gigabyte 965P-DS3 / GPU: Gigabyte HD4870 RAM: 2GB G.Skill F2-6400CL4D-2GBPK / HDD: 2TB Total HDD / PSU: Antec NeoPower 480W Cheap PSUs - 2% of system costs, responsible for 28% of system deaths As Sealed Stick was removed, lost or damaged, it shall be out of warranty validity. - The "Warranty void if removed" sticker on numerous CoolerMaster PSUs. Useful PSU Guides

06-06-2008, 09:05 PM	#6 (permalink)
connersdad19 Silver Member Join Date: Nov 2007 Location: Nelsonville, Ohio Age: 23 Posts: 108	Not sure what to do... .....ment to make a new thread.

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
hijack log for my friend. please help..	speedaccordinly	Computer Security	6	01-10-2008 10:22 AM
computer crashing - hijack this log	supercoop06	Computer Security	0	12-02-2006 10:59 PM
Malware Hijack This Log!!!!!	M0ddingMan1a	Computer Security	46	08-14-2006 06:40 AM
hijack this log -- Help please!	victorb17	Computer Security	4	11-18-2005 05:22 PM

02-03-2008, 01:50 AM	#3 (permalink)
speedaccordinly Silver Member Join Date: Apr 2006 Posts: 148	this is not malicious? O23 - Service: VPRemote Install Bootstrap Service (VPREMOTE) - Unknown owner - C:\TEMP\Clt-Inst\vpremote.exe (file missing)

02-03-2008, 03:33 AM	#4 (permalink)
speedaccordinly Silver Member Join Date: Apr 2006 Posts: 148	it says WIN32.TROJAN.KILLPROC