Logfile of HijackThis v1.99.1
Scan saved at 3:47:18 PM, on 7/3/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\Ati2evxx.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
D:\WINNT\System32\svchost.exe
D:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\system32\stisvc.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\system32\MsPMSPSv.exe
D:\WINNT\system32\svchost.exe
D:\Program Files\McAfee\McAfee Firewall\CPD.EXE
D:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
D:\WINNT\system32\Ati2evxx.exe
D:\WINNT\Explorer.EXE
D:\Program Files\McAfee\McAfee Firewall\CPD.EXE
D:\WINNT\SOUNDMAN.EXE
D:\progra~1\samsung\smarthru\PORTCTRL.EXE
D:\WINNT\system32\CTHELPER.EXE
D:\WINNT\system32\spool\drivers\w32x86\3\smstsb09.exe
D:\Program Files\Creative\SBLive\AudioHQ\AHQTBU.EXE
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\WINNT\system32\nsvsvc\nsvsvc.exe
D:\WINNT\system32\picsvr\picsvr.exe
D:\WINNT\system32\internat.exe
D:\WINNT\system32\wintsvsu.exe
D:\Program Files\SpywareGuard\sgbhp.exe
D:\Program Files\SpywareGuard\sgbhp.exe
D:\Program Files\StreamCast\Morpheus\Morpheus.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
D:\WINNT\system32\rundll32.exe
D:\PROGRA~1\WINZIP\winzip32.exe
C:\unzipped\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kitco.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0AD937E7-2F37-4873-A05E-548A67EF1D0E} - (no file)
O2 - BHO: FlashEnhancer Ext - {5EDB03AF-0341-4e96-9E9B-3171522E4BAF} - c:\Program Files\Fla\fla.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: FlashTEnhancer Ext - {D7E588AB-A5D9-4422-B313-22A3470F9700} - c:\Program Files\Ftk\ftk.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - D:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] D:\WINNT\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [PicasaNet] "D:\Program Files\Hello\Hello.exe" -b
O4 - HKLM\..\Run: [GW Port Controller] d:\progra~1\samsung\smarthru\PORTCTRL.EXE
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] D:\WINNT\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "D:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Samsung Taskbar Utility] D:\WINNT\system32\spool\drivers\w32x86\3\smstsb09.exe
O4 - HKLM\..\Run: [AudioHQU] D:\Program Files\Creative\SBLive\AudioHQ\AHQTBU.EXE
O4 - HKLM\..\Run: [System Toolkit] D:\Program Files\Kazaa\My Shared Folder\- 1 inch less and you are a Queen - Secrets.scr
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HydraVisionDesktopManager] D:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Nsv] D:\WINNT\system32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [picsvr] D:\WINNT\system32\picsvr\picsvr.exe
O4 - HKLM\..\Run: [tvs_b] C:\program files\tvs\tvs_b.exe
O4 - HKLM\..\Run: [FlaCPY] "C:\Program Files\Common Files\Java\flacpy.exe"
O4 - HKLM\..\Run: [FtkCPY] "C:\Program Files\Common Files\Java\ftkcpy.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [WCPS] D:\WINNT\system32\wintsvsu.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: GStartup.lnk = D:\Program Files\Common Files\GMT\GMT.exe
O8 - Extra context menu item: &Google Search - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://D:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://D:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://D:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://D:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - http://uk.trendmicro-europe.com/enterprise...usecall_pre.php (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll (file missing)
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00001015-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter15 Class) - http://netmarble.net/game/NMStarter15.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {2B3CC8B1-EC8B-4BFE-B9ED-3460E383292E} (NetpiaPIOCX Control) - http://plugin.netpia.com/oneclick/webmail/NetpiaPIOCX1.ocx
O16 - DPF: {2CDEDE2A-FBE7-4997-A9AC-EE9AD39AB378} (bulbada2 Control) - http://www.bulbada.net/bulbada2X.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} - http://www.icannnews.com/app/ST/ActiveX.ocx
O16 - DPF: {4B55FE21-325E-48D5-9B39-9B430D639EE8} (ScanFile.FileScan) - http://contentpurity.com/lvjo/ScanFile.CAB
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://hello.com/pinstall.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7d90ae0...all/xscan53.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - https://vbv.samsungcard.co.kr/XecureObject/xw50_install.cab
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro-europe.com/file_downl...eCallButton.CAB
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/...tail/DASAct.cab
O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netmarble.com/NMChatX/NMTransX.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {CD01669C-F02D-4179-ADE9-81303CC09F5C} (CCDModLoader_new Object) - http://img.clubfolder.cdnetworks.co.kr/htm...NLoader_new.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - https://vbv.samsungcard.co.kr/keycrypt/npkcx.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O20 - Winlogon Notify: nwprovau - D:\WINNT\SYSTEM32\nwprovau.dll
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINNT\system32\ati2sgag.exe
O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - D:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee Firewall - Unknown owner - D:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: McShield - Unknown owner - D:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - D:\WINNT\system32\npkcsvc.exe
O23 - Service: SpyDetectorWatcher - Unknown owner - D:\Program Files\SpyDetector\spywatcher.exe (file missing)
Full Version: Real media
Hi info2002kr,
Go to Online malware scan and submit D:\WINNT\SYSTEM32\nwprovau.dll.
Tell me the result.
Download Ad-aware SE and update it (the Globe icon, then Connect). Then click on "Perform Full System Scan". Uncheck "Search for negligible risk entries" and click on "Next". Eliminate all that Ad-aware finds.
Restart your computer after cleaning with Ad-aware and scan again. Repeat the process until no further items are found as bad.
Download SpyBot S+D.
After installing the program, click on "Search for Updates" and download what the program finds.
Click on 'Search & Destroy' and on "Check for problems". Delete what it finds.
You might want to save this page on your favorites, so you can find it again when you return. You can also click on your name and click on "Find All Posts" to find your thread.
You are using Morpheus. This is not technically malware by itself, but it installs malware in order to run properly and it opens the door for every other nasty program you can think of. I strongly recommend that you remove it. Read this article for alternatives that will provide some of the same function without the garbage: http://www.spywareinfo.com/articles/p2p/ If you opt to remove it, first use "Add/Remove Program" to remove it and any reference to Morpheus.
This is another article: http://www.cexx.org/adware.htm
And since I saw a Kazaa folder in your log, the same goes for Kazaa, first use "Add/Remove Program" to remove it and any reference to Altnet and P2P Networking. Go to your control panel, then to "Add/Remove Programs", uninstall P2P networking...If/when asked whether you also want to remove Altnet components, say "Yes".
P2P Networking is a totally useless Kazaa add-on, and it's been reported to be responsible for serious system slowdowns. You may also want to run KazaaBegone...
Check your computer with the following free anti-virus/anti-trojan products.
Housecall Anti Virus Panda Anti Virus Trojan Scan Bit Defender
And, here's the link to McAfee AVERT Stinger and instructions for use.
Be sure and put a check in the box by "Auto Clean" before you do the scan. If it finds anything that it cannot clean have it delete it or make a note of the file location, so you can delete it yourself.
After that, post a new log from HijackThis.
Please create a list of programs that can be removed using Add/Remove Programs
Start HiJackThis. Click "Config"->"Misc Tools"->"Open Uninstall Manager" ->"Save List".
Save the log to a convenient location, and copy it into this thread.
Go to Online malware scan and submit D:\WINNT\SYSTEM32\nwprovau.dll.
Tell me the result.
Download Ad-aware SE and update it (the Globe icon, then Connect). Then click on "Perform Full System Scan". Uncheck "Search for negligible risk entries" and click on "Next". Eliminate all that Ad-aware finds.
Restart your computer after cleaning with Ad-aware and scan again. Repeat the process until no further items are found as bad.
Download SpyBot S+D.
After installing the program, click on "Search for Updates" and download what the program finds.
Click on 'Search & Destroy' and on "Check for problems". Delete what it finds.
You might want to save this page on your favorites, so you can find it again when you return. You can also click on your name and click on "Find All Posts" to find your thread.
You are using Morpheus. This is not technically malware by itself, but it installs malware in order to run properly and it opens the door for every other nasty program you can think of. I strongly recommend that you remove it. Read this article for alternatives that will provide some of the same function without the garbage: http://www.spywareinfo.com/articles/p2p/ If you opt to remove it, first use "Add/Remove Program" to remove it and any reference to Morpheus.
This is another article: http://www.cexx.org/adware.htm
And since I saw a Kazaa folder in your log, the same goes for Kazaa, first use "Add/Remove Program" to remove it and any reference to Altnet and P2P Networking. Go to your control panel, then to "Add/Remove Programs", uninstall P2P networking...If/when asked whether you also want to remove Altnet components, say "Yes".
P2P Networking is a totally useless Kazaa add-on, and it's been reported to be responsible for serious system slowdowns. You may also want to run KazaaBegone...
Check your computer with the following free anti-virus/anti-trojan products.
Housecall Anti Virus Panda Anti Virus Trojan Scan Bit Defender
And, here's the link to McAfee AVERT Stinger and instructions for use.
Be sure and put a check in the box by "Auto Clean" before you do the scan. If it finds anything that it cannot clean have it delete it or make a note of the file location, so you can delete it yourself.
After that, post a new log from HijackThis.
Please create a list of programs that can be removed using Add/Remove Programs
Start HiJackThis. Click "Config"->"Misc Tools"->"Open Uninstall Manager" ->"Save List".
Save the log to a convenient location, and copy it into this thread.
Hi Bobby,
Heres what I came up with.
Nat
Logfile of HijackThis v1.99.1
Scan saved at 10:58:27 PM, on 7/3/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\Ati2evxx.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\system32\stisvc.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\system32\MsPMSPSv.exe
D:\WINNT\system32\svchost.exe
D:\Program Files\McAfee\McAfee Firewall\CPD.EXE
D:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
D:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
D:\WINNT\system32\Ati2evxx.exe
D:\WINNT\Explorer.EXE
D:\Program Files\McAfee\McAfee Firewall\CPD.EXE
D:\WINNT\SOUNDMAN.EXE
D:\progra~1\samsung\smarthru\PORTCTRL.EXE
D:\WINNT\system32\CTHELPER.EXE
D:\WINNT\system32\spool\drivers\w32x86\3\smstsb09.exe
D:\Program Files\Creative\SBLive\AudioHQ\AHQTBU.EXE
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\WINNT\system32\nsvsvc\nsvsvc.exe
D:\WINNT\system32\picsvr\picsvr.exe
D:\WINNT\system32\internat.exe
D:\WINNT\system32\wintsvsu.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\PROGRA~1\WINZIP\winzip32.exe
C:\unzipped\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kitco.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0AD937E7-2F37-4873-A05E-548A67EF1D0E} - (no file)
O2 - BHO: FlashEnhancer Ext - {5EDB03AF-0341-4e96-9E9B-3171522E4BAF} - c:\Program Files\Fla\fla.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: FlashTEnhancer Ext - {D7E588AB-A5D9-4422-B313-22A3470F9700} - c:\Program Files\Ftk\ftk.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - D:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] D:\WINNT\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [PicasaNet] "D:\Program Files\Hello\Hello.exe" -b
O4 - HKLM\..\Run: [GW Port Controller] d:\progra~1\samsung\smarthru\PORTCTRL.EXE
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] D:\WINNT\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "D:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Samsung Taskbar Utility] D:\WINNT\system32\spool\drivers\w32x86\3\smstsb09.exe
O4 - HKLM\..\Run: [AudioHQU] D:\Program Files\Creative\SBLive\AudioHQ\AHQTBU.EXE
O4 - HKLM\..\Run: [System Toolkit] D:\Program Files\Kazaa\My Shared Folder\- 1 inch less and you are a Queen - Secrets.scr
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HydraVisionDesktopManager] D:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Nsv] D:\WINNT\system32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [picsvr] D:\WINNT\system32\picsvr\picsvr.exe
O4 - HKLM\..\Run: [tvs_b] C:\program files\tvs\tvs_b.exe
O4 - HKLM\..\Run: [FlaCPY] "C:\Program Files\Common Files\Java\flacpy.exe"
O4 - HKLM\..\Run: [FtkCPY] "C:\Program Files\Common Files\Java\ftkcpy.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [WCPS] D:\WINNT\system32\wintsvsu.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: GStartup.lnk = D:\Program Files\Common Files\GMT\GMT.exe
O8 - Extra context menu item: &Google Search - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://D:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://D:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://D:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://D:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - http://uk.trendmicro-europe.com/enterprise...usecall_pre.php (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll (file missing)
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00001015-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter15 Class) - http://netmarble.net/game/NMStarter15.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {2B3CC8B1-EC8B-4BFE-B9ED-3460E383292E} (NetpiaPIOCX Control) - http://plugin.netpia.com/oneclick/webmail/NetpiaPIOCX1.ocx
O16 - DPF: {2CDEDE2A-FBE7-4997-A9AC-EE9AD39AB378} (bulbada2 Control) - http://www.bulbada.net/bulbada2X.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} - http://www.icannnews.com/app/ST/ActiveX.ocx
O16 - DPF: {4B55FE21-325E-48D5-9B39-9B430D639EE8} (ScanFile.FileScan) - http://contentpurity.com/lvjo/ScanFile.CAB
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://hello.com/pinstall.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7d90ae0...all/xscan53.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - https://vbv.samsungcard.co.kr/XecureObject/xw50_install.cab
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro-europe.com/file_downl...eCallButton.CAB
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/...tail/DASAct.cab
O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netmarble.com/NMChatX/NMTransX.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {CD01669C-F02D-4179-ADE9-81303CC09F5C} (CCDModLoader_new Object) - http://img.clubfolder.cdnetworks.co.kr/htm...NLoader_new.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - https://vbv.samsungcard.co.kr/keycrypt/npkcx.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O20 - Winlogon Notify: nwprovau - D:\WINNT\SYSTEM32\nwprovau.dll
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINNT\system32\ati2sgag.exe
O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - D:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee Firewall - Unknown owner - D:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: McShield - Unknown owner - D:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - D:\WINNT\system32\npkcsvc.exe
O23 - Service: SpyDetectorWatcher - Unknown owner - D:\Program Files\SpyDetector\spywatcher.exe (file missing)
Heres what I came up with.
Nat
Logfile of HijackThis v1.99.1
Scan saved at 10:58:27 PM, on 7/3/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\Ati2evxx.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\system32\stisvc.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\system32\MsPMSPSv.exe
D:\WINNT\system32\svchost.exe
D:\Program Files\McAfee\McAfee Firewall\CPD.EXE
D:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
D:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
D:\WINNT\system32\Ati2evxx.exe
D:\WINNT\Explorer.EXE
D:\Program Files\McAfee\McAfee Firewall\CPD.EXE
D:\WINNT\SOUNDMAN.EXE
D:\progra~1\samsung\smarthru\PORTCTRL.EXE
D:\WINNT\system32\CTHELPER.EXE
D:\WINNT\system32\spool\drivers\w32x86\3\smstsb09.exe
D:\Program Files\Creative\SBLive\AudioHQ\AHQTBU.EXE
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\WINNT\system32\nsvsvc\nsvsvc.exe
D:\WINNT\system32\picsvr\picsvr.exe
D:\WINNT\system32\internat.exe
D:\WINNT\system32\wintsvsu.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\PROGRA~1\WINZIP\winzip32.exe
C:\unzipped\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kitco.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0AD937E7-2F37-4873-A05E-548A67EF1D0E} - (no file)
O2 - BHO: FlashEnhancer Ext - {5EDB03AF-0341-4e96-9E9B-3171522E4BAF} - c:\Program Files\Fla\fla.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: FlashTEnhancer Ext - {D7E588AB-A5D9-4422-B313-22A3470F9700} - c:\Program Files\Ftk\ftk.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - D:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] D:\WINNT\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [PicasaNet] "D:\Program Files\Hello\Hello.exe" -b
O4 - HKLM\..\Run: [GW Port Controller] d:\progra~1\samsung\smarthru\PORTCTRL.EXE
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] D:\WINNT\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "D:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Samsung Taskbar Utility] D:\WINNT\system32\spool\drivers\w32x86\3\smstsb09.exe
O4 - HKLM\..\Run: [AudioHQU] D:\Program Files\Creative\SBLive\AudioHQ\AHQTBU.EXE
O4 - HKLM\..\Run: [System Toolkit] D:\Program Files\Kazaa\My Shared Folder\- 1 inch less and you are a Queen - Secrets.scr
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HydraVisionDesktopManager] D:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Nsv] D:\WINNT\system32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [picsvr] D:\WINNT\system32\picsvr\picsvr.exe
O4 - HKLM\..\Run: [tvs_b] C:\program files\tvs\tvs_b.exe
O4 - HKLM\..\Run: [FlaCPY] "C:\Program Files\Common Files\Java\flacpy.exe"
O4 - HKLM\..\Run: [FtkCPY] "C:\Program Files\Common Files\Java\ftkcpy.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [WCPS] D:\WINNT\system32\wintsvsu.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: GStartup.lnk = D:\Program Files\Common Files\GMT\GMT.exe
O8 - Extra context menu item: &Google Search - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://D:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://D:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://D:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://D:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - http://uk.trendmicro-europe.com/enterprise...usecall_pre.php (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll (file missing)
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00001015-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter15 Class) - http://netmarble.net/game/NMStarter15.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {2B3CC8B1-EC8B-4BFE-B9ED-3460E383292E} (NetpiaPIOCX Control) - http://plugin.netpia.com/oneclick/webmail/NetpiaPIOCX1.ocx
O16 - DPF: {2CDEDE2A-FBE7-4997-A9AC-EE9AD39AB378} (bulbada2 Control) - http://www.bulbada.net/bulbada2X.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} - http://www.icannnews.com/app/ST/ActiveX.ocx
O16 - DPF: {4B55FE21-325E-48D5-9B39-9B430D639EE8} (ScanFile.FileScan) - http://contentpurity.com/lvjo/ScanFile.CAB
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://hello.com/pinstall.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7d90ae0...all/xscan53.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - https://vbv.samsungcard.co.kr/XecureObject/xw50_install.cab
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro-europe.com/file_downl...eCallButton.CAB
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/...tail/DASAct.cab
O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netmarble.com/NMChatX/NMTransX.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {CD01669C-F02D-4179-ADE9-81303CC09F5C} (CCDModLoader_new Object) - http://img.clubfolder.cdnetworks.co.kr/htm...NLoader_new.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - https://vbv.samsungcard.co.kr/keycrypt/npkcx.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O20 - Winlogon Notify: nwprovau - D:\WINNT\SYSTEM32\nwprovau.dll
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINNT\system32\ati2sgag.exe
O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - D:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee Firewall - Unknown owner - D:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: McShield - Unknown owner - D:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - D:\WINNT\system32\npkcsvc.exe
O23 - Service: SpyDetectorWatcher - Unknown owner - D:\Program Files\SpyDetector\spywatcher.exe (file missing)
QUOTE (Bobbi Flekman @ Jul 3 2005, 09:44 AM)
Hi info2002kr,
Go to Online malware scan and submit D:\WINNT\SYSTEM32\nwprovau.dll.
Tell me the result.
Download Ad-aware SE and update it (the Globe icon, then Connect). Then click on "Perform Full System Scan". Uncheck "Search for negligible risk entries" and click on "Next". Eliminate all that Ad-aware finds.
Restart your computer after cleaning with Ad-aware and scan again. Repeat the process until no further items are found as bad.
Download SpyBot S+D.
After installing the program, click on "Search for Updates" and download what the program finds.
Click on 'Search & Destroy' and on "Check for problems". Delete what it finds.
You might want to save this page on your favorites, so you can find it again when you return. You can also click on your name and click on "Find All Posts" to find your thread.
You are using Morpheus. This is not technically malware by itself, but it installs malware in order to run properly and it opens the door for every other nasty program you can think of. I strongly recommend that you remove it. Read this article for alternatives that will provide some of the same function without the garbage: http://www.spywareinfo.com/articles/p2p/ If you opt to remove it, first use "Add/Remove Program" to remove it and any reference to Morpheus.
This is another article: http://www.cexx.org/adware.htm
And since I saw a Kazaa folder in your log, the same goes for Kazaa, first use "Add/Remove Program" to remove it and any reference to Altnet and P2P Networking. Go to your control panel, then to "Add/Remove Programs", uninstall P2P networking...If/when asked whether you also want to remove Altnet components, say "Yes".
P2P Networking is a totally useless Kazaa add-on, and it's been reported to be responsible for serious system slowdowns. You may also want to run KazaaBegone...
Check your computer with the following free anti-virus/anti-trojan products.
Housecall Anti Virus Panda Anti Virus Trojan Scan Bit Defender
And, here's the link to McAfee AVERT Stinger and instructions for use.
Be sure and put a check in the box by "Auto Clean" before you do the scan. If it finds anything that it cannot clean have it delete it or make a note of the file location, so you can delete it yourself.
After that, post a new log from HijackThis.
Please create a list of programs that can be removed using Add/Remove Programs
Start HiJackThis. Click "Config"->"Misc Tools"->"Open Uninstall Manager" ->"Save List".
Save the log to a convenient location, and copy it into this thread.
Go to Online malware scan and submit D:\WINNT\SYSTEM32\nwprovau.dll.
Tell me the result.
Download Ad-aware SE and update it (the Globe icon, then Connect). Then click on "Perform Full System Scan". Uncheck "Search for negligible risk entries" and click on "Next". Eliminate all that Ad-aware finds.
Restart your computer after cleaning with Ad-aware and scan again. Repeat the process until no further items are found as bad.
Download SpyBot S+D.
After installing the program, click on "Search for Updates" and download what the program finds.
Click on 'Search & Destroy' and on "Check for problems". Delete what it finds.
You might want to save this page on your favorites, so you can find it again when you return. You can also click on your name and click on "Find All Posts" to find your thread.
You are using Morpheus. This is not technically malware by itself, but it installs malware in order to run properly and it opens the door for every other nasty program you can think of. I strongly recommend that you remove it. Read this article for alternatives that will provide some of the same function without the garbage: http://www.spywareinfo.com/articles/p2p/ If you opt to remove it, first use "Add/Remove Program" to remove it and any reference to Morpheus.
This is another article: http://www.cexx.org/adware.htm
And since I saw a Kazaa folder in your log, the same goes for Kazaa, first use "Add/Remove Program" to remove it and any reference to Altnet and P2P Networking. Go to your control panel, then to "Add/Remove Programs", uninstall P2P networking...If/when asked whether you also want to remove Altnet components, say "Yes".
P2P Networking is a totally useless Kazaa add-on, and it's been reported to be responsible for serious system slowdowns. You may also want to run KazaaBegone...
Check your computer with the following free anti-virus/anti-trojan products.
Housecall Anti Virus Panda Anti Virus Trojan Scan Bit Defender
And, here's the link to McAfee AVERT Stinger and instructions for use.
Be sure and put a check in the box by "Auto Clean" before you do the scan. If it finds anything that it cannot clean have it delete it or make a note of the file location, so you can delete it yourself.
After that, post a new log from HijackThis.
Please create a list of programs that can be removed using Add/Remove Programs
Start HiJackThis. Click "Config"->"Misc Tools"->"Open Uninstall Manager" ->"Save List".
Save the log to a convenient location, and copy it into this thread.
I ran the malware scan, the status was, okay.
Nat
Nat
QUOTE (info2002kr @ Jul 3 2005, 02:05 PM)
Hi Bobby,
Heres what I came up with.
Nat
Logfile of HijackThis v1.99.1
Scan saved at 10:58:27 PM, on 7/3/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\Ati2evxx.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\system32\stisvc.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\system32\MsPMSPSv.exe
D:\WINNT\system32\svchost.exe
D:\Program Files\McAfee\McAfee Firewall\CPD.EXE
D:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
D:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
D:\WINNT\system32\Ati2evxx.exe
D:\WINNT\Explorer.EXE
D:\Program Files\McAfee\McAfee Firewall\CPD.EXE
D:\WINNT\SOUNDMAN.EXE
D:\progra~1\samsung\smarthru\PORTCTRL.EXE
D:\WINNT\system32\CTHELPER.EXE
D:\WINNT\system32\spool\drivers\w32x86\3\smstsb09.exe
D:\Program Files\Creative\SBLive\AudioHQ\AHQTBU.EXE
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\WINNT\system32\nsvsvc\nsvsvc.exe
D:\WINNT\system32\picsvr\picsvr.exe
D:\WINNT\system32\internat.exe
D:\WINNT\system32\wintsvsu.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\PROGRA~1\WINZIP\winzip32.exe
C:\unzipped\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kitco.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0AD937E7-2F37-4873-A05E-548A67EF1D0E} - (no file)
O2 - BHO: FlashEnhancer Ext - {5EDB03AF-0341-4e96-9E9B-3171522E4BAF} - c:\Program Files\Fla\fla.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: FlashTEnhancer Ext - {D7E588AB-A5D9-4422-B313-22A3470F9700} - c:\Program Files\Ftk\ftk.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - D:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] D:\WINNT\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [PicasaNet] "D:\Program Files\Hello\Hello.exe" -b
O4 - HKLM\..\Run: [GW Port Controller] d:\progra~1\samsung\smarthru\PORTCTRL.EXE
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] D:\WINNT\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "D:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Samsung Taskbar Utility] D:\WINNT\system32\spool\drivers\w32x86\3\smstsb09.exe
O4 - HKLM\..\Run: [AudioHQU] D:\Program Files\Creative\SBLive\AudioHQ\AHQTBU.EXE
O4 - HKLM\..\Run: [System Toolkit] D:\Program Files\Kazaa\My Shared Folder\- 1 inch less and you are a Queen - Secrets.scr
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HydraVisionDesktopManager] D:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Nsv] D:\WINNT\system32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [picsvr] D:\WINNT\system32\picsvr\picsvr.exe
O4 - HKLM\..\Run: [tvs_b] C:\program files\tvs\tvs_b.exe
O4 - HKLM\..\Run: [FlaCPY] "C:\Program Files\Common Files\Java\flacpy.exe"
O4 - HKLM\..\Run: [FtkCPY] "C:\Program Files\Common Files\Java\ftkcpy.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [WCPS] D:\WINNT\system32\wintsvsu.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: GStartup.lnk = D:\Program Files\Common Files\GMT\GMT.exe
O8 - Extra context menu item: &Google Search - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://D:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://D:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://D:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://D:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - http://uk.trendmicro-europe.com/enterprise...usecall_pre.php (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll (file missing)
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00001015-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter15 Class) - http://netmarble.net/game/NMStarter15.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {2B3CC8B1-EC8B-4BFE-B9ED-3460E383292E} (NetpiaPIOCX Control) - http://plugin.netpia.com/oneclick/webmail/NetpiaPIOCX1.ocx
O16 - DPF: {2CDEDE2A-FBE7-4997-A9AC-EE9AD39AB378} (bulbada2 Control) - http://www.bulbada.net/bulbada2X.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} - http://www.icannnews.com/app/ST/ActiveX.ocx
O16 - DPF: {4B55FE21-325E-48D5-9B39-9B430D639EE8} (ScanFile.FileScan) - http://contentpurity.com/lvjo/ScanFile.CAB
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://hello.com/pinstall.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7d90ae0...all/xscan53.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - https://vbv.samsungcard.co.kr/XecureObject/xw50_install.cab
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro-europe.com/file_downl...eCallButton.CAB
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/...tail/DASAct.cab
O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netmarble.com/NMChatX/NMTransX.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {CD01669C-F02D-4179-ADE9-81303CC09F5C} (CCDModLoader_new Object) - http://img.clubfolder.cdnetworks.co.kr/htm...NLoader_new.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - https://vbv.samsungcard.co.kr/keycrypt/npkcx.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O20 - Winlogon Notify: nwprovau - D:\WINNT\SYSTEM32\nwprovau.dll
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINNT\system32\ati2sgag.exe
O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - D:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee Firewall - Unknown owner - D:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: McShield - Unknown owner - D:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - D:\WINNT\system32\npkcsvc.exe
O23 - Service: SpyDetectorWatcher - Unknown owner - D:\Program Files\SpyDetector\spywatcher.exe (file missing)
Heres what I came up with.
Nat
Logfile of HijackThis v1.99.1
Scan saved at 10:58:27 PM, on 7/3/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\Ati2evxx.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\system32\stisvc.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\system32\MsPMSPSv.exe
D:\WINNT\system32\svchost.exe
D:\Program Files\McAfee\McAfee Firewall\CPD.EXE
D:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
D:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
D:\WINNT\system32\Ati2evxx.exe
D:\WINNT\Explorer.EXE
D:\Program Files\McAfee\McAfee Firewall\CPD.EXE
D:\WINNT\SOUNDMAN.EXE
D:\progra~1\samsung\smarthru\PORTCTRL.EXE
D:\WINNT\system32\CTHELPER.EXE
D:\WINNT\system32\spool\drivers\w32x86\3\smstsb09.exe
D:\Program Files\Creative\SBLive\AudioHQ\AHQTBU.EXE
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\WINNT\system32\nsvsvc\nsvsvc.exe
D:\WINNT\system32\picsvr\picsvr.exe
D:\WINNT\system32\internat.exe
D:\WINNT\system32\wintsvsu.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\PROGRA~1\WINZIP\winzip32.exe
C:\unzipped\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kitco.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0AD937E7-2F37-4873-A05E-548A67EF1D0E} - (no file)
O2 - BHO: FlashEnhancer Ext - {5EDB03AF-0341-4e96-9E9B-3171522E4BAF} - c:\Program Files\Fla\fla.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: FlashTEnhancer Ext - {D7E588AB-A5D9-4422-B313-22A3470F9700} - c:\Program Files\Ftk\ftk.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - D:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] D:\WINNT\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [PicasaNet] "D:\Program Files\Hello\Hello.exe" -b
O4 - HKLM\..\Run: [GW Port Controller] d:\progra~1\samsung\smarthru\PORTCTRL.EXE
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] D:\WINNT\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "D:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Samsung Taskbar Utility] D:\WINNT\system32\spool\drivers\w32x86\3\smstsb09.exe
O4 - HKLM\..\Run: [AudioHQU] D:\Program Files\Creative\SBLive\AudioHQ\AHQTBU.EXE
O4 - HKLM\..\Run: [System Toolkit] D:\Program Files\Kazaa\My Shared Folder\- 1 inch less and you are a Queen - Secrets.scr
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HydraVisionDesktopManager] D:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Nsv] D:\WINNT\system32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [picsvr] D:\WINNT\system32\picsvr\picsvr.exe
O4 - HKLM\..\Run: [tvs_b] C:\program files\tvs\tvs_b.exe
O4 - HKLM\..\Run: [FlaCPY] "C:\Program Files\Common Files\Java\flacpy.exe"
O4 - HKLM\..\Run: [FtkCPY] "C:\Program Files\Common Files\Java\ftkcpy.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [WCPS] D:\WINNT\system32\wintsvsu.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: GStartup.lnk = D:\Program Files\Common Files\GMT\GMT.exe
O8 - Extra context menu item: &Google Search - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://D:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://D:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://D:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://D:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - http://uk.trendmicro-europe.com/enterprise...usecall_pre.php (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll (file missing)
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00001015-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter15 Class) - http://netmarble.net/game/NMStarter15.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {2B3CC8B1-EC8B-4BFE-B9ED-3460E383292E} (NetpiaPIOCX Control) - http://plugin.netpia.com/oneclick/webmail/NetpiaPIOCX1.ocx
O16 - DPF: {2CDEDE2A-FBE7-4997-A9AC-EE9AD39AB378} (bulbada2 Control) - http://www.bulbada.net/bulbada2X.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} - http://www.icannnews.com/app/ST/ActiveX.ocx
O16 - DPF: {4B55FE21-325E-48D5-9B39-9B430D639EE8} (ScanFile.FileScan) - http://contentpurity.com/lvjo/ScanFile.CAB
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://hello.com/pinstall.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7d90ae0...all/xscan53.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - https://vbv.samsungcard.co.kr/XecureObject/xw50_install.cab
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro-europe.com/file_downl...eCallButton.CAB
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/...tail/DASAct.cab
O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netmarble.com/NMChatX/NMTransX.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {CD01669C-F02D-4179-ADE9-81303CC09F5C} (CCDModLoader_new Object) - http://img.clubfolder.cdnetworks.co.kr/htm...NLoader_new.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - https://vbv.samsungcard.co.kr/keycrypt/npkcx.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O20 - Winlogon Notify: nwprovau - D:\WINNT\SYSTEM32\nwprovau.dll
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINNT\system32\ati2sgag.exe
O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - D:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee Firewall - Unknown owner - D:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: McShield - Unknown owner - D:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - D:\WINNT\system32\npkcsvc.exe
O23 - Service: SpyDetectorWatcher - Unknown owner - D:\Program Files\SpyDetector\spywatcher.exe (file missing)
QUOTE (Bobbi Flekman @ Jul 3 2005, 09:44 AM)
Hi info2002kr,
Go to Online malware scan and submit D:\WINNT\SYSTEM32\nwprovau.dll.
Tell me the result.
Download Ad-aware SE and update it (the Globe icon, then Connect). Then click on "Perform Full System Scan". Uncheck "Search for negligible risk entries" and click on "Next". Eliminate all that Ad-aware finds.
Restart your computer after cleaning with Ad-aware and scan again. Repeat the process until no further items are found as bad.
Download SpyBot S+D.
After installing the program, click on "Search for Updates" and download what the program finds.
Click on 'Search & Destroy' and on "Check for problems". Delete what it finds.
You might want to save this page on your favorites, so you can find it again when you return. You can also click on your name and click on "Find All Posts" to find your thread.
You are using Morpheus. This is not technically malware by itself, but it installs malware in order to run properly and it opens the door for every other nasty program you can think of. I strongly recommend that you remove it. Read this article for alternatives that will provide some of the same function without the garbage: http://www.spywareinfo.com/articles/p2p/ If you opt to remove it, first use "Add/Remove Program" to remove it and any reference to Morpheus.
This is another article: http://www.cexx.org/adware.htm
And since I saw a Kazaa folder in your log, the same goes for Kazaa, first use "Add/Remove Program" to remove it and any reference to Altnet and P2P Networking. Go to your control panel, then to "Add/Remove Programs", uninstall P2P networking...If/when asked whether you also want to remove Altnet components, say "Yes".
P2P Networking is a totally useless Kazaa add-on, and it's been reported to be responsible for serious system slowdowns. You may also want to run KazaaBegone...
Check your computer with the following free anti-virus/anti-trojan products.
Housecall Anti Virus Panda Anti Virus Trojan Scan Bit Defender
And, here's the link to McAfee AVERT Stinger and instructions for use.
Be sure and put a check in the box by "Auto Clean" before you do the scan. If it finds anything that it cannot clean have it delete it or make a note of the file location, so you can delete it yourself.
After that, post a new log from HijackThis.
Please create a list of programs that can be removed using Add/Remove Programs
Start HiJackThis. Click "Config"->"Misc Tools"->"Open Uninstall Manager" ->"Save List".
Save the log to a convenient location, and copy it into this thread.
Go to Online malware scan and submit D:\WINNT\SYSTEM32\nwprovau.dll.
Tell me the result.
Download Ad-aware SE and update it (the Globe icon, then Connect). Then click on "Perform Full System Scan". Uncheck "Search for negligible risk entries" and click on "Next". Eliminate all that Ad-aware finds.
Restart your computer after cleaning with Ad-aware and scan again. Repeat the process until no further items are found as bad.
Download SpyBot S+D.
After installing the program, click on "Search for Updates" and download what the program finds.
Click on 'Search & Destroy' and on "Check for problems". Delete what it finds.
You might want to save this page on your favorites, so you can find it again when you return. You can also click on your name and click on "Find All Posts" to find your thread.
You are using Morpheus. This is not technically malware by itself, but it installs malware in order to run properly and it opens the door for every other nasty program you can think of. I strongly recommend that you remove it. Read this article for alternatives that will provide some of the same function without the garbage: http://www.spywareinfo.com/articles/p2p/ If you opt to remove it, first use "Add/Remove Program" to remove it and any reference to Morpheus.
This is another article: http://www.cexx.org/adware.htm
And since I saw a Kazaa folder in your log, the same goes for Kazaa, first use "Add/Remove Program" to remove it and any reference to Altnet and P2P Networking. Go to your control panel, then to "Add/Remove Programs", uninstall P2P networking...If/when asked whether you also want to remove Altnet components, say "Yes".
P2P Networking is a totally useless Kazaa add-on, and it's been reported to be responsible for serious system slowdowns. You may also want to run KazaaBegone...
Check your computer with the following free anti-virus/anti-trojan products.
Housecall Anti Virus Panda Anti Virus Trojan Scan Bit Defender
And, here's the link to McAfee AVERT Stinger and instructions for use.
Be sure and put a check in the box by "Auto Clean" before you do the scan. If it finds anything that it cannot clean have it delete it or make a note of the file location, so you can delete it yourself.
After that, post a new log from HijackThis.
Please create a list of programs that can be removed using Add/Remove Programs
Start HiJackThis. Click "Config"->"Misc Tools"->"Open Uninstall Manager" ->"Save List".
Save the log to a convenient location, and copy it into this thread.
Hi Nat,
You don't have to quote all the previous messages. ;)
You haven't told me what Jotti said...
You are using Kazaa. This is not technically malware by itself, but it installs malware in order to run properly and it opens the door for every other nasty program you can think of. I strongly recommend that you remove it. Read this article for alternatives that will provide some of the same function without the garbage: http://www.spywareinfo.com/articles/p2p/ If you opt to remove it, first use "Add/Remove Program" to remove it and any reference to Altnet and P2P Networking. Go to your control panel, then to "Add/Remove Programs", uninstall P2P networking...If/when asked whether you also want to remove Altnet components, say "Yes".
P2P Networking is a totally useless Kazaa add-on, and it's been reported to be responsible for serious system slowdowns. You may also want to run KazaaBegone...
Run HijackThis, click on "Scan" and check the boxes next to all these items.
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {0AD937E7-2F37-4873-A05E-548A67EF1D0E} - (no file)
O2 - BHO: FlashEnhancer Ext - {5EDB03AF-0341-4e96-9E9B-3171522E4BAF} - c:\Program Files\Fla\fla.dll (file missing)
O2 - BHO: FlashTEnhancer Ext - {D7E588AB-A5D9-4422-B313-22A3470F9700} - c:\Program Files\Ftk\ftk.dll
O4 - HKLM\..\Run: [System Toolkit] D:\Program Files\Kazaa\My Shared Folder\Penis Enlargement Secrets.scr
O4 - HKLM\..\Run: [Nsv] D:\WINNT\system32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [picsvr] D:\WINNT\system32\picsvr\picsvr.exe
O4 - HKLM\..\Run: [tvs_b] C:\program files\tvs\tvs_b.exe
O4 - HKLM\..\Run: [FlaCPY] "C:\Program Files\Common Files\Java\flacpy.exe"
O4 - HKLM\..\Run: [FtkCPY] "C:\Program Files\Common Files\Java\ftkcpy.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [WCPS] D:\WINNT\system32\wintsvsu.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: GStartup.lnk = D:\Program Files\Common Files\GMT\GMT.exe
Spy Detector is on Spyware Warrior's Rogue List. Uninstall this program!
O23 - Service: SpyDetectorWatcher - Unknown owner - D:\Program Files\SpyDetector\spywatcher.exe (file missing)
Then close all windows, and browsers, except HijackThis. Tell HijackThis to "Fix checked".
Restart your computer in Safe Mode. How do I Safe Boot my computer?
Show hidden files. How do I show hidden files?
At the end if the fix you can return the files to hidden status if you want.
Delete the following files in red (it could be that they are deleted already):
D:\Program Files\Kazaa\My Shared Folder\Penis Enlargement Secrets.scr
C:\Program Files\Common Files\Java\flacpy.exe
C:\Program Files\Common Files\Java\ftkcpy.exe
D:\WINNT\system32\internat.exe
D:\WINNT\system32\wintsvsu.exe
Delete the following folders in red (it could be that they are deleted already):
D:\WINNT\system32\nsvsvc
D:\WINNT\system32\picsvr
c:\Program Files\Fla
c:\Program Files\Ftk
C:\program files\tvs
D:\Program Files\Common Files\GMT
D:\Program Files\SpyDetector
Restart your computer and post a new log in this thread.
You don't have to quote all the previous messages. ;)
You haven't told me what Jotti said...
You are using Kazaa. This is not technically malware by itself, but it installs malware in order to run properly and it opens the door for every other nasty program you can think of. I strongly recommend that you remove it. Read this article for alternatives that will provide some of the same function without the garbage: http://www.spywareinfo.com/articles/p2p/ If you opt to remove it, first use "Add/Remove Program" to remove it and any reference to Altnet and P2P Networking. Go to your control panel, then to "Add/Remove Programs", uninstall P2P networking...If/when asked whether you also want to remove Altnet components, say "Yes".
P2P Networking is a totally useless Kazaa add-on, and it's been reported to be responsible for serious system slowdowns. You may also want to run KazaaBegone...
Run HijackThis, click on "Scan" and check the boxes next to all these items.
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {0AD937E7-2F37-4873-A05E-548A67EF1D0E} - (no file)
O2 - BHO: FlashEnhancer Ext - {5EDB03AF-0341-4e96-9E9B-3171522E4BAF} - c:\Program Files\Fla\fla.dll (file missing)
O2 - BHO: FlashTEnhancer Ext - {D7E588AB-A5D9-4422-B313-22A3470F9700} - c:\Program Files\Ftk\ftk.dll
O4 - HKLM\..\Run: [System Toolkit] D:\Program Files\Kazaa\My Shared Folder\Penis Enlargement Secrets.scr
O4 - HKLM\..\Run: [Nsv] D:\WINNT\system32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [picsvr] D:\WINNT\system32\picsvr\picsvr.exe
O4 - HKLM\..\Run: [tvs_b] C:\program files\tvs\tvs_b.exe
O4 - HKLM\..\Run: [FlaCPY] "C:\Program Files\Common Files\Java\flacpy.exe"
O4 - HKLM\..\Run: [FtkCPY] "C:\Program Files\Common Files\Java\ftkcpy.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [WCPS] D:\WINNT\system32\wintsvsu.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: GStartup.lnk = D:\Program Files\Common Files\GMT\GMT.exe
Spy Detector is on Spyware Warrior's Rogue List. Uninstall this program!
O23 - Service: SpyDetectorWatcher - Unknown owner - D:\Program Files\SpyDetector\spywatcher.exe (file missing)
Then close all windows, and browsers, except HijackThis. Tell HijackThis to "Fix checked".
Restart your computer in Safe Mode. How do I Safe Boot my computer?
Show hidden files. How do I show hidden files?
At the end if the fix you can return the files to hidden status if you want.
Delete the following files in red (it could be that they are deleted already):
D:\Program Files\Kazaa\My Shared Folder\Penis Enlargement Secrets.scr
C:\Program Files\Common Files\Java\flacpy.exe
C:\Program Files\Common Files\Java\ftkcpy.exe
D:\WINNT\system32\internat.exe
D:\WINNT\system32\wintsvsu.exe
Delete the following folders in red (it could be that they are deleted already):
D:\WINNT\system32\nsvsvc
D:\WINNT\system32\picsvr
c:\Program Files\Fla
c:\Program Files\Ftk
C:\program files\tvs
D:\Program Files\Common Files\GMT
D:\Program Files\SpyDetector
Restart your computer and post a new log in this thread.
Okay here is the latest log, already my computer seems to be running faster and no more pop ups. Sorry I'm not computer savvy whatsoever:(
Cheers
Nat
Logfile of HijackThis v1.99.1
Scan saved at 11:29:25 PM, on 7/4/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\Ati2evxx.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\system32\stisvc.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\system32\MsPMSPSv.exe
D:\WINNT\system32\svchost.exe
D:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
D:\Program Files\McAfee\McAfee Firewall\CPD.EXE
D:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
D:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
D:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
D:\WINNT\system32\Ati2evxx.exe
D:\WINNT\Explorer.EXE
D:\Program Files\McAfee\McAfee Firewall\CPD.EXE
D:\WINNT\SOUNDMAN.EXE
D:\progra~1\samsung\smarthru\PORTCTRL.EXE
D:\WINNT\system32\CTHELPER.EXE
D:\WINNT\system32\spool\drivers\w32x86\3\smstsb09.exe
D:\Program Files\Creative\SBLive\AudioHQ\AHQTBU.EXE
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Documents and Settings\INTEL\Desktop\Digital Camera\Anti virus\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kitco.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - D:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] D:\WINNT\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [PicasaNet] "D:\Program Files\Hello\Hello.exe" -b
O4 - HKLM\..\Run: [GW Port Controller] d:\progra~1\samsung\smarthru\PORTCTRL.EXE
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] D:\WINNT\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "D:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Samsung Taskbar Utility] D:\WINNT\system32\spool\drivers\w32x86\3\smstsb09.exe
O4 - HKLM\..\Run: [AudioHQU] D:\Program Files\Creative\SBLive\AudioHQ\AHQTBU.EXE
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HydraVisionDesktopManager] D:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://D:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://D:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://D:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://D:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - http://uk.trendmicro-europe.com/enterprise...usecall_pre.php (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll (file missing)
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00001015-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter15 Class) - http://netmarble.net/game/NMStarter15.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {2B3CC8B1-EC8B-4BFE-B9ED-3460E383292E} (NetpiaPIOCX Control) - http://plugin.netpia.com/oneclick/webmail/NetpiaPIOCX1.ocx
O16 - DPF: {2CDEDE2A-FBE7-4997-A9AC-EE9AD39AB378} (bulbada2 Control) - http://www.bulbada.net/bulbada2X.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} - http://www.icannnews.com/app/ST/ActiveX.ocx
O16 - DPF: {4B55FE21-325E-48D5-9B39-9B430D639EE8} (ScanFile.FileScan) - http://contentpurity.com/lvjo/ScanFile.CAB
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://hello.com/pinstall.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7d90ae0...all/xscan53.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - https://vbv.samsungcard.co.kr/XecureObject/xw50_install.cab
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro-europe.com/file_downl...eCallButton.CAB
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/...tail/DASAct.cab
O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netmarble.com/NMChatX/NMTransX.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {CD01669C-F02D-4179-ADE9-81303CC09F5C} (CCDModLoader_new Object) - http://img.clubfolder.cdnetworks.co.kr/htm...NLoader_new.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - https://vbv.samsungcard.co.kr/keycrypt/npkcx.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O20 - Winlogon Notify: nwprovau - D:\WINNT\SYSTEM32\nwprovau.dll
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINNT\system32\ati2sgag.exe
O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - D:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee Firewall - Unknown owner - D:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: McShield - Unknown owner - D:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - D:\WINNT\system32\npkcsvc.exe
Cheers
Nat
Logfile of HijackThis v1.99.1
Scan saved at 11:29:25 PM, on 7/4/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\Ati2evxx.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\system32\stisvc.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\system32\MsPMSPSv.exe
D:\WINNT\system32\svchost.exe
D:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
D:\Program Files\McAfee\McAfee Firewall\CPD.EXE
D:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
D:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
D:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
D:\WINNT\system32\Ati2evxx.exe
D:\WINNT\Explorer.EXE
D:\Program Files\McAfee\McAfee Firewall\CPD.EXE
D:\WINNT\SOUNDMAN.EXE
D:\progra~1\samsung\smarthru\PORTCTRL.EXE
D:\WINNT\system32\CTHELPER.EXE
D:\WINNT\system32\spool\drivers\w32x86\3\smstsb09.exe
D:\Program Files\Creative\SBLive\AudioHQ\AHQTBU.EXE
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Documents and Settings\INTEL\Desktop\Digital Camera\Anti virus\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kitco.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - D:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] D:\WINNT\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [PicasaNet] "D:\Program Files\Hello\Hello.exe" -b
O4 - HKLM\..\Run: [GW Port Controller] d:\progra~1\samsung\smarthru\PORTCTRL.EXE
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] D:\WINNT\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "D:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Samsung Taskbar Utility] D:\WINNT\system32\spool\drivers\w32x86\3\smstsb09.exe
O4 - HKLM\..\Run: [AudioHQU] D:\Program Files\Creative\SBLive\AudioHQ\AHQTBU.EXE
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HydraVisionDesktopManager] D:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://D:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://D:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://D:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://D:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - http://uk.trendmicro-europe.com/enterprise...usecall_pre.php (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll (file missing)
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00001015-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter15 Class) - http://netmarble.net/game/NMStarter15.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {2B3CC8B1-EC8B-4BFE-B9ED-3460E383292E} (NetpiaPIOCX Control) - http://plugin.netpia.com/oneclick/webmail/NetpiaPIOCX1.ocx
O16 - DPF: {2CDEDE2A-FBE7-4997-A9AC-EE9AD39AB378} (bulbada2 Control) - http://www.bulbada.net/bulbada2X.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} - http://www.icannnews.com/app/ST/ActiveX.ocx
O16 - DPF: {4B55FE21-325E-48D5-9B39-9B430D639EE8} (ScanFile.FileScan) - http://contentpurity.com/lvjo/ScanFile.CAB
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://hello.com/pinstall.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7d90ae0...all/xscan53.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - https://vbv.samsungcard.co.kr/XecureObject/xw50_install.cab
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro-europe.com/file_downl...eCallButton.CAB
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/...tail/DASAct.cab
O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netmarble.com/NMChatX/NMTransX.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {CD01669C-F02D-4179-ADE9-81303CC09F5C} (CCDModLoader_new Object) - http://img.clubfolder.cdnetworks.co.kr/htm...NLoader_new.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - https://vbv.samsungcard.co.kr/keycrypt/npkcx.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O20 - Winlogon Notify: nwprovau - D:\WINNT\SYSTEM32\nwprovau.dll
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINNT\system32\ati2sgag.exe
O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - D:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee Firewall - Unknown owner - D:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: McShield - Unknown owner - D:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - D:\WINNT\system32\npkcsvc.exe
QUOTE (Bobbi Flekman @ Jul 4 2005, 12:31 PM)
Hi Nat,
You don't have to quote all the previous messages. ;)
You haven't told me what Jotti said...
You are using Kazaa. This is not technically malware by itself, but it installs malware in order to run properly and it opens the door for every other nasty program you can think of. I strongly recommend that you remove it. Read this article for alternatives that will provide some of the same function without the garbage: http://www.spywareinfo.com/articles/p2p/ If you opt to remove it, first use "Add/Remove Program" to remove it and any reference to Altnet and P2P Networking. Go to your control panel, then to "Add/Remove Programs", uninstall P2P networking...If/when asked whether you also want to remove Altnet components, say "Yes".
P2P Networking is a totally useless Kazaa add-on, and it's been reported to be responsible for serious system slowdowns. You may also want to run KazaaBegone...
Run HijackThis, click on "Scan" and check the boxes next to all these items.
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {0AD937E7-2F37-4873-A05E-548A67EF1D0E} - (no file)
O2 - BHO: FlashEnhancer Ext - {5EDB03AF-0341-4e96-9E9B-3171522E4BAF} - c:\Program Files\Fla\fla.dll (file missing)
O2 - BHO: FlashTEnhancer Ext - {D7E588AB-A5D9-4422-B313-22A3470F9700} - c:\Program Files\Ftk\ftk.dll
O4 - HKLM\..\Run: [System Toolkit] D:\Program Files\Kazaa\My Shared Folder\- 1 inch less and you are a Queen - Secrets.scr
O4 - HKLM\..\Run: [Nsv] D:\WINNT\system32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [picsvr] D:\WINNT\system32\picsvr\picsvr.exe
O4 - HKLM\..\Run: [tvs_b] C:\program files\tvs\tvs_b.exe
O4 - HKLM\..\Run: [FlaCPY] "C:\Program Files\Common Files\Java\flacpy.exe"
O4 - HKLM\..\Run: [FtkCPY] "C:\Program Files\Common Files\Java\ftkcpy.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [WCPS] D:\WINNT\system32\wintsvsu.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: GStartup.lnk = D:\Program Files\Common Files\GMT\GMT.exe
Spy Detector is on Spyware Warrior's Rogue List. Uninstall this program!
O23 - Service: SpyDetectorWatcher - Unknown owner - D:\Program Files\SpyDetector\spywatcher.exe (file missing)
Then close all windows, and browsers, except HijackThis. Tell HijackThis to "Fix checked".
Restart your computer in Safe Mode. How do I Safe Boot my computer?
Show hidden files. How do I show hidden files?
At the end if the fix you can return the files to hidden status if you want.
Delete the following files in red (it could be that they are deleted already):
D:\Program Files\Kazaa\My Shared Folder\- 1 inch less and you are a Queen - Secrets.scr
C:\Program Files\Common Files\Java\flacpy.exe
C:\Program Files\Common Files\Java\ftkcpy.exe
D:\WINNT\system32\internat.exe
D:\WINNT\system32\wintsvsu.exe
Delete the following folders in red (it could be that they are deleted already):
D:\WINNT\system32\nsvsvc
D:\WINNT\system32\picsvr
c:\Program Files\Fla
c:\Program Files\Ftk
C:\program files\tvs
D:\Program Files\Common Files\GMT
D:\Program Files\SpyDetector
Restart your computer and post a new log in this thread.
You don't have to quote all the previous messages. ;)
You haven't told me what Jotti said...
You are using Kazaa. This is not technically malware by itself, but it installs malware in order to run properly and it opens the door for every other nasty program you can think of. I strongly recommend that you remove it. Read this article for alternatives that will provide some of the same function without the garbage: http://www.spywareinfo.com/articles/p2p/ If you opt to remove it, first use "Add/Remove Program" to remove it and any reference to Altnet and P2P Networking. Go to your control panel, then to "Add/Remove Programs", uninstall P2P networking...If/when asked whether you also want to remove Altnet components, say "Yes".
P2P Networking is a totally useless Kazaa add-on, and it's been reported to be responsible for serious system slowdowns. You may also want to run KazaaBegone...
Run HijackThis, click on "Scan" and check the boxes next to all these items.
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {0AD937E7-2F37-4873-A05E-548A67EF1D0E} - (no file)
O2 - BHO: FlashEnhancer Ext - {5EDB03AF-0341-4e96-9E9B-3171522E4BAF} - c:\Program Files\Fla\fla.dll (file missing)
O2 - BHO: FlashTEnhancer Ext - {D7E588AB-A5D9-4422-B313-22A3470F9700} - c:\Program Files\Ftk\ftk.dll
O4 - HKLM\..\Run: [System Toolkit] D:\Program Files\Kazaa\My Shared Folder\- 1 inch less and you are a Queen - Secrets.scr
O4 - HKLM\..\Run: [Nsv] D:\WINNT\system32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [picsvr] D:\WINNT\system32\picsvr\picsvr.exe
O4 - HKLM\..\Run: [tvs_b] C:\program files\tvs\tvs_b.exe
O4 - HKLM\..\Run: [FlaCPY] "C:\Program Files\Common Files\Java\flacpy.exe"
O4 - HKLM\..\Run: [FtkCPY] "C:\Program Files\Common Files\Java\ftkcpy.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [WCPS] D:\WINNT\system32\wintsvsu.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: GStartup.lnk = D:\Program Files\Common Files\GMT\GMT.exe
Spy Detector is on Spyware Warrior's Rogue List. Uninstall this program!
O23 - Service: SpyDetectorWatcher - Unknown owner - D:\Program Files\SpyDetector\spywatcher.exe (file missing)
Then close all windows, and browsers, except HijackThis. Tell HijackThis to "Fix checked".
Restart your computer in Safe Mode. How do I Safe Boot my computer?
Show hidden files. How do I show hidden files?
At the end if the fix you can return the files to hidden status if you want.
Delete the following files in red (it could be that they are deleted already):
D:\Program Files\Kazaa\My Shared Folder\- 1 inch less and you are a Queen - Secrets.scr
C:\Program Files\Common Files\Java\flacpy.exe
C:\Program Files\Common Files\Java\ftkcpy.exe
D:\WINNT\system32\internat.exe
D:\WINNT\system32\wintsvsu.exe
Delete the following folders in red (it could be that they are deleted already):
D:\WINNT\system32\nsvsvc
D:\WINNT\system32\picsvr
c:\Program Files\Fla
c:\Program Files\Ftk
C:\program files\tvs
D:\Program Files\Common Files\GMT
D:\Program Files\SpyDetector
Restart your computer and post a new log in this thread.
Hi Nat,
This log looks clean!
This is a good time to set up protection against further attacks. Read the article behind this link "How did I get infected". If you don't already have them, you need an antivirus that is updated, a good firewall for example Kerio Personal Firewall or ZoneLabs Zone Alarm, a spyware blocker like SpywareBlaster and also IE-Spyads and spyware detection (Ad-aware SE and SpyBot S+D). All of these have good free versions available... be very cautious about any security software that advertises in popups or other intrusive ways, they are not only usually useless, but also often have malware in them....
Instead of Internet Explorer, use a different browser like Opera, Mozilla or Firefox.
Last, but not least, you need to keep Windows and Internet Explorer up to date by getting all the latest security patches that protects your computer.
This can be accessed by going to http://windowsupdate.microsoft.com/ and following the prompts. If you are running Windows XP get updated to SP-2
Please post back if you are still having any problems....
This log looks clean!
This is a good time to set up protection against further attacks. Read the article behind this link "How did I get infected". If you don't already have them, you need an antivirus that is updated, a good firewall for example Kerio Personal Firewall or ZoneLabs Zone Alarm, a spyware blocker like SpywareBlaster and also IE-Spyads and spyware detection (Ad-aware SE and SpyBot S+D). All of these have good free versions available... be very cautious about any security software that advertises in popups or other intrusive ways, they are not only usually useless, but also often have malware in them....
Instead of Internet Explorer, use a different browser like Opera, Mozilla or Firefox.
Last, but not least, you need to keep Windows and Internet Explorer up to date by getting all the latest security patches that protects your computer.
This can be accessed by going to http://windowsupdate.microsoft.com/ and following the prompts. If you are running Windows XP get updated to SP-2
Please post back if you are still having any problems....
Cheers Bobbi your the man/woman!
Thanks for the help and advice, can I make a donation to you guys?
Thanks,
Nat
Thanks for the help and advice, can I make a donation to you guys?
Thanks,
Nat
Hi Nat,
We, at Gladiator, work completely voluntary. We don't take donations, but if you would like to make a donation to your local animal shelter I'd be happy as well.
Thanks.
We, at Gladiator, work completely voluntary. We don't take donations, but if you would like to make a donation to your local animal shelter I'd be happy as well.
Thanks.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.