1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

I've Contracted a Virus

Discussion in 'Virus & Other Malware Removal' started by Highdro, Mar 26, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. Highdro

    Highdro Thread Starter

    Joined:
    Apr 11, 2005
    Messages:
    145
    I logged on my computer today to see that my CA Anti-virus has been detecting infected files. I thought it stopped and deleted them, but every few hours it keeps detecting more, leading me to believe there is some sort of program running that I am not aware about.

    Any help would be appreciated. I have a HJT Log

    This is what CA Anti-Virus Found.

    3/26/2008 6:16:02 AM File infection: C:\DOCUME~1\Stevo\LOCALS~1\Temp\a18104.exe is Win32/VMalum.CCLF infection. Quarantined
    3/26/2008 6:16:02 AM File infection: C:\DOCUME~1\Stevo\LOCALS~1\Temp\a18104.exe is Win32/VMalum.CCLF infection.
    3/26/2008 6:16:02 AM File infection: C:\DOCUME~1\Stevo\LOCALS~1\Temp\a18104.exe is Win32/VMalum.CCLF infection.
    3/26/2008 6:16:02 AM File infection: C:\DOCUME~1\Stevo\LOCALS~1\Temp\a18104.exe is Win32/VMalum.CCLF infection.
    3/26/2008 6:16:02 AM File infection: C:\DOCUME~1\Stevo\LOCALS~1\Temp\a18104.exe is Win32/VMalum.CCLF infection.
    3/26/2008 6:16:02 AM File infection: C:\DOCUME~1\Stevo\LOCALS~1\Temp\a18104.exe is Win32/VMalum.CCLF infection.
    3/26/2008 6:16:02 AM File infection: C:\DOCUME~1\Stevo\LOCALS~1\Temp\a18104.exe is Win32/VMalum.CCLF infection.
    3/26/2008 6:18:43 AM File infection: C:\DOCUME~1\Stevo\LOCALS~1\Temp\a21419.exe is Win32/VMalum.CCLF infection. Quarantined
    3/26/2008 6:18:44 AM File infection: C:\DOCUME~1\Stevo\LOCALS~1\Temp\a21419.exe is Win32/VMalum.CCLF infection.
    3/26/2008 6:18:44 AM File infection: C:\DOCUME~1\Stevo\LOCALS~1\Temp\a21419.exe is Win32/VMalum.CCLF infection.
    3/26/2008 6:18:45 AM File infection: C:\DOCUME~1\Stevo\LOCALS~1\Temp\a21419.exe is Win32/VMalum.CCLF infection.
    3/26/2008 6:18:45 AM File infection: C:\DOCUME~1\Stevo\LOCALS~1\Temp\a21419.exe is Win32/VMalum.CCLF infection.
    3/26/2008 6:18:45 AM File infection: C:\DOCUME~1\Stevo\LOCALS~1\Temp\a21419.exe is Win32/VMalum.CCLF infection.
    3/26/2008 6:18:45 AM File infection: C:\DOCUME~1\Stevo\LOCALS~1\Temp\a21419.exe is Win32/VMalum.CCLF infection.
    3/26/2008 6:31:08 AM File infection: C:\Documents and Settings\Stevo\Local Settings\Temporary Internet Files\Content.IE5\DAB9P0KL\css4[1] is Win32/Chisyne.DU trojan. Deleted
    3/26/2008 6:31:08 AM File infection: C:\WINDOWS\system32\gebyy.dll is Win32/Chisyne.DU trojan. Deleted
    3/26/2008 8:21:15 AM File infection: C:\Documents and Settings\Stevo\Local Settings\Temporary Internet Files\Content.IE5\E58HA85G\css4[1] is Win32/Chisyne.DU trojan. Deleted
    3/26/2008 8:21:15 AM File infection: C:\WINDOWS\system32\ssttt.dll is Win32/Chisyne.DU trojan. Deleted
    3/26/2008 8:21:15 AM File infection: C:\WINDOWS\system32\ssttt.dll is Win32/Chisyne.DU trojan.
    3/26/2008 8:21:16 AM File infection: C:\WINDOWS\system32\ssttt.dll is Win32/Chisyne.DU trojan.
    3/26/2008 8:21:16 AM File infection: C:\WINDOWS\system32\ssttt.dll is Win32/Chisyne.DU trojan.
    3/26/2008 9:21:11 AM File infection: C:\Documents and Settings\Stevo\Local Settings\Temporary Internet Files\Content.IE5\8V908OJR\css4[1] is Win32/Chisyne.DU trojan. Deleted
    3/26/2008 9:21:11 AM File infection: C:\WINDOWS\system32\pmnnl.dll is Win32/Chisyne.DU trojan. Deleted
    3/26/2008 9:21:12 AM File infection: C:\WINDOWS\system32\pmnnl.dll is Win32/Chisyne.DU trojan.
    3/26/2008 9:21:12 AM File infection: C:\WINDOWS\system32\pmnnl.dll is Win32/Chisyne.DU trojan.
    3/26/2008 9:21:12 AM File infection: C:\WINDOWS\system32\pmnnl.dll is Win32/Chisyne.DU trojan.
    3/26/2008 9:21:12 AM File infection: C:\WINDOWS\system32\pmnnl.dll is Win32/Chisyne.DU trojan.
    3/26/2008 10:21:16 AM File infection: C:\Documents and Settings\Stevo\Local Settings\Temporary Internet Files\Content.IE5\DAB9P0KL\css4[1] is Win32/Chisyne.DU trojan. Deleted
    3/26/2008 10:21:17 AM File infection: C:\WINDOWS\system32\pmnli.dll is Win32/Chisyne.DU trojan. Deleted
    3/26/2008 10:21:17 AM File infection: C:\WINDOWS\system32\pmnli.dll is Win32/Chisyne.DU trojan.
    3/26/2008 10:21:18 AM File infection: C:\WINDOWS\system32\pmnli.dll is Win32/Chisyne.DU trojan.
    3/26/2008 10:21:18 AM File infection: C:\WINDOWS\system32\pmnli.dll is Win32/Chisyne.DU trojan.
    3/26/2008 10:21:18 AM File infection: C:\WINDOWS\system32\pmnli.dll is Win32/Chisyne.DU trojan.
    3/26/2008 11:42:54 AM File infection: C:\Documents and Settings\Stevo\Local Settings\Temporary Internet Files\Content.IE5\F6Q7HPS1\css4[1] is Win32/Chisyne.DU trojan. Deleted
    3/26/2008 11:42:55 AM File infection: C:\WINDOWS\system32\jkhfg.dll is Win32/Chisyne.DU trojan. Deleted
    3/26/2008 11:42:55 AM File infection: C:\WINDOWS\system32\jkhfg.dll is Win32/Chisyne.DU trojan.
    3/26/2008 11:42:55 AM File infection: C:\WINDOWS\system32\jkhfg.dll is Win32/Chisyne.DU trojan.
    3/26/2008 11:42:55 AM File infection: C:\WINDOWS\system32\jkhfg.dll is Win32/Chisyne.DU trojan.
    3/26/2008 12:42:57 PM File infection: C:\Documents and Settings\Stevo\Local Settings\Temporary Internet Files\Content.IE5\E58HA85G\css4[1] is Win32/Chisyne.DU trojan. Deleted
    3/26/2008 12:43:00 PM File infection: C:\WINDOWS\system32\vtsqp.dll is Win32/Chisyne.DU trojan. Deleted
    3/26/2008 12:43:00 PM File infection: C:\WINDOWS\system32\vtsqp.dll is Win32/Chisyne.DU trojan.
    3/26/2008 12:43:00 PM File infection: C:\WINDOWS\system32\vtsqp.dll is Win32/Chisyne.DU trojan.
    3/26/2008 12:43:00 PM File infection: C:\WINDOWS\system32\vtsqp.dll is Win32/Chisyne.DU trojan.
    3/26/2008 13:42:55 PM File infection: C:\Documents and Settings\Stevo\Local Settings\Temporary Internet Files\Content.IE5\DAB9P0KL\css4[1] is Win32/Chisyne.DU trojan. Deleted
    3/26/2008 13:42:57 PM File infection: C:\WINDOWS\system32\pmkji.dll is Win32/Chisyne.DU trojan. Deleted
    3/26/2008 13:42:57 PM File infection: C:\WINDOWS\system32\pmkji.dll is Win32/Chisyne.DU trojan.
    3/26/2008 13:42:57 PM File infection: C:\WINDOWS\system32\pmkji.dll is Win32/Chisyne.DU trojan.
    3/26/2008 13:42:58 PM File infection: C:\WINDOWS\system32\pmkji.dll is Win32/Chisyne.DU trojan.




    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:41:13 AM, on 3/26/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
    C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
    C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Nexon\Mabinogi\npkcmsvc.exe
    C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Gateway\EzTune\DTHtml.exe
    C:\Program Files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe
    C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.32\QOELoader.exe
    C:\Program Files\Portrait Displays\Pivot Software\floater.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\MSTpscre\Tpscrex.exe
    C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
    C:\WINDOWS\mrofinu1645.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Evidence Eliminator\Ee.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CAGlobal.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Light\CAGlobalLight.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {E9383002-FC55-4330-B9C9-67E03BC5C840} - C:\WINDOWS\system32\jkkkiii.dll
    O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CallingIDIE.dll
    O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CallingIDIE.dll
    O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
    O4 - HKLM\..\Run: [DT GWY] "C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe" -GWY
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [UsbCipHelper] C:\Program Files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe
    O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
    O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.32\QOELoader.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Tpscrex] C:\Program Files\MSTpscre\Tpscrex.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1645.exe 61A847B5BBF72813349F3D466188719AB689201522886B092CBD44BD8689220221DD3257
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Evidence Eliminator] C:\Program Files\Evidence Eliminator\ee.exe /m
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/WebfettiInitialSetup1.0.0.15-3.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O20 - Winlogon Notify: jkkkiii - C:\WINDOWS\SYSTEM32\jkkkiii.dll
    O23 - Service: 1784-PCIDS DeviceNet - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\PcidsService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
    O23 - Service: dnWhoDisp - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSLINX\dnwhodisp.exe
    O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
    O23 - Service: EmuLogix 5868 Slot1 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\\V16\EmuLogix5868.exe
    O23 - Service: EmuLogix 5868 Slot10 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
    O23 - Service: EmuLogix 5868 Slot11 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
    O23 - Service: EmuLogix 5868 Slot12 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
    O23 - Service: EmuLogix 5868 Slot13 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
    O23 - Service: EmuLogix 5868 Slot14 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
    O23 - Service: EmuLogix 5868 Slot15 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
    O23 - Service: EmuLogix 5868 Slot16 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
    O23 - Service: EmuLogix 5868 Slot2 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\\V16\EmuLogix5868.exe
    O23 - Service: EmuLogix 5868 Slot3 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
    O23 - Service: EmuLogix 5868 Slot4 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
    O23 - Service: EmuLogix 5868 Slot5 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
    O23 - Service: EmuLogix 5868 Slot6 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
    O23 - Service: EmuLogix 5868 Slot7 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
    O23 - Service: EmuLogix 5868 Slot8 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
    O23 - Service: EmuLogix 5868 Slot9 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
    O23 - Service: FactoryTalk Activation Service - Macrovision Corporation - C:\Program Files\Rockwell Software\FactoryTalk Activation\lmgrd.exe
    O23 - Service: Harmony - Rockwell Software Inc. - C:\PROGRA~1\ROCKWE~1\RSLINX\RSOBSERV.EXE
    O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
    O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
    O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
    O23 - Service: FactoryTalk Diagnostics Local Reader (RNADiagnosticsService) - Rockwell Automation - C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
    O23 - Service: FactoryTalk Diagnostics CE Receiver (RNADiagReceiver) - Unknown owner - C:\Program Files\Common Files\Rockwell\RNADiagReceiver.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: RSLinx Classic (RSLinx) - Rockwell Automation, Inc. - C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE
    O23 - Service: 1789-SIM Simulator Module (SimModuleService) - Unknown owner - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\SimModuleService.exe
    O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 12775 bytes
     
  2. Highdro

    Highdro Thread Starter

    Joined:
    Apr 11, 2005
    Messages:
    145
    So I've run a VundoFix and a ComboFix and I have logs for both. Although VundoFix found nothing and ComboFix did delete 4 files, I can't remember them since it overwrote the log file when I ran it a second time. I ran KillBox and deleted all temp files. And I posted a new HJT Log since it did remove O2 - BHO: (no name) - {E9383002-FC55-4330-B9C9-67E03BC5C840} - C:\WINDOWS\system32\jkkkiii.dll


    VundoFix V7.0.3

    Scan started at 2:24:26 PM 3/26/2008

    Listing files found while scanning....

    No infected files were found.


    Beginning removal...



    **********************************************************



    ComboFix 08-03-25.4 - Stevo 2008-03-26 14:58:06.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.530 [GMT -4:00]
    Running from: C:\Documents and Settings\Stevo\Desktop\ComboFix.exe

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((( Files Created from 2008-02-26 to 2008-03-26 )))))))))))))))))))))))))))))))
    .

    2008-03-26 14:24 . 2008-03-26 14:24 <DIR> d-------- C:\VundoFix Backups
    2008-03-26 11:38 . 2008-03-26 11:38 <DIR> d-------- C:\Documents and Settings\Stevo\Application Data\Turbine
    2008-03-26 11:19 . 2007-08-01 16:47 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
    2008-03-26 11:16 . 2008-03-26 11:16 <DIR> d-------- C:\Program Files\Turbine
    2008-03-26 11:12 . 2008-03-26 13:52 <DIR> d-------- C:\Documents and Settings\Stevo\Application Data\HouseCall 6.6
    2008-03-26 10:41 . 2008-03-26 10:41 <DIR> d-------- C:\Program Files\Trend Micro
    2008-03-26 09:14 . 2003-07-19 11:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
    2008-03-26 09:14 . 2005-01-03 02:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
    2008-03-26 09:13 . 2008-03-26 09:13 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
    2008-03-26 09:11 . 2008-03-26 09:11 <DIR> d-------- C:\Nexon
    2008-03-26 08:01 . 2008-03-26 11:15 <DIR> d-------- C:\Documents and Settings\Stevo\Application Data\GetRightToGo
    2008-03-26 06:04 . 2008-03-26 06:04 <DIR> d-------- C:\Program Files\ReflexiveArcade
    2008-03-24 15:36 . 2008-03-25 01:49 <DIR> d-------- C:\Program Files\Evidence Eliminator
    2008-03-24 15:36 . 2000-05-22 01:00 203,976 --a------ C:\WINDOWS\system32\RichTx32.ocx
    2008-03-24 15:36 . 1999-05-29 21:33 114,696 --a------ C:\WINDOWS\system32\Fablock6.ocx
    2008-03-24 09:20 . 1998-04-24 01:00 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
    2008-03-24 09:20 . 2007-07-12 12:52 118,784 --a------ C:\WINDOWS\system32\EEGenFn1.dll
    2008-03-24 09:20 . 2007-04-24 16:21 61,440 --a------ C:\WINDOWS\system32\Eeshellx.dll
    2008-03-24 09:20 . 2007-04-24 16:20 40,960 --a------ C:\WINDOWS\system32\eetransx.exe
    2008-03-24 09:20 . 1996-05-03 23:05 28,672 --a------ C:\WINDOWS\system32\MSGHOO32.OCX
    2008-03-21 13:49 . 2008-03-21 13:49 <DIR> d-------- C:\Documents and Settings\Stevo\Application Data\Logitech
    2008-03-21 13:47 . 2008-03-21 13:47 <DIR> d-------- C:\Program Files\Common Files\LogiShared
    2008-03-21 13:47 . 2008-03-21 13:47 127,034 -r------- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
    2008-03-21 13:45 . 2008-03-21 13:45 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
    2008-03-21 13:45 . 2008-03-21 13:45 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
    2008-03-21 13:44 . 2008-03-21 13:47 <DIR> d-------- C:\Program Files\Logitech
    2008-03-21 13:44 . 2008-03-21 13:44 <DIR> d-------- C:\Program Files\Common Files\Logitech
    2008-03-21 13:44 . 2008-03-21 13:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
    2008-03-21 13:44 . 2007-04-11 15:33 1,419,024 --a------ C:\WINDOWS\system32\WdfCoInstaller01005.dll
    2008-03-21 13:44 . 2007-04-23 04:00 163,840 --a------ C:\WINDOWS\system32\kemutb.dll
    2008-03-21 13:44 . 2007-04-23 04:00 135,168 --a------ C:\WINDOWS\system32\KemUtil.dll
    2008-03-21 13:44 . 2007-04-23 04:00 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll
    2008-03-21 13:44 . 2007-04-23 04:00 69,632 --a------ C:\WINDOWS\system32\KemXML.dll
    2008-03-21 13:44 . 2007-04-11 15:32 56,080 --a------ C:\WINDOWS\KHALMNPR.Exe
    2008-03-21 13:44 . 2007-04-11 15:32 36,112 --a------ C:\WINDOWS\system32\drivers\LMouFilt.Sys
    2008-03-21 13:44 . 2007-04-11 15:32 34,832 --a------ C:\WINDOWS\system32\drivers\LHidFilt.Sys
    2008-03-21 13:43 . 2008-03-21 13:43 <DIR> d-------- C:\Documents and Settings\Stevo\Application Data\InstallShield
    2008-03-21 13:43 . 2008-03-21 13:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
    2008-03-20 07:02 . 2008-03-20 07:03 <DIR> d-------- C:\Program Files\Westward
    2008-03-20 06:14 . 2008-03-20 07:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sandlot Games
    2008-03-18 05:09 . 2008-03-18 05:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
    2008-03-18 01:08 . 2008-03-18 02:27 393 --a------ C:\WINDOWS\WEMU500.INI
    2008-03-18 00:39 . 2008-03-18 00:39 <DIR> d-------- C:\Program Files\Common Files\OPC Foundation
    2008-03-18 00:39 . 2008-03-18 00:39 <DIR> d-------- C:\Program Files\Common Files\OMRON
    2008-03-17 23:42 . 2008-03-17 23:42 <DIR> d-------- C:\RSLogix 5000
    2008-03-17 23:36 . 2008-03-17 23:36 <DIR> d-------- C:\Program Files\RSLogix 5000 Module Profiles
    2008-03-17 23:33 . 2001-06-21 21:39 73,728 --a------ C:\WINDOWS\system32\drivers\SENTINEL.SYS
    2008-03-17 23:33 . 2001-06-21 21:39 49,664 --a------ C:\WINDOWS\system32\SNTI386.DLL
    2008-03-17 23:33 . 2001-06-21 21:39 18,432 --a------ C:\WINDOWS\system32\RNBOVDD.DLL
    2008-03-17 23:33 . 2001-06-21 21:39 9,949 --------- C:\WINDOWS\system32\SENTINEL.HLP
    2008-03-17 23:25 . 2008-03-18 00:39 172 --a------ C:\WINDOWS\Rocksoft.ini
    2008-03-17 23:20 . 2008-03-17 23:20 194 --a------ C:\WINDOWS\system32\RBDELDRV.BAT
    2008-03-17 04:20 . 2008-03-17 04:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\JollyBear
    2008-03-16 09:33 . 2004-08-04 08:00 1,689,088 --a------ C:\WINDOWS\system32\23683848.dll
    2008-03-16 09:33 . 2004-08-04 08:00 82,944 --a------ C:\WINDOWS\system32\103b9048.dll
    2008-03-13 13:01 . 2004-08-04 08:00 1,689,088 --a------ C:\WINDOWS\system32\1c66f701.dll
    2008-03-13 13:01 . 2004-08-04 08:00 1,689,088 --a------ C:\WINDOWS\system32\124f83ee.dll
    2008-03-13 13:01 . 2004-08-04 08:00 82,944 --a------ C:\WINDOWS\system32\36193800.dll
    2008-03-13 13:01 . 2004-08-04 08:00 82,944 --a------ C:\WINDOWS\system32\28fc67ae.dll
    2008-03-13 03:29 . 2004-08-04 08:00 1,689,088 --a------ C:\WINDOWS\system32\1a71a16c.dll
    2008-03-13 03:29 . 2004-08-04 08:00 82,944 --a------ C:\WINDOWS\system32\213b8686.dll
    2008-03-13 02:37 . 2008-03-13 02:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
    2008-03-13 02:32 . 2008-03-13 02:32 <DIR> d-------- C:\Program Files\GALA-NET
    2008-03-13 02:32 . 2005-08-11 15:29 73,728 --a------ C:\WINDOWS\system32\ISUSPM.cpl
    2008-03-12 05:07 . 2008-03-12 18:02 <DIR> d-------- C:\Program Files\Starcraft
    2008-03-12 05:07 . 2008-03-12 05:11 94,208 --a------ C:\WINDOWS\ScUnin.exe
    2008-03-12 05:07 . 2008-03-12 05:11 35,382 --a------ C:\WINDOWS\scunin.dat
    2008-03-12 05:07 . 2008-03-12 05:11 967 --a------ C:\WINDOWS\ScUnin.pif
    2008-03-11 16:48 . 2008-03-11 16:48 <DIR> d-------- C:\Program Files\IrfanView
    2008-03-09 08:34 . 2008-03-09 08:35 <DIR> d-------- C:\Program Files\WinPcap
    2008-03-04 02:06 . 2008-03-04 02:06 <DIR> d-------- C:\Program Files\QuickSFV
    2008-03-02 14:57 . 2008-03-02 14:57 <DIR> d-------- C:\Program Files\MSTpscre
    2008-02-29 14:47 . 2008-02-29 14:47 125 --a------ C:\ioSpecial.ini
    2008-02-29 08:54 . 2008-02-29 08:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
    2008-02-29 00:03 . 2008-02-29 08:59 <DIR> d-------- C:\Program Files\DAEMON Tools Pro
    2008-02-28 17:16 . 2008-02-28 17:22 <DIR> d-------- C:\Documents and Settings\Stevo\Application Data\Azgard

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-26 18:56 --------- d-----w C:\Documents and Settings\Stevo\Application Data\CallingID
    2008-03-26 14:31 --------- d-----w C:\Documents and Settings\Stevo\Application Data\uTorrent
    2008-03-26 10:17 --------- d-----w C:\Documents and Settings\Stevo\Application Data\GameHouse
    2008-03-26 07:55 --------- d-----w C:\Program Files\Warcraft III
    2008-03-24 14:30 --------- d-----w C:\Program Files\Common Files\Rockwell
    2008-03-21 17:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-03-18 07:51 --------- d-----w C:\Program Files\Rockwell Software
    2008-03-18 04:59 2,984 --sh--r C:\EVRSI.SYS
    2008-03-18 04:48 --------- d-----w C:\Program Files\Rockwell Automation
    2008-03-13 06:32 --------- d-----w C:\Program Files\Common Files\InstallShield
    2008-03-09 12:35 --------- d-----w C:\Program Files\Java
    2008-03-07 22:13 --------- d-----w C:\Program Files\PokerStars
    2008-02-25 12:55 --------- d-----w C:\Program Files\Windows Media Connect 2
    2008-02-24 12:50 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll
    2008-02-24 12:50 114,688 ----a-w C:\WINDOWS\system32\OpenAL32.dll
    2008-02-24 12:50 --------- d-----w C:\Program Files\OpenAL
    2008-02-24 10:53 --------- d-----w C:\Program Files\RegCure
    2008-02-24 05:28 --------- d-----w C:\Documents and Settings\Stevo\Application Data\Big Fish Games
    2008-02-22 10:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Awem
    2008-02-21 13:23 --------- d-----w C:\Documents and Settings\Stevo\Application Data\Viewpoint
    2008-02-21 07:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Go Go Gourmet
    2008-02-20 19:15 --------- d-----w C:\Program Files\QuickTime
    2008-02-20 19:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
    2008-02-20 19:12 --------- d-----w C:\Program Files\The Rosetta Stone
    2008-02-20 19:04 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-02-17 12:27 --------- d-----w C:\Documents and Settings\Stevo\Application Data\iWin
    2008-02-13 08:59 --------- d-----w C:\Documents and Settings\Stevo\Application Data\PlayFirst
    2008-02-13 08:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
    2008-02-10 03:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\CA
    2008-02-10 03:04 99,592 ----a-w C:\WINDOWS\system32\isafeif.dll
    2008-02-10 03:04 91,400 ----a-w C:\WINDOWS\system32\isafprod.dll
    2008-02-10 03:04 83,256 ----a-w C:\WINDOWS\system32\vetredir.dll
    2008-02-10 03:04 32,264 ----a-w C:\WINDOWS\system32\drivers\vetmonnt.sys
    2008-02-10 03:04 26,376 ----a-w C:\WINDOWS\system32\drivers\vet-filt.sys
    2008-02-10 03:04 21,512 ----a-w C:\WINDOWS\system32\drivers\vetfddnt.sys
    2008-02-10 03:04 21,128 ----a-w C:\WINDOWS\system32\drivers\vet-rec.sys
    2008-02-10 03:01 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-02-10 03:01 --------- d-----w C:\Program Files\Common Files\Scanner
    2008-02-10 03:01 --------- d-----w C:\Program Files\CA
    2008-02-08 05:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
    2008-02-08 05:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grey Alien Games
    2008-01-26 07:02 --------- d-----w C:\Program Files\SureThing
    2008-01-26 07:02 --------- d-----w C:\Program Files\Common Files\SureThing Shared
    2008-01-26 05:02 --------- d-----w C:\Program Files\Common Files\LightScribe
    2008-01-08 22:09 98,304 ----a-w C:\WINDOWS\system32CmdLineExt.dll
    2008-01-07 03:47 15,600 ----a-w C:\WINDOWS\gdrv.sys
    2008-01-07 01:56 62,009 ----a-w C:\WINDOWS\system32\wpfb_ati2dvag.dll
    2008-01-07 01:48 139,264 ----a-w C:\WINDOWS\War3Unin.exe
    .

    ((((((((((((((((((((((((((((( snapsh[email protected]_14.47.25.81 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-03-26 18:02:12 71,308 ----a-w C:\WINDOWS\system32\perfc009.dat
    + 2008-03-26 18:49:40 71,308 ----a-w C:\WINDOWS\system32\perfc009.dat
    - 2008-03-26 18:02:12 441,624 ----a-w C:\WINDOWS\system32\perfh009.dat
    + 2008-03-26 18:49:40 441,624 ----a-w C:\WINDOWS\system32\perfh009.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 15:18 202024]
    "Aim6"="" []
    "Evidence Eliminator"="C:\Program Files\Evidence Eliminator\ee.exe" [2007-08-06 12:06 920124]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PivotSoftware"="C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe" [2007-02-09 13:17 694008]
    "DT GWY"="C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe" [2007-10-09 18:45 81920]
    "SoundMan"="SOUNDMAN.EXE" [2005-05-17 19:48 77824 C:\WINDOWS\SOUNDMAN.EXE]
    "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
    "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328]
    "UsbCipHelper"="C:\Program Files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe" [2006-09-28 17:25 434176]
    "XboxStat"="c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 19:05 734264]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "NWEReboot"="" []
    "cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2008-02-09 23:04 181512]
    "CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2008-02-09 23:04 234760]
    "QOELOADER"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.32\QOELoader.exe" [2008-02-09 23:04 14088]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
    "Tpscrex"="C:\Program Files\MSTpscre\Tpscrex.exe" [2007-07-30 17:15 258048]
    "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 15:30 249856]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30 81920]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-03-21 13:47:43 67128]
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-03-21 13:44:15 692224]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "EnableShellExecuteHooks"= 1 (0x1)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"= C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\CIDLinkAdvisor.dll [2007-10-15 22:40 1373624]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
    "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "C:\\Program Files\\Tencent\\QQ Games\\QQGames.exe"=
    "C:\\Program Files\\AIM6\\aim6.exe"=
    "C:\\Program Files\\Rockwell Software\\RSLogix 5000\\ENU\\v16\\Bin\\RS5000.Exe"=
    "C:\\WINDOWS\\system32\\OpcEnum.exe"=
    "C:\\Program Files\\Rockwell Software\\RSLINX\\RSLINX.EXE"=
    "C:\\Program Files\\Rockwell Software\\OPCTools\\OPCTest\\opctest.exe"=
    "C:\\Program Files\\Rockwell Software\\FactoryTalk Activation\\lmgrd.exe"=
    "C:\\Program Files\\Rockwell Software\\FactoryTalk Activation\\flexsvr.exe"=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "C:\\Program Files\\Turbine\\The Lord of the Rings Online\\lotroclient.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "135:TCP"= 135:TCP:port135
    "6112:TCP"= 6112:TCP:WarcraftIII1
    "6112:UDP"= 6112:UDP:WarcraftIII2

    R1 Pivot;Pivot;C:\WINDOWS\system32\drivers\pivot.sys [2007-02-09 13:17]
    R1 VirtualBackplane;A-B Virtual Backplane;C:\WINDOWS\system32\Drivers\VirtualBackplane.sys [2007-04-18 10:32]
    R2 npkcmsvc;npkcmsvc;C:\Nexon\Mabinogi\npkcmsvc.exe [2007-08-02 12:33]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
    R3 PPCtlPriv;PPCtlPriv;"C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe" [2008-02-09 23:04]
    S2 FactoryTalk Activation Service;FactoryTalk Activation Service;C:\Program Files\Rockwell Software\FactoryTalk Activation\lmgrd.exe [2003-11-17 18:50]
    S3 1784-PCIDS DeviceNet;1784-PCIDS DeviceNet;C:\Program Files\Rockwell Software\RSLogix Emulate 5000\PcidsService.exe [2007-04-18 11:18]
    S3 ABKTCX;Rockwell Automation 1784-KTC(X) Driver;C:\WINDOWS\system32\Drivers\ABKTCX.sys [2000-05-31 19:13]
    S3 EmuLogix 5868 Slot1;EmuLogix 5868 Slot1;"C:\Program Files\Rockwell Software\RSLogix Emulate 5000\\V16\EmuLogix5868.exe" /1 []
    S3 EmuLogix 5868 Slot10;EmuLogix 5868 Slot10;"C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe" /10 []
    S3 EmuLogix 5868 Slot11;EmuLogix 5868 Slot11;"C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe" /11 []
    S3 EmuLogix 5868 Slot12;EmuLogix 5868 Slot12;"C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe" /12 []
    S3 EmuLogix 5868 Slot13;EmuLogix 5868 Slot13;"C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe" /13 []
    S3 EmuLogix 5868 Slot14;EmuLogix 5868 Slot14;"C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe" /14 []
    S3 EmuLogix 5868 Slot15;EmuLogix 5868 Slot15;"C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe" /15 []
    S3 EmuLogix 5868 Slot16;EmuLogix 5868 Slot16;"C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe" /16 []
    S3 EmuLogix 5868 Slot2;EmuLogix 5868 Slot2;"C:\Program Files\Rockwell Software\RSLogix Emulate 5000\\V16\EmuLogix5868.exe" /2 []
    S3 EmuLogix 5868 Slot3;EmuLogix 5868 Slot3;"C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe" /3 []
    S3 EmuLogix 5868 Slot4;EmuLogix 5868 Slot4;"C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe" /4 []
    S3 EmuLogix 5868 Slot5;EmuLogix 5868 Slot5;"C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe" /5 []
    S3 EmuLogix 5868 Slot6;EmuLogix 5868 Slot6;"C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe" /6 []
    S3 EmuLogix 5868 Slot7;EmuLogix 5868 Slot7;"C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe" /7 []
    S3 EmuLogix 5868 Slot8;EmuLogix 5868 Slot8;"C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe" /8 []
    S3 EmuLogix 5868 Slot9;EmuLogix 5868 Slot9;"C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe" /9 []
    S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-01-06 23:47]
    S3 pivotmou;Pivot Mouse/Pointers Filter Driver;C:\WINDOWS\System32\drivers\pivotmou.sys [2007-02-09 13:17]
    S3 RS_SS_NT;RSLinx Classic S-S SD/SD2 Device Driver;C:\WINDOWS\system32\RS_SS_NT.SYS [1999-11-10 08:27]
    S3 RsiKtControl;RsiKtControl;C:\WINDOWS\system32\RSIKT.SYS [2006-01-18 10:33]
    S3 RSSERIAL;RSLinx Classic Serial Driver;C:\WINDOWS\system32\RSSERIAL.SYS [1999-05-11 13:48]
    S3 SimModuleService;1789-SIM Simulator Module;C:\Program Files\Rockwell Software\RSLogix Emulate 5000\SimModuleService.exe [2007-04-18 10:44]

    .
    Contents of the 'Scheduled Tasks' folder
    "2008-03-12 04:16:26 C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Stevo at 10 01 PM.job"
    - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-26 15:03:47
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\explorer.exe
    -> C:\Program Files\Portrait Displays\Pivot Software\winphook.dll
    .
    Completion time: 2008-03-26 15:04:57
    ComboFix-quarantined-files.txt 2008-03-26 19:04:41
    ComboFix2.txt 2008-03-26 18:48:04
    .
    2008-03-12 11:25:35 --- E O F ---
     
  3. Highdro

    Highdro Thread Starter

    Joined:
    Apr 11, 2005
    Messages:
    145
    Heres the HJT, it was too long to put into previous post


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:08:55 PM, on 3/26/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
    C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
    C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Nexon\Mabinogi\npkcmsvc.exe
    C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe
    C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.32\QOELoader.exe
    C:\Program Files\MSTpscre\Tpscrex.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Portrait Displays\Pivot Software\floater.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
    C:\Program Files\Gateway\EzTune\DTHtml.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
    C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CAGlobal.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Light\CAGlobalLight.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CallingIDIE.dll
    O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CallingIDIE.dll
    O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
    O4 - HKLM\..\Run: [DT GWY] "C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe" -GWY
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [UsbCipHelper] C:\Program Files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe
    O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
    O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.32\QOELoader.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Tpscrex] C:\Program Files\MSTpscre\Tpscrex.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Evidence Eliminator] C:\Program Files\Evidence Eliminator\ee.exe /m
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/WebfettiInitialSetup1.0.0.15-3.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: 1784-PCIDS DeviceNet - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\PcidsService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
    O23 - Service: dnWhoDisp - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSLINX\dnwhodisp.exe
    O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
    O23 - Service: EmuLogix 5868 Slot1 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\\V16\EmuLogix5868.exe
    O23 - Service: EmuLogix 5868 Slot10 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
    O23 - Service: EmuLogix 5868 Slot11 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
    O23 - Service: EmuLogix 5868 Slot12 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
    O23 - Service: EmuLogix 5868 Slot13 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
    O23 - Service: EmuLogix 5868 Slot14 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
    O23 - Service: EmuLogix 5868 Slot15 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
    O23 - Service: EmuLogix 5868 Slot16 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
    O23 - Service: EmuLogix 5868 Slot2 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\\V16\EmuLogix5868.exe
    O23 - Service: EmuLogix 5868 Slot3 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
    O23 - Service: EmuLogix 5868 Slot4 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
    O23 - Service: EmuLogix 5868 Slot5 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
    O23 - Service: EmuLogix 5868 Slot6 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
    O23 - Service: EmuLogix 5868 Slot7 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
    O23 - Service: EmuLogix 5868 Slot8 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
    O23 - Service: EmuLogix 5868 Slot9 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
    O23 - Service: FactoryTalk Activation Service - Macrovision Corporation - C:\Program Files\Rockwell Software\FactoryTalk Activation\lmgrd.exe
    O23 - Service: Harmony - Rockwell Software Inc. - C:\PROGRA~1\ROCKWE~1\RSLINX\RSOBSERV.EXE
    O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
    O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
    O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
    O23 - Service: FactoryTalk Diagnostics Local Reader (RNADiagnosticsService) - Rockwell Automation - C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
    O23 - Service: FactoryTalk Diagnostics CE Receiver (RNADiagReceiver) - Unknown owner - C:\Program Files\Common Files\Rockwell\RNADiagReceiver.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: RSLinx Classic (RSLinx) - Rockwell Automation, Inc. - C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE
    O23 - Service: 1789-SIM Simulator Module (SimModuleService) - Unknown owner - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\SimModuleService.exe
    O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 12321 bytes
     
  4. Highdro

    Highdro Thread Starter

    Joined:
    Apr 11, 2005
    Messages:
    145
    Almost 24 without hearing about a Virus now two knew ones have shown up from my CA Anti-Virus Scan

    3/27/2008 11:11:34 AM File infection: C:\System Volume Information\_restore{4F740C3B-9A96-4B48-AF14-1355530219E9}\RP169\A0021472.exe is Win32/Matcash.CX trojan. Deleted
    3/27/2008 11:54:16 AM File infection: C:\System Volume Information\_restore{4F740C3B-9A96-4B48-AF14-1355530219E9}\RP169\A0021473.dll is Win32/Vundo.UP trojan. Deleted
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/697257

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice