edmandoo
-
Content Count
14 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Posts posted by edmandoo
-
-
yea even if i do combofix.exe
and hijackthis scans.
I believe i'm still getting signs of this korean stuff.
Not only that, but i think now it's weekly...instead of daily that these things show up
I scanned with hijackthis today and it scanned 3 ctfmon.exe, ususally only scanning one.
And i found out that two of them were in the WINDOWS folder so i checked what it was.
And it was in korean again , and definitely not related to Microsoft Office.
PLEASE HELP!
-
ComboFix 07-06-13.3 - C:\Documents and Settings\Edmundo Unit\Desktop\ComboFix.exe
"Edmundo Unit" - 2007-06-12 21:23:58 - Service Pack 2 NTFS
((((((((((((((((((((((((( Files Created from 2007-05-13 to 2007-06-13 )))))))))))))))))))))))))))))))
2007-06-12 21:18 337,920 --a------ C:\WINDOWS\system32\bmdelete.exe
2007-06-05 22:02 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-06-04 14:52 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-04 07:51 <DIR> d-------- C:\WINDOWS\1088
2007-06-03 07:58 <DIR> d-------- C:\NVSTEREO.LOG
2007-06-03 07:33 221,184 --a------ C:\WINDOWS\system32\install.exe
2007-05-31 16:34 421 --a------ C:\WINDOWS\system32\ccman.sys
2007-05-31 16:34 218,624 --a------ C:\WINDOWS\system32\ccmansetup.exe
2007-05-30 12:50 <DIR> d-------- C:\WINDOWS\1059
2007-05-30 12:50 <DIR> d-------- C:\WINDOWS\1057
2007-05-29 09:06 347 --a------ C:\WINDOWS\system32\takeup.sys
2007-05-29 09:06 226,304 --a------ C:\WINDOWS\system32\takeup.exe
2007-05-29 09:06 208,896 --a------ C:\WINDOWS\msconfig_uninstaller.exe
2007-05-29 09:06 <DIR> d-------- C:\WINDOWS\system32\nwproc
2007-05-29 09:06 <DIR> d-------- C:\WINDOWS\1045
2007-05-29 09:06 <DIR> d-------- C:\Program Files\nwproc
2007-05-28 15:36 <DIR> d-------- C:\DOCUME~1\Glara\APPLIC~1\Viewpoint
2007-05-28 08:25 <DIR> d-------- C:\WINDOWS\1051
2007-05-26 18:39 204,800 --a------ C:\WINDOWS\system32\urluninstaller.exe
2007-05-24 17:21 1,718 --a------ C:\WINDOWS\system32\exchange.sys
2007-05-22 19:45 458,752 --a------ C:\WINDOWS\LinkProSetupAx_8.exe
2007-05-22 19:45 15,872 --a------ C:\WINDOWS\system32\linkpro.exe
2007-05-20 17:37 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2007-05-19 21:29 <DIR> d-------- C:\DOCUME~1\EDMUND~1\APPLIC~1\dvdcss
2007-05-18 22:54 <DIR> d--h----- C:\WINDOWS\HUL
2007-05-15 15:26 <DIR> d-------- C:\WINDOWS\1365
2007-05-14 01:35 246,784 --a------ C:\WINDOWS\dlwl.exe
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-08 03:09:09 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-06-06 05:54:29 -------- d-----w C:\Program Files\Symantec
2007-06-06 05:45:57 -------- d-----w C:\Program Files\Messenger
2007-06-06 05:40:04 -------- d-----w C:\Program Files\Easy CD-DA Extractor 10
2007-06-06 05:34:48 -------- d-----w C:\Program Files\AlienGUIse
2007-06-06 05:14:28 -------- d-----w C:\DOCUME~1\EDMUND~1\APPLIC~1\Symantec
2007-06-03 15:12:13 -------- d-----w C:\DOCUME~1\EDMUND~1\APPLIC~1\Uniblue
2007-06-03 15:05:16 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-03 15:05:15 -------- d-----w C:\Program Files\Netmarble
2007-06-03 03:01:18 -------- d-----w C:\Program Files\Windows Media Connect 2
2007-05-31 23:34:24 1,486 ----a-w C:\WINDOWS\uninstall_all.sys
2007-05-30 19:52:31 -------- d-----w C:\DOCUME~1\EDMUND~1\APPLIC~1\Lavasoft
2007-05-29 20:38:15 -------- d-----w C:\Program Files\Steam
2007-05-26 04:51:56 -------- d-----w C:\DOCUME~1\EDMUND~1\APPLIC~1\Azureus
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-11 04:48:13 1,543 ----a-w C:\WINDOWS\system32\fine.sys
2007-05-09 04:17:51 345,600 ----a-w C:\WINDOWS\system32\super.exe
2007-05-09 04:02:15 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-04-29 15:31:55 204,800 ----a-w C:\WINDOWS\system32viuninstaller.exe
2007-04-29 15:31:32 53,248 ----a-w C:\WINDOWS\system32\spintmp.exe
2007-04-26 01:58:32 200,704 ----a-w C:\WINDOWS\system32\pcsafe_uninstaller.exe
2007-04-25 22:58:38 242,688 ----a-w C:\WINDOWS\system32\uninst_vcpr.exe
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-22 00:41:02 204,800 ----a-w C:\WINDOWS\system32\rsq.exe
2007-04-19 03:29:57 -------- d-----w C:\Program Files\Winamp
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 05:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 05:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 05:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 05:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 05:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 05:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 05:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 05:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-17 05:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-17 05:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-15 16:45:35 -------- d-----w C:\Program Files\Norton AntiVirus
2007-04-15 16:42:28 48,776 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-04-15 16:42:28 115,000 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-04-14 04:40:48 204,800 ----a-w C:\WINDOWS\system32\viuninstaller.exe
2007-04-14 04:34:02 242,176 ----a-w C:\WINDOWS\system32\uninst_zerov.exe
2007-04-11 22:49:17 94,309 ----a-w C:\WINDOWS\Nate_Setup19.exe
2007-04-10 01:59:44 200,704 ----a-w C:\WINDOWS\system32\vacprouninstaller.exe
2007-03-29 20:51:46 300,784 ----a-w C:\WINDOWS\system32\Bugsctrl.dll
2007-03-29 01:51:54 538,256 ----a-w C:\WINDOWS\system32\SymNeti.dll
2007-03-29 01:51:52 161,424 ----a-w C:\WINDOWS\system32\SymRedir.dll
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 02:56]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-04-17 13:32]
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}=C:\Program Files\Norton AntiVirus\NavShExt.dll [2007-04-02 19:19]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 23:19]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-06-03 17:33]
"nwiz"="nwiz.exe" [2006-03-09 15:29 C:\WINDOWS\system32\nwiz.exe]
"MSNMessenger"="C:\Program Files\MSN Messenger\Device Manager\Loc\3099\msnmsgr.exe" [2007-04-07 11:29]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"Uniblue RegistryBooster2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []
"MSNMessenger"="C:\Program Files\MSN Messenger\Device Manager\Loc\3099\msnmsgr.exe" [2007-04-07 11:29]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"SystemManager"=C:\WINDOWS\system32\a3p.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc
Contents of the 'Scheduled Tasks' folder
2007-06-04 14:53:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-09 03:00:16 C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Edmundo Unit.job
**************************************************************************
catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-12 21:27:16
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-06-12 21:27:52
C:\ComboFix-quarantined-files.txt ... 2007-06-12 21:27
C:\ComboFix2.txt ... 2007-06-04 14:52
--- E O F ---
-
the one's in the moved it files. I deleted them..because everyone i searched on google dealt with korean siets and virus etc.
So please help!
Should i delete the msmon.sys.vir file also? in the qoobox folder from combofix i believe.
-
yea it was another korean virus scanner thing....im getting scared now.
-
hey you still didn't tell me what to do with the moved files. Should i delete them?
Not only that..but today i turned on my computer...and this bmpatch.exe installed itself in my computer
What is that?
I searched it on google and it showed up on like chinese sites..?
Should i delete it or what?
Oh btw here's a new hijack log.
Please tell me what to do with the quarantined and moved files...
And why did this bmpatch.exe install itself into my computer?
Is it a program extension?
It's in my C drive in program files in a folder called "pcmedic"
And the files inside include bmpatch.exe, pcmedic.dll2, and pcmedic.exe2
PLEASE HELP!
this is my hijack log
Logfile of HijackThis v1.99.1
Scan saved at 9:02:18 PM, on 6/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\Device Manager\Loc\3099\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\pcmedic\bmpatch.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Norton AntiVirus\NAVW32.EXE
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NateOnMain] C:\Program Files\NATEON\Addin\B926D852-194B-4c62-9C73-3F0ECA8950EA\NateOnMain.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSNMessenger] "C:\Program Files\MSN Messenger\Device Manager\Loc\3099\msnmsgr.exe"
O4 - HKLM\..\Run: [pcmedic] C:\Program Files\pcmedic\pcmedic.exe Icon <---- what is that?
O4 - HKCU\..\Run: [NateOnMain] C:\Program Files\NATEON\Addin\B926D852-194B-4c62-9C73-3F0ECA8950EA\NateOnMain.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [MSNMessenger] "C:\Program Files\MSN Messenger\Device Manager\Loc\3099\msnmsgr.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [iNTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} (GomWeb Control) - http://app.ipop.co.kr/gom/GomWeb.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCEF5CDE-BAD4-4532-A30B-9D16D502DE69} (BugsInstallEx Control) - http://install.bugs.co.kr/install/BugsInstallerEx.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Error Event Log (ereventlog) - Unknown owner - C:\WINDOWS\system32\drivers\erelog.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCI lagacy (PCIlagacy) - Unknown owner - C:\WINDOWS\nerochk.exe (file missing)
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
-
NOT ONLY THAT
but what should i do with the quarantined files in the otmovieit folder and the Qoobox folder?
shouldnt i delete those files?
Not only that, but what should i do with the "fix.reg" file. just leave it on my desktop?
And that dll that was infected...what should i do with that (the one avg detected as infected) should i just leave it as is or delete it?
thanks
-
everything worked fine after the first post you made (and youre a mother freakin genius)
thank you for everything. and yea i removed the last two.
Thanks for being there for me so quick
Matt told me that you techies had like finals and stuff to study for (our high school being charter got out a month earlier than all of you guys, yet we start a month earlier T_T)
So yea and are you korean? because your name is birdsong and i have a friend named daniel song and i call him songbird.
lol that was random but yea everything works fine THANKS MAN!
Hope to encounter you again haha
-
before i post i think i need to tell you why panda detected so many spyware.
My sister and my dad has an account on this computer also..and i dont think they deleted the temporary internet files WHICH I WILL DO and WHICH I APOLOGIZE FOR NOT TELLING BEFOREHAND (if there are any mistakes i have made -__-)
So yea and the weird thing is..when panda was scanning...avg detected (maybe it is just infected) a backup file in the hijackthis backups folder stated as a threat because the description stated some trojan horse generic4.SQG and the dll name was backup-20070604-144722-876.dll
It indeed was a backup copy and infected. (i double checked)
Im just going to leave it in the virusvault for now.
So yea tomorrow i'll delete every temporary internet file from my sister's and dad's account.
Here is the OTMoveIt log
C:\WINDOWS\asrotray.exe moved successfully.
Folder C:\ktf\ not found.
File/Folder C:\WINDOWS\system32\onpcs.dll not found.
File/Folder C:\WINDOWS\system32\apo.dll not found.
C:\WINDOWS\system32\a3p.exe moved successfully.
File/Folder C:\WINDOWS\asrotray.exe not found.
C:\WINDOWS\system32\ccman.exe moved successfully.
C:\WINDOWS\system32\carion.exe moved successfully.
C:\WINDOWS\rundl64.exe moved successfully.
C:\WINDOWS\system32\mswasie.exe moved successfully.
C:\WINDOWS\system32\drivers\erelog.exe moved successfully.
C:\WINDOWS\nerochk.exe moved successfully.
Created on 06/05/2007 21:52:35
Here is the Panda Scan log
(wow a lot of spyware..probably because of the other accounts mentioned above)
Incident Status Location
Virus:Trj/Agent.FHL Disinfected Operating system
Virus:Trj/Agent.FHL Disinfected Operating system
Adware:adware/statblaster Not disinfected Windows Registry
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Edmundo Unit\Application Data\Mozilla\Firefox\Profiles\gtjsf4vz.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Edmundo Unit\Application Data\Mozilla\Firefox\Profiles\gtjsf4vz.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Edmundo Unit\Application Data\Mozilla\Firefox\Profiles\gtjsf4vz.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Edmundo Unit\Application Data\Mozilla\Firefox\Profiles\gtjsf4vz.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Edmundo Unit\Application Data\Mozilla\Firefox\Profiles\gtjsf4vz.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Edmundo Unit\Application Data\Mozilla\Firefox\Profiles\gtjsf4vz.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Edmundo Unit\Application Data\Mozilla\Firefox\Profiles\gtjsf4vz.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Edmundo Unit\Application Data\Mozilla\Firefox\Profiles\gtjsf4vz.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Edmundo Unit\Application Data\Mozilla\Firefox\Profiles\gtjsf4vz.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Edmundo Unit\Application Data\Mozilla\Firefox\Profiles\gtjsf4vz.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Edmundo Unit\Application Data\Mozilla\Firefox\Profiles\gtjsf4vz.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Edmundo Unit\Application Data\Mozilla\Firefox\Profiles\gtjsf4vz.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Edmundo Unit\Application Data\Mozilla\Firefox\Profiles\gtjsf4vz.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Edmundo Unit\Application Data\Mozilla\Firefox\Profiles\gtjsf4vz.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Edmundo Unit\Application Data\Mozilla\Firefox\Profiles\gtjsf4vz.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Edmundo Unit\Application Data\Mozilla\Firefox\Profiles\gtjsf4vz.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Edmundo Unit\Application Data\Mozilla\Firefox\Profiles\gtjsf4vz.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Edmundo Unit\Application Data\Mozilla\Firefox\Profiles\gtjsf4vz.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Edmundo Unit\Application Data\Mozilla\Firefox\Profiles\gtjsf4vz.default\cookies.txt[.revenue.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Edmundo Unit\Application Data\Mozilla\Firefox\Profiles\gtjsf4vz.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Edmundo Unit\Application Data\Mozilla\Firefox\Profiles\gtjsf4vz.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Edmundo Unit\Application Data\Mozilla\Firefox\Profiles\gtjsf4vz.default\cookies.txt[.com.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Edmundo Unit\Application Data\Mozilla\Firefox\Profiles\gtjsf4vz.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Edmundo Unit\Application Data\Mozilla\Firefox\Profiles\gtjsf4vz.default\cookies.txt[.atwola.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Edmundo Unit\Application Data\Mozilla\Firefox\Profiles\gtjsf4vz.default\cookies.txt[.2o7.net/]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Edmundo Unit\Desktop\ComboFix.exe[ComboFixT\nircmd.exe]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[server.iad.liveperson.net/hc/LPpacificsunwear]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[server.iad.liveperson.net/hc/LPpacificsunwear]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[.zedo.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[counter.hitslink.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[statse.webtrendslive.com/S148222]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[statse.webtrendslive.com/S148222]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[.entrepreneur.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Glara\Cookies\glara@247realmedia[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Glara\Cookies\glara@2o7[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Glara\Cookies\glara@adrevolver[1].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][2].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Glara\Cookies\glara@advertising[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Glara\Cookies\glara@apmebf[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Glara\Cookies\glara@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Glara\Cookies\glara@atwola[2].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Glara\Cookies\glara@banner[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Glara\Cookies\glara@belnk[1].txt
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Glara\Cookies\glara@bfast[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Glara\Cookies\glara@bluestreak[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Glara\Cookies\glara@burstnet[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Glara\Cookies\glara@casalemedia[1].txt
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Glara\Cookies\glara@com[1].txt
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Glara\Cookies\glara@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Glara\Cookies\glara@fastclick[1].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Glara\Cookies\glara@gostats[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Glara\Cookies\glara@hitbox[2].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Glara\Cookies\glara@maxserving[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][3].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Glara\Cookies\glara@mediaplex[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Glara\Cookies\glara@overture[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][1].txt
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Glara\Cookies\glara@qksrv[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Glara\Cookies\glara@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Glara\Cookies\glara@realmedia[2].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Glara\Cookies\glara@revenue[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][5].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Glara\Cookies\glara@serving-sys[1].txt
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Glara\Cookies\glara@spylog[1].txt
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Glara\Cookies\glara@statcounter[2].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][2].txt
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Glara\Cookies\glara@targetnet[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Glara\Cookies\glara@target[1].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Glara\Cookies\glara@tradedoubler[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Glara\Cookies\glara@trafficmp[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Glara\Cookies\glara@tribalfusion[2].txt
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Glara\Cookies\glara@valueclick[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][1].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][1].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Glara\Cookies\glara@xiti[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Glara\Cookies\glara@zedo[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Glara\Local Settings\Temp\Cookies\[email protected][1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Glara\Local Settings\Temp\Cookies\glara@advertising[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Glara\Local Settings\Temp\Cookies\glara@atdmt[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Glara\Local Settings\Temp\Cookies\glara@casalemedia[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Glara\Local Settings\Temp\Cookies\glara@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Glara\Local Settings\Temp\Cookies\glara@fastclick[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Glara\Local Settings\Temp\Cookies\glara@mediaplex[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Glara\Local Settings\Temp\Cookies\glara@realmedia[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Glara\Local Settings\Temp\Cookies\glara@trafficmp[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Glara\Local Settings\Temp\Cookies\glara@tribalfusion[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\rjjdmvmu.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\rjjdmvmu.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\rjjdmvmu.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\rjjdmvmu.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\rjjdmvmu.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\rjjdmvmu.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\rjjdmvmu.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\rjjdmvmu.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\rjjdmvmu.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\rjjdmvmu.default\cookies.txt[.ad.yieldmanager.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\rjjdmvmu.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\rjjdmvmu.default\cookies.txt[.ad.yieldmanager.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\rjjdmvmu.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\rjjdmvmu.default\cookies.txt[.microsofteup.112.2o7.net/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\rjjdmvmu.default\cookies.txt[.go.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\rjjdmvmu.default\cookies.txt[.statse.webtrendslive.com/S134168]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\rjjdmvmu.default\cookies.txt[.statse.webtrendslive.com/S0014-01-3-13-180631-60051]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Cookies\owner@247realmedia[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Cookies\owner@2o7[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Owner\Cookies\owner@adrevolver[1].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Cookies\owner@atwola[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\Cookies\owner@belnk[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Owner\Cookies\owner@bluestreak[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Owner\Cookies\owner@burstnet[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Owner\Cookies\owner@casalemedia[2].txt
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Owner\Cookies\owner@did-it[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Owner\Cookies\owner@fastclick[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Cookies\owner@go[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Owner\Cookies\owner@hitbox[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner\Cookies\owner@mediaplex[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Owner\Cookies\owner@overture[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Owner\Cookies\owner@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Cookies\owner@realmedia[2].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Owner\Cookies\owner@revenue[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Cookies\owner@serving-sys[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Owner\Cookies\owner@statcounter[2].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][3].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Owner\Cookies\owner@target[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Owner\Cookies\owner@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Owner\Cookies\owner@xiti[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Owner\Cookies\owner@zedo[1].txt
Virus:Bck/Agent.FKJ Disinfected C:\WINDOWS\1045\JJG_setup.exe
Virus:Trj/Agent.FHL Disinfected C:\WINDOWS\melonsrv.dll
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\nircmd.exe
Virus:Trj/Agent.FHL Disinfected C:\WINDOWS\system32\~res0003.exe
Virus:Trj/Agent.FHL Disinfected C:\_OTMoveIt\MovedFiles\WINDOWS\nerochk.exe
Virus:Trj/Agent.FHL Disinfected C:\_OTMoveIt\MovedFiles\WINDOWS\system32\drivers\erelog.exe
THIS IS THE FRESH (after scanning with panda and "moving it") HIJACKTHIS log
Logfile of HijackThis v1.99.1
Scan saved at 11:17:55 PM, on 6/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file)
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NateOnMain] C:\Program Files\NATEON\Addin\B926D852-194B-4c62-9C73-3F0ECA8950EA\NateOnMain.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSNMessenger] "C:\Program Files\MSN Messenger\Device Manager\Loc\3099\msnmsgr.exe"
O4 - HKLM\..\Run: [asro] C:\WINDOWS\asrotray.exe
O4 - HKCU\..\Run: [NateOnMain] C:\Program Files\NATEON\Addin\B926D852-194B-4c62-9C73-3F0ECA8950EA\NateOnMain.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [iNTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} (GomWeb Control) - http://app.ipop.co.kr/gom/GomWeb.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCEF5CDE-BAD4-4532-A30B-9D16D502DE69} (BugsInstallEx Control) - http://install.bugs.co.kr/install/BugsInstallerEx.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Error Event Log (ereventlog) - Unknown owner - C:\WINDOWS\system32\drivers\erelog.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCI lagacy (PCIlagacy) - Unknown owner - C:\WINDOWS\nerochk.exe (file missing)
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
P.S. thank you for helping me so much. I have never felt luckier.
THANK YOU SERIOUSLY!
-
yea sorry i carelessly forgot to paste the rest of it in stupid me.
Oh and quick question before i post.
I remember i was in the regedit place...and i think i accidentally deleted one of my realtek functions which automatically detects a headphone/microphone in the beginning. Because now i have to constantly go back to the realtek folder in program files and run the audio wizard whenever i want to use my headset.
How can i make it so it functions again whenever i start the computer?
Oh and the virus doesn't install anymore woot!
but i know there's still more to do
"Edmundo Unit" - 2007-06-04 14:48:12 Service Pack 2 NTFS
ComboFix 07-06-3 - Running from: "C:\Documents and Settings\Edmundo Unit\Desktop\"
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\winupdate
C:\WINDOWS\system32\msmon.sys
((((((((((((((((((((((((( Files Created from 2007-05-04 to 2007-06-04 )))))))))))))))))))))))))))))))
2007-06-04 07:51 <DIR> d-------- C:\WINDOWS\1088
2007-06-03 20:52 <DIR> d-------- C:\Program Files\uhelp
2007-06-03 07:58 <DIR> d-------- C:\NVSTEREO.LOG
2007-06-03 07:33 53,248 --a------ C:\WINDOWS\system32\mswasie.exe
2007-06-03 07:33 221,184 --a------ C:\WINDOWS\system32\install.exe
2007-06-01 08:19 222,568 --a------ C:\WINDOWS\system32\carion.exe
2007-05-31 17:16 221,643 --a------ C:\WINDOWS\system32\ccman.exe
2007-05-31 16:34 421 --a------ C:\WINDOWS\system32\ccman.sys
2007-05-31 16:34 218,624 --a------ C:\WINDOWS\system32\ccmansetup.exe
2007-05-31 16:34 <DIR> d-------- C:\ktf
2007-05-31 00:48 69,632 --a------ C:\WINDOWS\rundl64.exe
2007-05-30 12:50 188,416 --a------ C:\WINDOWS\system32\apo.dll
2007-05-30 12:50 <DIR> d-------- C:\WINDOWS\1059
2007-05-30 12:50 <DIR> d-------- C:\WINDOWS\1057
2007-05-29 09:06 347 --a------ C:\WINDOWS\system32\takeup.sys
2007-05-29 09:06 226,304 --a------ C:\WINDOWS\system32\takeup.exe
2007-05-29 09:06 208,896 --a------ C:\WINDOWS\msconfig_uninstaller.exe
2007-05-29 09:06 <DIR> d-------- C:\WINDOWS\system32\nwproc
2007-05-29 09:06 <DIR> d-------- C:\WINDOWS\1045
2007-05-29 09:06 <DIR> d-------- C:\Program Files\nwproc
2007-05-28 15:36 <DIR> d-------- C:\DOCUME~1\Glara\APPLIC~1\Viewpoint
2007-05-28 08:25 <DIR> d-------- C:\WINDOWS\1051
2007-05-26 18:39 204,800 --a------ C:\WINDOWS\system32\urluninstaller.exe
2007-05-24 17:21 1,718 --a------ C:\WINDOWS\system32\exchange.sys
2007-05-22 19:45 458,752 --a------ C:\WINDOWS\LinkProSetupAx_8.exe
2007-05-22 19:45 15,872 --a------ C:\WINDOWS\system32\linkpro.exe
2007-05-20 17:37 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2007-05-19 21:29 <DIR> d-------- C:\DOCUME~1\EDMUND~1\APPLIC~1\dvdcss
2007-05-18 22:54 <DIR> d--h----- C:\WINDOWS\HUL
2007-05-15 15:26 <DIR> d-------- C:\WINDOWS\1365
2007-05-14 01:35 246,784 --a------ C:\WINDOWS\dlwl.exe
2007-05-11 16:53 57,344 --a------ C:\WINDOWS\melonsrv.dll
2007-05-11 16:53 40,960 --a------ C:\WINDOWS\nerochk.exe
2007-05-11 16:53 35,840 --a------ C:\WINDOWS\nvdualhd.exe
2007-05-10 21:48 1,543 --a------ C:\WINDOWS\system32\fine.sys
2007-05-10 21:48 1,486 --a------ C:\WINDOWS\uninstall_all.sys
2007-05-10 21:47 <DIR> d-------- C:\WINDOWS\1369
2007-05-10 16:51 <DIR> d-------- C:\WINDOWS\1358
2007-05-08 21:17 345,600 --a------ C:\WINDOWS\system32\super.exe
2007-05-08 21:02 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-03 15:12:13 -------- d-----w C:\DOCUME~1\EDMUND~1\APPLIC~1\Uniblue
2007-06-03 15:05:16 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-03 15:05:15 -------- d-----w C:\Program Files\Netmarble
2007-06-03 03:01:18 -------- d-----w C:\Program Files\Windows Media Connect 2
2007-06-02 00:12:06 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-05-30 19:52:31 -------- d-----w C:\DOCUME~1\EDMUND~1\APPLIC~1\Lavasoft
2007-05-29 20:38:15 -------- d-----w C:\Program Files\Steam
2007-05-26 04:51:56 -------- d-----w C:\DOCUME~1\EDMUND~1\APPLIC~1\Azureus
2007-05-01 23:49:17 94,208 ----a-w C:\WINDOWS\system32\~res0003.exe
2007-04-29 15:31:55 204,800 ----a-w C:\WINDOWS\system32viuninstaller.exe
2007-04-29 15:31:32 53,248 ----a-w C:\WINDOWS\system32\spintmp.exe
2007-04-26 01:58:32 200,704 ----a-w C:\WINDOWS\system32\pcsafe_uninstaller.exe
2007-04-25 22:58:38 242,688 ----a-w C:\WINDOWS\system32\uninst_vcpr.exe
2007-04-22 00:41:02 204,800 ----a-w C:\WINDOWS\system32\rsq.exe
2007-04-19 03:29:57 -------- d-----w C:\Program Files\Winamp
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-15 16:45:35 -------- d-----w C:\Program Files\Norton AntiVirus
2007-04-15 16:42:30 -------- d-----w C:\Program Files\Symantec
2007-04-15 16:42:28 48,776 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-04-15 16:42:28 115,000 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-04-14 04:40:48 204,800 ----a-w C:\WINDOWS\system32\viuninstaller.exe
2007-04-14 04:34:02 242,176 ----a-w C:\WINDOWS\system32\uninst_zerov.exe
2007-04-11 22:49:17 94,309 ----a-w C:\WINDOWS\Nate_Setup19.exe
2007-04-10 01:59:44 200,704 ----a-w C:\WINDOWS\system32\vacprouninstaller.exe
2007-04-08 03:56:02 -------- d-----w C:\Program Files\iTunes
2007-04-08 03:55:53 -------- d-----w C:\Program Files\iPod
2007-04-08 03:55:26 -------- d-----w C:\Program Files\QuickTime
2007-04-08 03:53:15 -------- d-----w C:\Program Files\Apple Software Update
2007-03-29 20:51:46 300,784 ----a-w C:\WINDOWS\system32\Bugsctrl.dll
2007-03-29 01:51:54 538,256 ----a-w C:\WINDOWS\system32\SymNeti.dll
2007-03-29 01:51:52 161,424 ----a-w C:\WINDOWS\system32\SymRedir.dll
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-03-08 03:02:36 6,420,160 ----a-w C:\WINDOWS\system32\FoxSetup_Monkey3.exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 02:56]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-04-17 13:32]
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}=C:\Program Files\Norton AntiVirus\NavShExt.dll [2007-04-02 19:19]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"NateOnMain"="C:\Program Files\NATEON\Addin\B926D852-194B-4c62-9C73-3F0ECA8950EA\NateOnMain.exe" []
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 23:19]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-06-03 17:33]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NateOnMain"="C:\Program Files\NATEON\Addin\B926D852-194B-4c62-9C73-3F0ECA8950EA\NateOnMain.exe" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"Uniblue RegistryBooster2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"SystemManager"=C:\WINDOWS\system32\a3p.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*
Contents of the 'Scheduled Tasks' folder
2007-06-04 14:53:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-02 04:27:01 C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Edmundo Unit.job
**************************************************************************
catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-04 14:52:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-06-04 14:52:38
C:\ComboFix-quarantined-files.txt ... 2007-06-04 14:52
--- E O F ---
-
well thank you song~
here is the combofix log file (weirdly it didnt ask me to reboot the computer)
Combofix log file
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"Uniblue RegistryBooster2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"SystemManager"=C:\WINDOWS\system32\a3p.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*
Contents of the 'Scheduled Tasks' folder
2007-06-04 14:53:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-02 04:27:01 C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Edmundo Unit.job
**************************************************************************
catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-04 14:52:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-06-04 14:52:38
C:\ComboFix-quarantined-files.txt ... 2007-06-04 14:52
--- E O F ---
Here is my new hijackthis log.
Logfile of HijackThis v1.99.1
Scan saved at 2:56:12 PM, on 6/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\nvdualhd.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file)
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NateOnMain] C:\Program Files\NATEON\Addin\B926D852-194B-4c62-9C73-3F0ECA8950EA\NateOnMain.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [NateOnMain] C:\Program Files\NATEON\Addin\B926D852-194B-4c62-9C73-3F0ECA8950EA\NateOnMain.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [iNTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} (GomWeb Control) - http://app.ipop.co.kr/gom/GomWeb.cab
O16 - DPF: {BCEF5CDE-BAD4-4532-A30B-9D16D502DE69} (BugsInstallEx Control) - http://install.bugs.co.kr/install/BugsInstallerEx.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Error Event Log (ereventlog) - Unknown owner - C:\WINDOWS\system32\drivers\erelog.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCI lagacy (PCIlagacy) - Unknown owner - C:\WINDOWS\nerochk.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
THANK YOU SO MUCH! PLEASE REPLY BACK WITH MORE DETAILS!
peace
p.s. combofix created a quarantine folder...what should i do with it?
-
wow so pro.
So yea if i do that will the errors or korean trojans or whatever be deleted/fixed?
Because you say this is a good start....?
And after your message there is a line
------------
Then it says things like you need
and things like you want...do i have to download that or do you just put that in every message you post?
Thanks!
Im at a community college right now waiting for my sister to finish signing up for some summer college classes and im typing this message to you
Thanks for helping again!
Im going to go home and fix this right away!
-
Logfile of HijackThis v1.99.1
Scan saved at 8:23:13 AM, on 6/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\nvdualhd.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\asrotray.exe
C:\Program Files\MSN Messenger\Device Manager\Loc\3099\msnmsgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\ktf\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Edmundo Unit\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: linkprohelper - {11E78485-C932-4944-BDCD-3B57CD676E5C} - (no file)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: NetCtrl Class - {68FACDB7-76C2-481F-BED0-5176BFC06F40} - C:\WINDOWS\system32\jng.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: chkprc Class - {7DA7BE7D-A382-4AA7-A125-CA55A2070125} - C:\WINDOWS\system32\onpcs.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: ApoUp Class - {DA96C092-D3A6-4772-AB95-21523D152BEA} - C:\WINDOWS\system32\apo.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [asro] C:\WINDOWS\asrotray.exe
O4 - HKLM\..\Run: [NateOnMain] C:\Program Files\NATEON\Addin\B926D852-194B-4c62-9C73-3F0ECA8950EA\NateOnMain.exe
O4 - HKLM\..\Run: [MSNMessenger] "C:\Program Files\MSN Messenger\Device Manager\Loc\3099\msnmsgr.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Xweb] "C:\Program Files\SoftForum\XecureWeb\ActiveX\Xecureweb.exe"
O4 - HKLM\..\Run: [sdae] "C:\ktf\svchost.exe"
O4 - HKLM\..\Run: [ccman] C:\WINDOWS\system32\ccman.exe
O4 - HKLM\..\Run: [carion] C:\WINDOWS\system32\carion.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [rundl64] C:\WINDOWS\rundl64.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [exfine] C:\Program Files\Common Files\System\exfine.exe
O4 - HKCU\..\Run: [asro] C:\WINDOWS\asrotray.exe
O4 - HKCU\..\Run: [MSNMessenger] "C:\Program Files\MSN Messenger\Device Manager\Loc\3099\msnmsgr.exe"
O4 - HKCU\..\Run: [NateOnMain] C:\Program Files\NATEON\Addin\B926D852-194B-4c62-9C73-3F0ECA8950EA\NateOnMain.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Xweb] "C:\Program Files\SoftForum\XecureWeb\ActiveX\Xecureweb.exe"
O4 - HKCU\..\Run: [mswasie.exe] C:\WINDOWS\system32\mswasie.exe
O4 - HKCU\..\Run: [uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [iNTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} (GomWeb Control) - http://app.ipop.co.kr/gom/GomWeb.cab
O16 - DPF: {BCEF5CDE-BAD4-4532-A30B-9D16D502DE69} (BugsInstallEx Control) - http://install.bugs.co.kr/install/BugsInstallerEx.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Error Event Log (ereventlog) - Unknown owner - C:\WINDOWS\system32\drivers\erelog.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCI lagacy (PCIlagacy) - Unknown owner - C:\WINDOWS\nerochk.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
-
hi...im very nervous and paranoid when it comes to worms/trojans/viruses.
I remember the first time i had a virus...my computer shut down automatically and when i tried rebooting the comp...it get to the win logon page and then restart automatically continuously..OH horrible
Anyway...i'm very afraid right now also.
I currently have a Gateway computer bought in late 2004 505 GR model number XAB49 210 03895 and lately...i've been getting Korean viruses (i know because i can read it)
They would happen sometimes when i would start my computer, these "antivirus" programs would install automatically into my computer and say that i have viruses etc...probably they were advertisements.
And everytime i deleted it...new ones would come out...so today morning, i got very mad and tired of it because it started installing programs like Windows freesearch, uccsearchapplication, etc. (which i know are viruses because none of them showed up in google)
So i tried my best.
Then i came across a weird folder "ktf" in my C: drive.
It WASN'T in the WINDOWS folder...and strangely the file inside the ktf folder was a svchost.exe with a weird/stylish gray icon.
One of my friends told me it should immediately be deleted...but it couldn't...because then i would take a risk of breaking my computer from ending the wrong svchost.exe in the processes.
So i'm very confused...how can i get rid of this?
Not only that, but i scanned my comp with NAV 2007 with the latest definitions..detecting no threat.
Then i scanned it with AVG Free edition from cnet.com and it detected 5 trojan droppers from my computer which it successfully deleted.
Yet even AVG with the latest definitions do not detect that "foreign" folder as a threat.
Can you guys recommend me any solutions that can help me delete this pestering problem?
I mean i have a restore dvd but i don't want to delete all my materials.
Plus if i do get something like an external hard drive to my materials in...im pretty sure the virus can get in also.
PLEASE REPLY! THANK YOU!
Two Smss And Vmnat Processes?
in Malware Removal
Posted
I have been constantly finding install exe's by the title of "MFC 응용 프로그램" inside WINDOWS folder.
It's korean...and i've searched it on google and it seems like it's microsoft oriented...but it had the same title for those weird korean anti virus programs that constantly installed themselves in my comp.
Here is my hijackthis log.
Oh and i've checked vmnat and smss processes from where they came from...and in those folder that korean thing was in there.
PLEASE HELP.
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\MSN Messenger\Device Manager\Loc\3099\msnmsgr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\DirectX\Dinput\smss.exe
C:\WINDOWS\AppPatch\vmnat.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\AIM\aim.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MSNMessenger] "C:\Program Files\MSN Messenger\Device Manager\Loc\3099\msnmsgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [smss] "C:\WINDOWS\system32\DirectX\Dinput\smss.exe"
O4 - HKLM\..\Run: [vmnat] "C:\WINDOWS\AppPatch\vmnat.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSNMessenger] "C:\Program Files\MSN Messenger\Device Manager\Loc\3099\msnmsgr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [vmnat] "C:\WINDOWS\AppPatch\vmnat.exe"
O4 - HKCU\..\Run: [smss] "C:\WINDOWS\system32\DirectX\Dinput\smss.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [iNTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} (GomWeb Control) - http://app.ipop.co.kr/gom/GomWeb.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCEF5CDE-BAD4-4532-A30B-9D16D502DE69} (BugsInstallEx Control) - http://install.bugs.co.kr/install/BugsInstallerEx.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCI lagacy (PCIlagacy) - Unknown owner - C:\WINDOWS\nerochk.exe (file missing)
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe