Could someone look at this log for me and tell me if my machine is o.k.??? Sure looks like alot of stuff, seeing how I have every thing disabled in this profile. I set up a profile for just gaming, bare bones, for speed, and i just don't see a big difference.
Thank you so much for your help.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:42:10 AM, on 1/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\drivers\CDAC11BA.EXE
E:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
E:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
e:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
E:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
E:\PROGRA~1\McAfee\MSC\mcpromgr.exe
e:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
e:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
E:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
E:\Program Files\McAfee\MPF\MPFSrv.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\McAfee\MSK\MskSrver.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\UPHClean\uphclean.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
e:\PROGRA~1\mcafee.com\agent\mcagent.exe
E:\Program Files\SiteAdvisor\6253\SiteAdv.exe
E:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
E:\WINDOWS\System32\svchost.exe
E:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
E:\Program Files\The All-Seeing Eye\eye.exe
E:\Program Files\ASUS\AI Booster\OverClk.exe
E:\WINDOWS\system32\NOTEPAD.EXE
E:\WINDOWS\system32\NOTEPAD.EXE
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Documents and Settings\Billy Pettit\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - E:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - e:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - E:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [LXCFCATS] rundll32 E:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [cjkkkjzipnm] E:\WINDOWS\system32\cjkkkjzipnm.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "E:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O8 - Extra context menu item: &Windows Live Search - res://E:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.line6.net
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199190308046
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O23 - Service: McAfee Application Installer Cleanup (0177611200857516) (0177611200857516mcinstcleanup) - Unknown owner - E:\WINDOWS\TEMP\017761~1.EXE (file missing)
O23 - Service: Print Spooler Service (aoayyto0) - Unknown owner - E:\WINDOWS\system32\cjkkkjzipnm.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - E:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - E:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: E-MU Audio Service (emaudsv) - E-MU Systems - E:\WINDOWS\system32\emaudsv.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - E:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - E:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: lxcf_device - Unknown owner - E:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - E:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - E:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - E:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - e:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - E:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - E:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - e:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - e:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - E:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - E:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - E:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - E:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: nHancer Support (nHancer) - KSE - Korndörfer Software Engineering - E:\Program Files\nHancer\nHancerService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - E:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiteAdvisor Service - Unknown owner - E:\Program Files\SiteAdvisor\6253\SAService.exe

--
End of file - 9245 bytes

Recommended Answers

Download
SDFix
and save it to your desktop.

Please then reboot your computer in Safe Mode by doing the
following :

  • Restart your computer
  • After hearing your computer beep once during startup, …
Jump to Post

You may have dropped through the cracks here, billy. So.... while crunchie is having a cup of tea:
Start hijackthis, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked.

O4 - HKLM\..\Run: [cjkkkjzipnm] E:\WINDOWS\system32\cjkkkjzipnm.exe
O4 - HKLM\..\RunServices: [cjkkkjzipnm] E:\WINDOWS\system32\cjkkkjzipnm.exe

Jump to Post

Every now and then my email notification does not arrive. My apologies.
The SDFix log is incomplete. Please post the entire log on your next return.

Jump to Post

All 9 Replies

Download
SDFix
and save it to your desktop.

Please then reboot your computer in Safe Mode by doing the
following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the
    Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
  • In Safe Mode, right click the SDFix.zip folder and choose Extract
    All
    ,
  • Open the extracted folder and double click RunThis.bat to
    start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the
    registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool
    will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and
    display Finished, then press any key to end the script and load
    your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the
    contents of the results file Report.txt back onto the forum with
    a new HijackThis log

Crunchie,
Thanks for the help really. Here is the log you asked for.
SDFix: Version 1.130

Run by Billy Pettit on Tue 01/22/2008 at 04:32 AM

Microsoft Windows XP [Version 5.1.2600]

Running From: E:\DOCUME~1\BILLYP~1\Desktop\SDFix\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:41:01 AM, on 1/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\drivers\CDAC11BA.EXE
E:\WINDOWS\system32\emaudsv.exe
E:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
E:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
e:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
E:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
E:\PROGRA~1\McAfee\MSC\mcpromgr.exe
e:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
e:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
E:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
E:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
E:\Program Files\McAfee\MPF\MPFSrv.exe
E:\Program Files\McAfee\MSK\MskSrver.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\UPHClean\uphclean.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\ASUS\AI Booster\OverClk.exe
e:\PROGRA~1\mcafee.com\agent\mcagent.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\SiteAdvisor\6253\SiteAdv.exe
E:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
E:\WINDOWS\system32\NOTEPAD.EXE
E:\Documents and Settings\Billy Pettit\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - E:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - e:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - E:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Launch Ai Booster] "E:\Program Files\ASUS\AI Booster\OverClk.exe"
O4 - HKLM\..\Run: [amd_dc_opt] E:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [LXCFCATS] rundll32 E:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [cjkkkjzipnm] E:\WINDOWS\system32\cjkkkjzipnm.exe
O4 - HKLM\..\RunServices: [cjkkkjzipnm] E:\WINDOWS\system32\cjkkkjzipnm.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "E:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O8 - Extra context menu item: &Windows Live Search - res://E:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.line6.net
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199190308046
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O23 - Service: C-DillaCdaC11BA - Macrovision - E:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - E:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: E-MU Audio Service (emaudsv) - E-MU Systems - E:\WINDOWS\system32\emaudsv.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - E:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - E:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: lxcf_device - Unknown owner - E:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - E:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - E:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - E:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - e:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - E:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - E:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - e:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - e:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - E:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - E:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - E:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - E:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: nHancer Support (nHancer) - KSE - Korndörfer Software Engineering - E:\Program Files\nHancer\nHancerService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - E:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiteAdvisor Service - Unknown owner - E:\Program Files\SiteAdvisor\6253\SAService.exe

--
End of file - 8993 bytes

You may have dropped through the cracks here, billy. So.... while crunchie is having a cup of tea:
Start hijackthis, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked.

O4 - HKLM\..\Run: [cjkkkjzipnm] E:\WINDOWS\system32\cjkkkjzipnm.exe
O4 - HKLM\..\RunServices: [cjkkkjzipnm] E:\WINDOWS\system32\cjkkkjzipnm.exe

Good. Delete these files:
E:\WINDOWS\system32\cjkkkjzipnm.exe
E:\WINDOWS\system32\cjkkkjzipnm.exe

Now if you are gaming you don't need all those toolbars and browser helpers, do you [they sit in memory...]
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - E:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [LXCFCATS] rundll32 E:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
...and you don't need anything in the trusted zone [why bypass all your normal site safety settings?]
O15 - Trusted Zone: *.line6.net

commented: This give me speed, and was very helpful. +1

Every now and then my email notification does not arrive. My apologies.
The SDFix log is incomplete. Please post the entire log on your next return.

I see cake crumbs... :)

aaaaaaaaahhhhhhhhhhhhhhh :)

SDFix: Version 1.131

Run by Billy Pettit on Fri 01/25/2008 at 06:06 AM

Microsoft Windows XP [Version 5.1.2600]

Running From: E:\DOCUME~1\BILLYP~1\Desktop\SDFix\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found


Removing Temp Files...

ADS Check:

E:\WINDOWS
No streams found.

E:\WINDOWS\explorer.exe
No streams found.

E:\WINDOWS\system32
No streams found.

E:\WINDOWS\system32\svchost.exe
No streams found.

E:\WINDOWS\system32\ntoskrnl.exe
No streams found.

Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-25 06:10:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------


Files with Hidden Attributes:

Wed 13 Oct 2004 1,694,208 ..SH. --- "E:\Program Files\Messenger\msmsgs.exe"
Wed 4 Aug 2004 60,416 A.SH. --- "E:\Program Files\Outlook Express\msimn.exe"
Sat 22 Dec 2007 0 A.SH. --- "E:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sun 4 Jan 2004 8,982,709 A..H. --- "E:\Documents and Settings\Billy Pettit\My Documents\My Pictures\MY PICTURES1\pictures.dll"
Sat 4 Aug 2007 4,348 A..H. --- "E:\Documents and Settings\Billy Pettit\My Documents\Ethan Miles\Ethan Miles Music\Dons Band\License Backup\drmv1key.bak"
Sat 11 Aug 2007 401 A..H. --- "E:\Documents and Settings\Billy Pettit\My Documents\Ethan Miles\Ethan Miles Music\Dons Band\License Backup\drmv1lic.bak"
Fri 3 Aug 2007 312 A.SH. --- "E:\Documents and Settings\Billy Pettit\My Documents\Ethan Miles\Ethan Miles Music\Dons Band\License Backup\drmv2key.bak"

Finished!

Well I reposted, because you could not read all of message. Hope I fixed it, and thanks so much guy's.
SDFix: Version 1.131

Run by Billy Pettit on Fri 01/25/2008 at 06:06 AM

Microsoft Windows XP [Version 5.1.2600]

Running From: E:\DOCUME~1\BILLYP~1\Desktop\SDFix\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found


Removing Temp Files...

ADS Check:

E:\WINDOWS
No streams found.

E:\WINDOWS\explorer.exe
No streams found.

E:\WINDOWS\system32
No streams found.

E:\WINDOWS\system32\svchost.exe
No streams found.

E:\WINDOWS\system32\ntoskrnl.exe
No streams found.

Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-25 06:10:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------


Files with Hidden Attributes:

Wed 13 Oct 2004 1,694,208 ..SH. --- "E:\Program Files\Messenger\msmsgs.exe"
Wed 4 Aug 2004 60,416 A.SH. --- "E:\Program Files\Outlook Express\msimn.exe"
Sat 22 Dec 2007 0 A.SH. --- "E:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sun 4 Jan 2004 8,982,709 A..H. --- "E:\Documents and Settings\Billy Pettit\My Documents\My Pictures\MY PICTURES1\pictures.dll"
Sat 4 Aug 2007 4,348 A..H. --- "E:\Documents and Settings\Billy Pettit\My Documents\Ethan Miles\Ethan Miles Music\Dons Band\License Backup\drmv1key.bak"
Sat 11 Aug 2007 401 A..H. --- "E:\Documents and Settings\Billy Pettit\My Documents\Ethan Miles\Ethan Miles Music\Dons Band\License Backup\drmv1lic.bak"
Fri 3 Aug 2007 312 A.SH. --- "E:\Documents and Settings\Billy Pettit\My Documents\Ethan Miles\Ethan Miles Music\Dons Band\License Backup\drmv2key.bak"

Finished!

That log is obviously from a second or subsequent run :(.

Can you please do the following.


===============

Scan with HijackThis and then place a check next to all the following, if present:


O4 - HKLM\..\Run: [cjkkkjzipnm] E:\WINDOWS\system32\cjkkkjzipnm.exe
O4 - HKLM\..\RunServices: [cjkkkjzipnm] E:\WINDOWS\system32\cjkkkjzipnm.exe

O15 - Trusted Zone: *.line6.net


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:

files...

E:\WINDOWS\system32\cjkkkjzipnm.exe

-

Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in Safe Mode by doing the following:

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear.

Select the first option to run Windows in Safe Mode hit enter.

-

Reboot.

===============

After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, learning, and sharing knowledge.