itsjennyfer Posted July 4, 2007 Report Share Posted July 4, 2007 I took another System Scan/Log, and I got the following:(I've posted before and I was told to make a new topic.Anyhow, help would be appreciated!)Logfile of HijackThis v1.99.1Scan saved at 6:10:22 PM, on 07/03/07Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Network Associates\Common Framework\FrameworkService.exeC:\Program Files\Network Associates\VirusScan\Mcshield.exeC:\Program Files\Network Associates\VirusScan\VsTskMgr.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\system32\PSIService.exeC:\Program Files\Common Files\Algsvc.exeC:\Program Files\Common Files\System\Ctfsys.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\System\Npchosts.exeC:\Program Files\Common Files\services\syssvc.exeC:\Program Files\NATEON\Addin\B926D852-194B-4c62-9C73-3F0ECA8950EA\NateOnMain.exeC:\Program Files\MSN Messenger\Device Manager\Loc\3099\msnmsgr.exeC:\WINDOWS\system32\servcies\servcies.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\Program Files\DAEMON Tools\daemon.exeC:\WINDOWS\system32\2051\spoo1sv.exeC:\Program Files\Network Associates\VirusScan\SHSTAT.EXEC:\Program Files\Network Associates\Common Framework\UpdaterUI.exeC:\Program Files\QuickTime\qttask.exeC:\WINDOWS\system32\DirectX\Dinput\smss.exeC:\WINDOWS\AppPatch\vmnat.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\system32\ctfmon.exeC:\PROGRA~1\MSNMES~1\msnmsgr.exeC:\WINDOWS\system32\cmd.exeC:\WINDOWS\system32\conime.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\asrotray.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\MSN Messenger\usnsvc.exeC:\Program Files\Common Files\AOL\1136571358\ee\aolsoftware.exec:\program files\common files\aol\1136571358\ee\aexplore.exeC:\Program Files\AIM6\aim6.exeC:\Program Files\AIM6\aolsoftware.exeC:\WINDOWS\system32\msiexec.exeC:\Program Files\TI Education\TI Connect\TIConnect.exeC:\Program Files\TI Education\TI Connect\TISendTo.exeC:\Documents and Settings\Jennifer\Local Settings\Temporary Internet Files\Content.IE5\4M6OD3P4\HijackThis[1].exeO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {674F65AF-2475-4D18-97B4-E74603F23F97} - C:\WINDOWS\system32\bridge.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO2 - BHO: Windows Guide Plus - {7CE3FFFE-53D6-47b5-896D-D4233C77E271} - C:\WINDOWS\system32\prvsvrs.dllO2 - BHO: chkprc Class - {7DA7BE7D-A382-4AA7-A125-CA55A2070125} - C:\WINDOWS\system32\onpcs.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: (no name) - {900F4412-C5F4-4B5C-BF5D-F73D5D458B9B} - C:\PROGRA~1\POINTP~1\pplus.dllO2 - BHO: CDLPObj Object - {BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} - C:\WINDOWS\DLP.dllO2 - BHO: (no name) - {C449AB75-308B-4428-A710-C68B8E87E0D5} - C:\WINDOWS\system32\pket.dllO2 - BHO: ApoUp Class - {DA96C092-D3A6-4772-AB95-21523D152BEA} - C:\WINDOWS\system32\apo.dllO4 - HKLM\..\Run: [NateOnMain] C:\Program Files\NATEON\Addin\B926D852-194B-4c62-9C73-3F0ECA8950EA\NateOnMain.exeO4 - HKLM\..\Run: [MSNMessenger] "C:\Program Files\MSN Messenger\Device Manager\Loc\3099\msnmsgr.exe"O4 - HKLM\..\Run: [servcies] C:\WINDOWS\system32\servcies\servcies.exeO4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033O4 - HKLM\..\Run: [spoo1sv] C:\WINDOWS\system32\2051\spoo1sv.exeO4 - HKLM\..\Run: [asro] C:\WINDOWS\asrotray.exeO4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONEO4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKeyO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [smss] "C:\WINDOWS\system32\DirectX\Dinput\smss.exe"O4 - HKLM\..\Run: [vmnat] "C:\WINDOWS\AppPatch\vmnat.exe"O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [exmon] C:\Program Files\Common Files\System\exmon.exeO4 - HKCU\..\Run: [NateOnMain] C:\Program Files\NATEON\Addin\B926D852-194B-4c62-9C73-3F0ECA8950EA\NateOnMain.exeO4 - HKCU\..\Run: [MSNMessenger] "C:\Program Files\MSN Messenger\Device Manager\Loc\3099\msnmsgr.exe"O4 - HKCU\..\Run: [servcies] C:\WINDOWS\system32\servcies\servcies.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [spoo1sv] C:\WINDOWS\system32\2051\spoo1sv.exeO4 - HKCU\..\Run: [asro] C:\WINDOWS\asrotray.exeO4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /backgroundO4 - HKCU\..\Run: [vmnat] "C:\WINDOWS\AppPatch\vmnat.exe"O4 - HKCU\..\Run: [smss] "C:\WINDOWS\system32\DirectX\Dinput\smss.exe"O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.htaO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLLO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exeO9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: begin tool - {F1F7763D-712D-4E24-A2EC-869982331C1C} - c:\program files\shopbegin\view.exe (HKCU)O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dllO11 - Options group: [iNTERNATIONAL] International*O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cabO16 - DPF: {0AE0F5F9-8233-49A4-A3C8-004CE190787B} (BMSpeedCheck Control) - http://www.pdbox.co.kr/boxmedia/ctrl_down/BMSpeedCheck.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cabO16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocxO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1166380705968O16 - DPF: {84F7A3A9-B92A-41F4-890F-83F2DC0ADB7E} (ToolBarInstall Control) - http://toolbar.imbc.com/toolbar/MBCToolBar.cabO16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cabO16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures04.aim.com/ygp/aol/plugin/u...AIM.9.5.1.8.cabO16 - DPF: {A65552CC-8138-4D22-BEC8-4D0AFB2786BC} (melonset Class) - http://www.melon.com/utility/player/vod/package/melonset.cabO16 - DPF: {C296DB5F-4B01-47E1-AB57-C590BE769111} (MOPlayerWnd Class) - http://www.melon.com/cab/P3Melon.cabO16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{4AEE0E76-4ED3-4165-BF37-93704B1214CB}: NameServer = 192.168.2.1O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - D:\CDS300\__CDS2.dll (file missing)O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dllO20 - Winlogon Notify: mlljh - C:\WINDOWS\system32\mlljh.dll (file missing)O20 - Winlogon Notify: msrd2x40 - ircIass.dll (file missing)O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO21 - SSODL: mqcfqpvw - {314F53CD-F1E8-4589-B9AC-9A8EDBC0198E} - C:\WINDOWS\system32\mqcfqpvw.dll (file missing)O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: C-DillaService - Unknown owner - C:\WINDOWS\system32\drivers\CDANSRV.EXEO23 - Service: comcli Service (comcli) - Unknown owner - C:\WINDOWS\system32\comcli.exeO23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXEO23 - Service: Local Manager lagacy (LMlagacy) - Unknown owner - C:\WINDOWS\ctfmon.exe (file missing)O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exeO23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exeO23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exeO23 - Service: mrtgupd Service (mrtgupd) - Unknown owner - C:\WINDOWS\system32\mrtgupd.exe (file missing)O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exeO23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exeO23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exeO23 - Service: Session Simulator (sessionsim) - Unknown owner - C:\Program Files\NetMeeting\sssnsml.exeO23 - Service: Web Brower (spoolsvc_c1) - Unknown owner - C:\Program Files\Common Files\Algsvc.exeO23 - Service: Distribute Support (spoolsvc_c2) - Unknown owner - C:\Program Files\Common Files\System\Ctfsys.exeO23 - Service: Security Support (spoolsvc_c3) - Unknown owner - C:\Program Files\Common Files\System\Npchosts.exeO23 - Service: Application Manager (spoolsvc_m) - Unknown owner - C:\Program Files\Common Files\services\syssvc.exeO23 - Service: Toggle Analysis (tgglana) - Unknown owner - C:\WINDOWS\system32\togglelg.exeO23 - Service: Typer Interface Service (typemgr2) - Unknown owner - C:\WINDOWS\system32\Macromed\hddmgrs.exeThank you in advance Link to post Share on other sites
Matt Posted July 8, 2007 Report Share Posted July 8, 2007 Hi jennifer,First download AVG Anti-Spyware from HERE and save that file to your desktop.This is a 30 day trial of the programOnce you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.On the main screen select the icon "Update" then select the "Update now" link.Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.[*]Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.[*]Once in the Settings screen click on "Recommended actions" and then select "Quarantine".[*]Under "Reports"Select "Automatically generate report after every scan"Un-Select "Only if threats were found"Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.Once the scan is complete do the following:If you have any infections you will prompted, then select "Apply all actions"Next select the "Reports" icon at the top.Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan and a new HJT log. Link to post Share on other sites
itsjennyfer Posted July 9, 2007 Author Report Share Posted July 9, 2007 Hi jennifer,First download AVG Anti-Spyware from HERE and save that file to your desktop.This is a 30 day trial of the programOnce you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.On the main screen select the icon "Update" then select the "Update now" link.Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.[*]Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.[*]Once in the Settings screen click on "Recommended actions" and then select "Quarantine".[*]Under "Reports"Select "Automatically generate report after every scan"Un-Select "Only if threats were found"Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.Once the scan is complete do the following:If you have any infections you will prompted, then select "Apply all actions"Next select the "Reports" icon at the top.Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan and a new HJT log.Oh, but when the scan was completed, there was no report to be saved, strangely. I clicked Apply all actions and after it .. I guessed went through all about 200 traces with a "done" sign, I clicked REports icon but there was nothing to click or save.Did I do something wrong? Link to post Share on other sites
Matt Posted July 9, 2007 Report Share Posted July 9, 2007 Hi jennifer. Just post a new HJT log and we'll work from there. Link to post Share on other sites
itsjennyfer Posted July 9, 2007 Author Report Share Posted July 9, 2007 Oh wait nevermind I got the report! I was trying to delete the other post but I didn't find a delete key.HJTLogfile of HijackThis v1.99.1Scan saved at 7:59:05 PM, on 07/08/07Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Network Associates\Common Framework\FrameworkService.exeC:\Program Files\Network Associates\VirusScan\Mcshield.exeC:\Program Files\Network Associates\VirusScan\VsTskMgr.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\system32\PSIService.exeC:\Program Files\Common Files\Algsvc.exeC:\Program Files\Common Files\System\Ctfsys.exeC:\Program Files\Common Files\System\Npchosts.exeC:\Program Files\Common Files\services\syssvc.exeC:\Program Files\NATEON\Addin\B926D852-194B-4c62-9C73-3F0ECA8950EA\NateOnMain.exeC:\Program Files\MSN Messenger\Device Manager\Loc\3099\msnmsgr.exeC:\WINDOWS\system32\servcies\servcies.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\Program Files\DAEMON Tools\daemon.exeC:\Program Files\Network Associates\VirusScan\SHSTAT.EXEC:\Program Files\Network Associates\Common Framework\UpdaterUI.exeC:\Program Files\QuickTime\qttask.exeC:\WINDOWS\system32\DirectX\Dinput\smss.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Services\nwa01.exeC:\WINDOWS\system32\fxcursn.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Common Files\Services\insdwe01.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\conime.exeC:\WINDOWS\explorer.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Opera\Opera.exeC:\Documents and Settings\Jennifer\Desktop\HijackThis.exeO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: PowerLObj Class - {65D3B062-938C-4BB6-89B7-9E6FCD184E01} - C:\WINDOWS\system32\PowerL.dllO2 - BHO: (no name) - {674F65AF-2475-4D18-97B4-E74603F23F97} - C:\WINDOWS\system32\bridge.dll (file missing)O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO2 - BHO: Windows Guide Plus - {7CE3FFFE-53D6-47b5-896D-D4233C77E271} - C:\WINDOWS\system32\prvsvrs.dllO2 - BHO: chkprc Class - {7DA7BE7D-A382-4AA7-A125-CA55A2070125} - C:\WINDOWS\system32\onpcs.dll (file missing)O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: (no name) - {900F4412-C5F4-4B5C-BF5D-F73D5D458B9B} - C:\PROGRA~1\POINTP~1\pplus.dllO2 - BHO: (no name) - {C449AB75-308B-4428-A710-C68B8E87E0D5} - C:\WINDOWS\system32\pket.dllO2 - BHO: ApoUp Class - {DA96C092-D3A6-4772-AB95-21523D152BEA} - C:\WINDOWS\system32\apo.dll (file missing)O4 - HKLM\..\Run: [NateOnMain] C:\Program Files\NATEON\Addin\B926D852-194B-4c62-9C73-3F0ECA8950EA\NateOnMain.exeO4 - HKLM\..\Run: [MSNMessenger] "C:\Program Files\MSN Messenger\Device Manager\Loc\3099\msnmsgr.exe"O4 - HKLM\..\Run: [servcies] C:\WINDOWS\system32\servcies\servcies.exeO4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONEO4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKeyO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [smss] "C:\WINDOWS\system32\DirectX\Dinput\smss.exe"O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [nwa01] c:\Program Files\Common Files\Services\nwa01.exeO4 - HKLM\..\Run: [inwa01] c:\Program Files\Internet Explorer\inwa01.exeO4 - HKLM\..\Run: [netfxsbs20] C:\WINDOWS\Microsoft.NET\\Framework\netfxsbs20.exeO4 - HKLM\..\Run: [nwapi32] C:\WINDOWS\system32\dllcache\nwapi32.exeO4 - HKLM\..\Run: [fxserv] C:\WINDOWS\system32\fxcursn.exeO4 - HKLM\..\Run: [spooler] C:\WINDOWS\system32\spool\spooler.exeO4 - HKLM\..\Run: [insdwe01] c:\Program Files\Common Files\Services\insdwe01.exeO4 - HKLM\..\Run: [iinsdwe01] c:\Program Files\Internet Explorer\iinsdwe01.exeO4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimizedO4 - HKLM\..\Run: [ip4fw] C:\WINDOWS\system32\drivers\ip4fw.exeO4 - HKCU\..\Run: [NateOnMain] C:\Program Files\NATEON\Addin\B926D852-194B-4c62-9C73-3F0ECA8950EA\NateOnMain.exeO4 - HKCU\..\Run: [MSNMessenger] "C:\Program Files\MSN Messenger\Device Manager\Loc\3099\msnmsgr.exe"O4 - HKCU\..\Run: [servcies] C:\WINDOWS\system32\servcies\servcies.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [spoo1sv] C:\WINDOWS\system32\2051\spoo1sv.exeO4 - HKCU\..\Run: [asro] C:\WINDOWS\asrotray.exeO4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /backgroundO4 - HKCU\..\Run: [smss] "C:\WINDOWS\system32\DirectX\Dinput\smss.exe"O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.htaO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLLO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exeO9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: begin tool - {F1F7763D-712D-4E24-A2EC-869982331C1C} - c:\program files\shopbegin\view.exe (HKCU)O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dllO11 - Options group: [iNTERNATIONAL] International*O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cabO16 - DPF: {0AE0F5F9-8233-49A4-A3C8-004CE190787B} (BMSpeedCheck Control) - http://www.pdbox.co.kr/boxmedia/ctrl_down/BMSpeedCheck.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cabO16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocxO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1166380705968O16 - DPF: {84F7A3A9-B92A-41F4-890F-83F2DC0ADB7E} (ToolBarInstall Control) - http://toolbar.imbc.com/toolbar/MBCToolBar.cabO16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cabO16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures04.aim.com/ygp/aol/plugin/u...AIM.9.5.1.8.cabO16 - DPF: {A65552CC-8138-4D22-BEC8-4D0AFB2786BC} (melonset Class) - http://www.melon.com/utility/player/vod/package/melonset.cabO16 - DPF: {C296DB5F-4B01-47E1-AB57-C590BE769111} (MOPlayerWnd Class) - http://www.melon.com/cab/P3Melon.cabO16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{4AEE0E76-4ED3-4165-BF37-93704B1214CB}: NameServer = 192.168.2.1O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - D:\CDS300\__CDS2.dll (file missing)O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dllO20 - Winlogon Notify: mlljh - C:\WINDOWS\system32\mlljh.dll (file missing)O20 - Winlogon Notify: msrd2x40 - ircIass.dll (file missing)O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO21 - SSODL: mqcfqpvw - {314F53CD-F1E8-4589-B9AC-9A8EDBC0198E} - C:\WINDOWS\system32\mqcfqpvw.dll (file missing)O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeO23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: C-DillaService - Unknown owner - C:\WINDOWS\system32\drivers\CDANSRV.EXE (file missing)O23 - Service: comcli Service (comcli) - Unknown owner - C:\WINDOWS\system32\comcli.exe (file missing)O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXEO23 - Service: Local Manager lagacy (LMlagacy) - Unknown owner - C:\WINDOWS\ctfmon.exe (file missing)O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exeO23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exeO23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exeO23 - Service: mrtgupd Service (mrtgupd) - Unknown owner - C:\WINDOWS\system32\mrtgupd.exe (file missing)O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exeO23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exeO23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exeO23 - Service: Session Simulator (sessionsim) - Unknown owner - C:\Program Files\NetMeeting\sssnsml.exeO23 - Service: Web Brower (spoolsvc_c1) - Unknown owner - C:\Program Files\Common Files\Algsvc.exeO23 - Service: Distribute Support (spoolsvc_c2) - Unknown owner - C:\Program Files\Common Files\System\Ctfsys.exeO23 - Service: Security Support (spoolsvc_c3) - Unknown owner - C:\Program Files\Common Files\System\Npchosts.exeO23 - Service: Application Manager (spoolsvc_m) - Unknown owner - C:\Program Files\Common Files\services\syssvc.exeO23 - Service: Toggle Analysis (tgglana) - Unknown owner - C:\WINDOWS\system32\togglelg.exe (file missing)O23 - Service: Typer Interface Service (typemgr2) - Unknown owner - C:\WINDOWS\system32\Macromed\hddmgrs.exe (file missing)&The Report----------------------------------------------------------AVG Anti-Spyware - Scan Report--------------------------------------------------------- + Created at: 7:51:43 PM 07/08/07 + Scan result: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5X6BKPI7\a1128udt[1].exe -> Adware.Ddclick : Cleaned with backup (quarantined).C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4PANWHMV\a1124udt[1].exe -> Adware.Ddclick : Cleaned with backup (quarantined).C:\WINDOWS\Temp\a1124udt.exe -> Adware.Ddclick : Cleaned with backup (quarantined).C:\WINDOWS\Temp\a1128udt.exe -> Adware.Ddclick : Cleaned with backup (quarantined).HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2353FCBC-012D-487B-8BF3-865C0929FBEB} -> Adware.Virtumonde : Cleaned with backup (quarantined).HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2353FCBC-012D-487B-8BF3-865C0929FBEB} -> Adware.Virtumonde : Cleaned with backup (quarantined).HKU\S-1-5-21-577493093-3075917838-3829363503-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2353FCBC-012D-487B-8BF3-865C0929FBEB} -> Adware.Virtumonde : Cleaned with backup (quarantined).C:\WINDOWS\DLP.dll -> Adware.Webdir : Cleaned with backup (quarantined).HKLM\SOFTWARE\Classes\CLSID\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} -> Adware.WebDir : Cleaned with backup (quarantined).HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} -> Adware.WebDir : Cleaned with backup (quarantined).HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} -> Adware.WebDir : Cleaned with backup (quarantined).HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} -> Adware.WebDir : Cleaned with backup (quarantined).HKU\S-1-5-21-577493093-3075917838-3829363503-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} -> Adware.WebDir : Cleaned with backup (quarantined).C:\WINDOWS\system32\faid0.exe -> Adware.Websearch : Cleaned with backup (quarantined).C:\Program Files\Common Files\System\ctfmon.exe -> Backdoor.Agent.apk : Cleaned with backup (quarantined).C:\WINDOWS\system32\vac7.exe -> Backdoor.Ghost : Cleaned with backup (quarantined).C:\WINDOWS\system32\drivers\winhelper.exe -> Backdoor.Hupigon.hk : Cleaned with backup (quarantined).C:\WINDOWS\system32\drivers\pnc.exe -> Backdoor.Ncx.a : Cleaned with backup (quarantined).C:\WINDOWS\system32\bridge.dll -> Backdoor.Nobrain : Cleaned with backup (quarantined).C:\WINDOWS\system32\tqsin.dll -> Backdoor.Prorat.16 : Cleaned with backup (quarantined).C:\Documents and Settings\Jennifer\My Documents\Programs\Extra KeyGens\Adobe.Photoshop.CS3.Crack.exe/crack.exe -> Backdoor.Rbot.bwh : Cleaned with backup (quarantined).C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4PANWHMV\smup-incap[1].exe -> Downloader.Agent.bob : Cleaned with backup (quarantined).C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4PANWHMV\winslr-setup[1].exe -> Downloader.Agent.bob : Cleaned with backup (quarantined).C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\winslr-setup[1].exe -> Downloader.Agent.bob : Cleaned with backup (quarantined).C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W9QVGTUZ\smup-incap[1].exe -> Downloader.Agent.bob : Cleaned with backup (quarantined).C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W9QVGTUZ\winslr-setup[1].exe -> Downloader.Agent.bob : Cleaned with backup (quarantined).C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5X6BKPI7\gatz26[1].exe -> Downloader.Agent.bog : Cleaned with backup (quarantined).C:\WINDOWS\system32\Macromed\hddmgrs.exe -> Downloader.Agent.bog : Cleaned with backup (quarantined).C:\WINDOWS\system32\drivers\erelog.exe -> Downloader.Agent.bog : Cleaned with backup (quarantined).C:\WINDOWS\asrotray.exe -> Downloader.Agent.bsj : Cleaned with backup (quarantined).C:\Program Files\Security Guard\lopa.exe -> Downloader.Agent.btn : Cleaned with backup (quarantined).C:\WINDOWS\vi\opa.exe -> Downloader.Agent.btn : Cleaned with backup (quarantined).C:\WINDOWS\system32\Macromed\cm\cm.exe -> Downloader.Small : Cleaned with backup (quarantined).C:\WINDOWS\system32\Vrunzip.dIl -> Downloader.Small : Cleaned with backup (quarantined).C:\WINDOWS\system32\comcli.exe -> Downloader.Small : Cleaned with backup (quarantined).C:\WINDOWS\system32\dgsetup.dIl -> Downloader.Small : Cleaned with backup (quarantined).C:\WINDOWS\system32\drivers\CDANSRV.EXE -> Downloader.Small : Cleaned with backup (quarantined).C:\WINDOWS\system32\togglelg.exe -> Downloader.Small : Cleaned with backup (quarantined).C:\WINDOWS\system32\~res0003.exe -> Downloader.Small : Cleaned with backup (quarantined).C:\WINDOWS\system32\~tmp1324.exe -> Downloader.Small : Cleaned with backup (quarantined).C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP49\A0014608.exe -> Downloader.Small.eac : Cleaned with backup (quarantined).C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W9QVGTUZ\spintmp10[1].exe -> Downloader.VB.anf : Cleaned with backup (quarantined).C:\WINDOWS\Temp\spintmp10.exe -> Downloader.VB.anf : Cleaned with backup (quarantined).C:\WINDOWS\system32\spintmp.exe -> Downloader.VB.anf : Cleaned with backup (quarantined).C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5X6BKPI7\spdn10[1].exe -> Downloader.VB.ayv : Cleaned with backup (quarantined).C:\WINDOWS\Temp\spdn10.exe -> Downloader.VB.ayv : Cleaned with backup (quarantined).C:\Documents and Settings\Jennifer\Cookies\jennifer@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.:mozilla.151:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.:mozilla.256:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.:mozilla.271:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.:mozilla.299:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.:mozilla.398:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.:mozilla.413:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.:mozilla.43:C:\Documents and Settings\Moon\Application Data\Mozilla\Firefox\Profiles\ki77a5fd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.:mozilla.89:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.:mozilla.90:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.:mozilla.91:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.:mozilla.92:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.:mozilla.93:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.:mozilla.94:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.:mozilla.95:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.:mozilla.96:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.:mozilla.97:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.C:\Documents and Settings\Jennifer\Cookies\jennifer@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.C:\Documents and Settings\LocalService\Cookies\system@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.:mozilla.115:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.:mozilla.116:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.:mozilla.117:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.:mozilla.118:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.:mozilla.119:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt -> TrackingCookie.Adbrite : Cleaned.C:\Documents and Settings\Jennifer\Cookies\jennifer@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt -> TrackingCookie.Adbrite : Cleaned.C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt -> TrackingCookie.Addynamix : Cleaned.:mozilla.470:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Adobe : Cleaned.:mozilla.30:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.:mozilla.36:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.:mozilla.36:C:\Documents and Settings\Moon\Application Data\Mozilla\Firefox\Profiles\ki77a5fd.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.:mozilla.37:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.:mozilla.37:C:\Documents and Settings\Moon\Application Data\Mozilla\Firefox\Profiles\ki77a5fd.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.:mozilla.38:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.:mozilla.38:C:\Documents and Settings\Moon\Application Data\Mozilla\Firefox\Profiles\ki77a5fd.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.:mozilla.39:C:\Documents and Settings\Moon\Application Data\Mozilla\Firefox\Profiles\ki77a5fd.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.:mozilla.20:C:\Documents and Settings\Moon\Application Data\Mozilla\Firefox\Profiles\ki77a5fd.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.:mozilla.7:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt -> TrackingCookie.Burstbeacon : Cleaned.:mozilla.152:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.C:\Documents and Settings\Jennifer\Cookies\jennifer@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt -> TrackingCookie.Burstnet : Cleaned.C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt -> TrackingCookie.Clickhype : Cleaned.:mozilla.163:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Com : Cleaned.:mozilla.164:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Com : Cleaned.C:\Documents and Settings\Jennifer\Cookies\jennifer@com[2].txt -> TrackingCookie.Com : Cleaned.C:\Documents and Settings\Jennifer\Cookies\jennifer@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.:mozilla.21:C:\Documents and Settings\Moon\Application Data\Mozilla\Firefox\Profiles\ki77a5fd.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.:mozilla.34:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.:mozilla.125:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.:mozilla.126:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt -> TrackingCookie.Euroclick : Cleaned.:mozilla.139:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.:mozilla.194:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Findwhat : Cleaned.:mozilla.60:C:\Documents and Settings\Moon\Application Data\Mozilla\Firefox\Profiles\ki77a5fd.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.:mozilla.219:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.:mozilla.220:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.:mozilla.461:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Information : Cleaned.C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt -> TrackingCookie.Information : Cleaned.:mozilla.44:C:\Documents and Settings\Moon\Application Data\Mozilla\Firefox\Profiles\ki77a5fd.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.:mozilla.45:C:\Documents and Settings\Moon\Application Data\Mozilla\Firefox\Profiles\ki77a5fd.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.:mozilla.46:C:\Documents and Settings\Moon\Application Data\Mozilla\Firefox\Profiles\ki77a5fd.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.:mozilla.47:C:\Documents and Settings\Moon\Application Data\Mozilla\Firefox\Profiles\ki77a5fd.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt -> TrackingCookie.Liveperson : Cleaned.:mozilla.35:C:\Documents and Settings\Moon\Application Data\Mozilla\Firefox\Profiles\ki77a5fd.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt -> TrackingCookie.Msn : Cleaned.:mozilla.368:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt -> TrackingCookie.Netflame : Cleaned.:mozilla.314:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Overture : Cleaned.:mozilla.315:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Overture : Cleaned.:mozilla.52:C:\Documents and Settings\Moon\Application Data\Mozilla\Firefox\Profiles\ki77a5fd.default\cookies.txt -> TrackingCookie.Overture : Cleaned.C:\Documents and Settings\Jennifer\Cookies\jennifer@overture[1].txt -> TrackingCookie.Overture : Cleaned.C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned.:mozilla.490:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.:mozilla.127:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.:mozilla.128:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.:mozilla.129:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.:mozilla.130:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.:mozilla.131:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.:mozilla.30:C:\Documents and Settings\Moon\Application Data\Mozilla\Firefox\Profiles\ki77a5fd.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.:mozilla.31:C:\Documents and Settings\Moon\Application Data\Mozilla\Firefox\Profiles\ki77a5fd.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.:mozilla.32:C:\Documents and Settings\Moon\Application Data\Mozilla\Firefox\Profiles\ki77a5fd.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.:mozilla.33:C:\Documents and Settings\Moon\Application Data\Mozilla\Firefox\Profiles\ki77a5fd.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : Cleaned.:mozilla.320:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.:mozilla.321:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.:mozilla.28:C:\Documents and Settings\Moon\Application Data\Mozilla\Firefox\Profiles\ki77a5fd.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.:mozilla.29:C:\Documents and Settings\Moon\Application Data\Mozilla\Firefox\Profiles\ki77a5fd.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.:mozilla.64:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.:mozilla.65:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.C:\Documents and Settings\Jennifer\Cookies\jennifer@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.:mozilla.333:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.:mozilla.334:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.:mozilla.335:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.:mozilla.336:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.:mozilla.337:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.C:\Documents and Settings\Jennifer\Cookies\jennifer@realmedia[2].txt -> TrackingCookie.Realmedia : Cleaned.:mozilla.343:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.:mozilla.344:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.C:\Documents and Settings\Jennifer\Cookies\jennifer@revenue[2].txt -> TrackingCookie.Revenue : Cleaned.:mozilla.42:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.:mozilla.43:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.:mozilla.44:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.:mozilla.45:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.:mozilla.46:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.:mozilla.47:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.:mozilla.48:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.:mozilla.49:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.C:\Documents and Settings\Jennifer\Cookies\jennifer@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.:mozilla.191:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.:mozilla.192:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.:mozilla.48:C:\Documents and Settings\Moon\Application Data\Mozilla\Firefox\Profiles\ki77a5fd.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt -> TrackingCookie.Ru4 : Cleaned.:mozilla.150:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.:mozilla.350:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.:mozilla.351:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.:mozilla.352:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.:mozilla.353:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.:mozilla.354:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.:mozilla.355:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt -> TrackingCookie.Serving-sys : Cleaned.C:\Documents and Settings\Jennifer\Cookies\jennifer@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt -> TrackingCookie.Specificclick : Cleaned.C:\Documents and Settings\Jennifer\Cookies\jennifer@specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.:mozilla.427:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.:mozilla.72:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.:mozilla.73:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.:mozilla.74:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.:mozilla.75:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.:mozilla.76:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.:mozilla.77:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.:mozilla.78:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned.C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt -> TrackingCookie.Tacoda : Cleaned.C:\Documents and Settings\Jennifer\Cookies\jennifer@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.:mozilla.82:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.:mozilla.83:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.:mozilla.84:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.:mozilla.85:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.:mozilla.86:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.:mozilla.87:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.:mozilla.88:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.C:\Documents and Settings\Jennifer\Cookies\jennifer@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.:mozilla.374:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.:mozilla.375:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.C:\Documents and Settings\Jennifer\Cookies\jennifer@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt -> TrackingCookie.Webtrends : Cleaned.:mozilla.71:C:\Documents and Settings\Moon\Application Data\Mozilla\Firefox\Profiles\ki77a5fd.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.:mozilla.72:C:\Documents and Settings\Moon\Application Data\Mozilla\Firefox\Profiles\ki77a5fd.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.C:\Documents and Settings\Jennifer\Cookies\jennifer@yadro[2].txt -> TrackingCookie.Yadro : Cleaned.:mozilla.27:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.:mozilla.28:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.:mozilla.31:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.:mozilla.32:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.:mozilla.33:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.:mozilla.35:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.C:\WINDOWS\system32\apo.dll -> Trojan.BHO.ax : Cleaned with backup (quarantined).C:\WINDOWS\system32\onpcs.dll -> Trojan.BHO.ax : Cleaned with backup (quarantined).C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4PANWHMV\a1207[1].exe -> Trojan.Daum.m : Cleaned with backup (quarantined).C:\WINDOWS\Temp\a1207up.exe -> Trojan.Daum.m : Cleaned with backup (quarantined).C:\WINDOWS\system32\drivers\taskmgr.exe -> Trojan.Daum.m : Cleaned with backup (quarantined).C:\WINDOWS\system32\2051\spoo1sv.exe -> Trojan.Notifier : Cleaned with backup (quarantined).C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\~tmp7630[1].exe -> Trojan.Small : Cleaned with backup (quarantined).C:\WINDOWS\Temp\~tmp7630.exe -> Trojan.Small : Cleaned with backup (quarantined).C:\WINDOWS\inisc.dll -> Trojan.Small : Cleaned with backup (quarantined).C:\WINDOWS\melonsrv.dll -> Trojan.Small : Cleaned with backup (quarantined).C:\WINDOWS\nerochk.exe -> Trojan.Small : Cleaned with backup (quarantined).::Report endThanks ! :] Link to post Share on other sites
Matt Posted July 10, 2007 Report Share Posted July 10, 2007 Boy you've got a messy log! My directions may take a while to complete, but please follow them exactly. Let's get to work...Please print out these directions for use if/when you cannot access this page.Please download VundoFix.exe to your desktopDouble-click VundoFix.exe to run it.Click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.You will receive a prompt asking if you want to remove the files, click YESOnce you click yes, your desktop will go blank as it starts removing Vundo.When completed, it will prompt that it will reboot your computer, click OK.Please post the contents of C:\vundofix.txt in a reply to this thread.Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.Next, please scan with HJT and place a check next to the following items (if present):O2 - BHO: PowerLObj Class - {65D3B062-938C-4BB6-89B7-9E6FCD184E01} - C:\WINDOWS\system32\PowerL.dllO2 - BHO: (no name) - {674F65AF-2475-4D18-97B4-E74603F23F97} - C:\WINDOWS\system32\bridge.dll (file missing)O2 - BHO: Windows Guide Plus - {7CE3FFFE-53D6-47b5-896D-D4233C77E271} - C:\WINDOWS\system32\prvsvrs.dllO2 - BHO: chkprc Class - {7DA7BE7D-A382-4AA7-A125-CA55A2070125} - C:\WINDOWS\system32\onpcs.dll (file missing)O2 - BHO: (no name) - {900F4412-C5F4-4B5C-BF5D-F73D5D458B9B} - C:\PROGRA~1\POINTP~1\pplus.dllO2 - BHO: (no name) - {C449AB75-308B-4428-A710-C68B8E87E0D5} - C:\WINDOWS\system32\pket.dllO2 - BHO: ApoUp Class - {DA96C092-D3A6-4772-AB95-21523D152BEA} - C:\WINDOWS\system32\apo.dll (file missing)O4 - HKLM\..\Run: [nwa01] c:\Program Files\Common Files\Services\nwa01.exeO4 - HKLM\..\Run: [inwa01] c:\Program Files\Internet Explorer\inwa01.exeO4 - HKLM\..\Run: [nwapi32] C:\WINDOWS\system32\dllcache\nwapi32.exeO4 - HKLM\..\Run: [spooler] C:\WINDOWS\system32\spool\spooler.exeO4 - HKLM\..\Run: [insdwe01] c:\Program Files\Common Files\Services\insdwe01.exeO4 - HKLM\..\Run: [iinsdwe01] c:\Program Files\Internet Explorer\iinsdwe01.exeO4 - HKCU\..\Run: [spoo1sv] C:\WINDOWS\system32\2051\spoo1sv.exeO16 - DPF: {84F7A3A9-B92A-41F4-890F-83F2DC0ADB7E} (ToolBarInstall Control) - http://toolbar.imbc.com/toolbar/MBCToolBar.cabO20 - Winlogon Notify: mlljh - C:\WINDOWS\system32\mlljh.dll (file missing)O20 - Winlogon Notify: msrd2x40 - ircIass.dll (file missing)O21 - SSODL: mqcfqpvw - {314F53CD-F1E8-4589-B9AC-9A8EDBC0198E} - C:\WINDOWS\system32\mqcfqpvw.dll (file missing)Then, make sure all browser windows and other applications are closed, and click the Fix Checked button.Please go to UploadMalware to upload a suspicious file for analysis. Enter your username from this forumCopy and paste the link to this threadInput this filename: C:\WINDOWS\system32\servcies\servcies.exeIn the comments, please mention that I asked you to upload this fileClick on Send FileRepeat the above steps for file submission with the following files:C:\WINDOWS\system32\DirectX\Dinput\smss.exeC:\WINDOWS\system32\fxcursn.exeC:\WINDOWS\Microsoft.NET\\Framework\netfxsbs20.exeC:\WINDOWS\system32\drivers\ip4fw.exeC:\WINDOWS\asrotray.exeC:\Program Files\Common Files\Algsvc.exeC:\Program Files\Common Files\System\Ctfsys.exeC:\Program Files\Common Files\System\Npchosts.exeC:\Program Files\Common Files\services\syssvc.exeNext, Please download the Killbox by Option^Explicit.Note: In the event you already have Killbox, this is a new version that I need you to download. Save it to your desktop. Please double-click Killbox.exe to run it. Select: Delete on Reboot then Click on the All Files button.[*]Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):C:\WINDOWS\system32\PowerL.dllC:\WINDOWS\system32\bridge.dllC:\WINDOWS\system32\prvsvrs.dllC:\WINDOWS\system32\onpcs.dllC:\PROGRA~1\POINTP~1\pplus.dllC:\WINDOWS\system32\pket.dllC:\WINDOWS\system32\apo.dllc:\Program Files\Common Files\Services\nwa01.exec:\Program Files\Internet Explorer\inwa01.exeC:\WINDOWS\system32\dllcache\nwapi32.exeC:\WINDOWS\system32\spool\spooler.exec:\Program Files\Common Files\Services\insdwe01.exec:\Program Files\Internet Explorer\iinsdwe01.exeC:\WINDOWS\system32\mlljh.dllC:\WINDOWS\system32\mqcfqpvw.dll[*] Return to Killbox, go to the File menu, and choose Paste from Clipboard.[*]Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).If your computer does not restart automatically, please restart it manually.If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.Please go HERE to run Panda's ActiveScanOnce you are on the Panda site click the Scan your PC buttonA new window will open...click the Check Now buttonEnter your CountryEnter your State/ProvinceEnter your e-mail address and click sendSelect either Home User or CompanyClick the big Scan Now buttonIf it wants to install an ActiveX component allow itIt will start downloading the files it requires for the scan (Note: It may take a couple of minutes)When download is complete, click on My Computer to start the scanWhen the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan reportFinally, post a new HJT log, the ActiveScan report and the VundoFix report. Link to post Share on other sites
itsjennyfer Posted July 10, 2007 Author Report Share Posted July 10, 2007 I know.. haha it's a hugee mess >_<Below are the log, and two reports.However, when deleting the files that I checked in HJT, three of the same error boxes popped up with a long description, but it had a prompt to click Okay to delete/fix them, as I did.Also, for the VundoFix, there was no promt to remove files as it read something like, "No Infections Detected," but I think that's what it says in the following vundo scan.If I did something wrong I'm sorry >_<&Please alert me! I double checked everything I clicked but... HJT LogLogfile of HijackThis v1.99.1Scan saved at 10:14:43 PM, on 07/09/07Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Network Associates\Common Framework\FrameworkService.exeC:\Program Files\Network Associates\VirusScan\Mcshield.exeC:\Program Files\Network Associates\VirusScan\VsTskMgr.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\system32\PSIService.exeC:\Program Files\Common Files\Algsvc.exeC:\Program Files\Common Files\System\Ctfsys.exeC:\Program Files\Common Files\System\Npchosts.exeC:\Program Files\Common Files\services\syssvc.exeC:\WINDOWS\Explorer.EXEC:\Program Files\NATEON\Addin\B926D852-194B-4c62-9C73-3F0ECA8950EA\NateOnMain.exeC:\Program Files\MSN Messenger\Device Manager\Loc\3099\msnmsgr.exeC:\WINDOWS\system32\servcies\servcies.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\Program Files\DAEMON Tools\daemon.exeC:\Program Files\Network Associates\VirusScan\SHSTAT.EXEC:\Program Files\Network Associates\Common Framework\UpdaterUI.exeC:\Program Files\QuickTime\qttask.exeC:\WINDOWS\system32\DirectX\Dinput\smss.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\system32\fxcursn.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exeC:\PROGRA~1\MSNMES~1\msnmsgr.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Common Files\AOL\1136571358\ee\aolsoftware.exeC:\Program Files\MSN Messenger\usnsvc.exeC:\Program Files\AIM6\aim6.exeC:\Program Files\AIM6\aolsoftware.exeC:\WINDOWS\system32\ctfmon.exec:\program files\common files\aol\1136571358\ee\aexplore.exeC:\Documents and Settings\Jennifer\Desktop\HijackThis.exeO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O4 - HKLM\..\Run: [NateOnMain] C:\Program Files\NATEON\Addin\B926D852-194B-4c62-9C73-3F0ECA8950EA\NateOnMain.exeO4 - HKLM\..\Run: [MSNMessenger] "C:\Program Files\MSN Messenger\Device Manager\Loc\3099\msnmsgr.exe"O4 - HKLM\..\Run: [servcies] C:\WINDOWS\system32\servcies\servcies.exeO4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONEO4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKeyO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [smss] "C:\WINDOWS\system32\DirectX\Dinput\smss.exe"O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [netfxsbs20] C:\WINDOWS\Microsoft.NET\\Framework\netfxsbs20.exeO4 - HKLM\..\Run: [fxserv] C:\WINDOWS\system32\fxcursn.exeO4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimizedO4 - HKCU\..\Run: [NateOnMain] C:\Program Files\NATEON\Addin\B926D852-194B-4c62-9C73-3F0ECA8950EA\NateOnMain.exeO4 - HKCU\..\Run: [MSNMessenger] "C:\Program Files\MSN Messenger\Device Manager\Loc\3099\msnmsgr.exe"O4 - HKCU\..\Run: [servcies] C:\WINDOWS\system32\servcies\servcies.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [asro] C:\WINDOWS\asrotray.exeO4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /backgroundO4 - HKCU\..\Run: [smss] "C:\WINDOWS\system32\DirectX\Dinput\smss.exe"O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.htaO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLLO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exeO9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: begin tool - {F1F7763D-712D-4E24-A2EC-869982331C1C} - c:\program files\shopbegin\view.exe (HKCU)O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dllO11 - Options group: [iNTERNATIONAL] International*O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cabO16 - DPF: {0AE0F5F9-8233-49A4-A3C8-004CE190787B} (BMSpeedCheck Control) - http://www.pdbox.co.kr/boxmedia/ctrl_down/BMSpeedCheck.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cabO16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocxO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1166380705968O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures04.aim.com/ygp/aol/plugin/u...AIM.9.5.1.8.cabO16 - DPF: {A65552CC-8138-4D22-BEC8-4D0AFB2786BC} (melonset Class) - http://www.melon.com/utility/player/vod/package/melonset.cabO16 - DPF: {C296DB5F-4B01-47E1-AB57-C590BE769111} (MOPlayerWnd Class) - http://www.melon.com/cab/P3Melon.cabO16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{4AEE0E76-4ED3-4165-BF37-93704B1214CB}: NameServer = 192.168.2.1O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - D:\CDS300\__CDS2.dll (file missing)O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dllO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeO23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: C-DillaService - Unknown owner - C:\WINDOWS\system32\drivers\CDANSRV.EXE (file missing)O23 - Service: comcli Service (comcli) - Unknown owner - C:\WINDOWS\system32\comcli.exe (file missing)O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXEO23 - Service: Local Manager lagacy (LMlagacy) - Unknown owner - C:\WINDOWS\ctfmon.exe (file missing)O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exeO23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exeO23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exeO23 - Service: mrtgupd Service (mrtgupd) - Unknown owner - C:\WINDOWS\system32\mrtgupd.exe (file missing)O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exeO23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exeO23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exeO23 - Service: Session Simulator (sessionsim) - Unknown owner - C:\Program Files\NetMeeting\sssnsml.exeO23 - Service: Web Brower (spoolsvc_c1) - Unknown owner - C:\Program Files\Common Files\Algsvc.exeO23 - Service: Distribute Support (spoolsvc_c2) - Unknown owner - C:\Program Files\Common Files\System\Ctfsys.exeO23 - Service: Security Support (spoolsvc_c3) - Unknown owner - C:\Program Files\Common Files\System\Npchosts.exeO23 - Service: Application Manager (spoolsvc_m) - Unknown owner - C:\Program Files\Common Files\services\syssvc.exeO23 - Service: Toggle Analysis (tgglana) - Unknown owner - C:\WINDOWS\system32\togglelg.exe (file missing)O23 - Service: Typer Interface Service (typemgr2) - Unknown owner - C:\WINDOWS\system32\Macromed\hddmgrs.exe (file missing)ActiveScan ReportIncident Status Location Adware:adware/wupd Not disinfected c:\program files\WinUpdate Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt[.uol.com.br/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jennifer\Cookies\jennifer@247realmedia[2].txt Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Jennifer\Cookies\jennifer@2o7[2].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Jennifer\Cookies\jennifer@atwola[2].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Jennifer\Cookies\jennifer@com[1].txt Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Jennifer\Cookies\jennifer@did-it[1].txt Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Jennifer\Cookies\jennifer@go[2].txt Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Jennifer\Cookies\jennifer@questionmarket[2].txt Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jennifer\Cookies\jennifer@realmedia[1].txt Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Jennifer\Cookies\jennifer@tickle[2].txt Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Jennifer\Cookies\jennifer@toplist[1].txt Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Jennifer\Cookies\jennifer@trafficmp[2].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Jennifer\Cookies\jennifer@tribalfusion[2].txt Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Jennifer\Cookies\jennifer@xiti[1].txt Virus:Bck/Agent.FKJ Disinfected C:\Documents and Settings\Jennifer\Local Settings\Temp\tooin2.exe Virus:Trj/Downloader.MIF Disinfected C:\Documents and Settings\Jennifer\Local Settings\Temporary Internet Files\Content.IE5\Z0TDKRT7\Agent_07[1].zip[Agent_07.exe] Virus:Generic Trojan Disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5X6BKPI7\a1206[1].exe Virus:Trj/Banker.IDK Disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5X6BKPI7\VSInst[1].exe Adware:Adware/MyPCdoctor Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4PANWHMV\dvwinwin_[1].exe Virus:Trj/Agent.FHL Disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\cliffhan[1].exe Virus:Trj/Proxyserver.AB Disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W9QVGTUZ\gamans2[1].exe Virus:Bck/Agent.FKJ Disinfected C:\Program Files\adlock\lockup.exe Virus:Bck/Agent.FKJ Disinfected C:\Program Files\msconfig\ilikeprice.exe Virus:Generic Trojan Disinfected C:\Program Files\Security Guard\AppInstaller_bsbs.exe Virus:Generic Malware Not disinfected C:\Program Files\Security Guard\mp0510.exe[ctfmon01.exe] Virus:Trj/Banker.IDK Disinfected C:\Program Files\VSInst03\VSInst.exe Virus:Generic Trojan Disinfected C:\Program Files\WinUpdate\WinUpdate.ocx Virus:Trj/Downloader.MIF Disinfected C:\WINDOWS\1076\PS102.zip[PS102.exe] Virus:Bck/Agent.FKJ Disinfected C:\WINDOWS\1077\clean1.exe Virus:Trj/Downloader.MIF Disinfected C:\WINDOWS\3457\backup2_09.exe Virus:Trj/Downloader.MIF Disinfected C:\WINDOWS\3457\backup2_09.zip[backup2_09.exe] Virus:Trj/Downloader.MIF Disinfected C:\WINDOWS\3457\backup2_37.exe Virus:Trj/Downloader.MIF Disinfected C:\WINDOWS\3457\backup2_37.zip[backup2_37.exe] Virus:Trj/Downloader.MIF Disinfected C:\WINDOWS\8857\Agent_01.exe Virus:Trj/Downloader.MIF Disinfected C:\WINDOWS\8857\Agent_01.zip[Agent_01.exe] Virus:Trj/Downloader.MIF Disinfected C:\WINDOWS\8857\Agent_07.exe Virus:Trj/Downloader.MIF Disinfected C:\WINDOWS\8857\Agent_07.zip[Agent_07.exe] Virus:Trj/Downloader.MIF Disinfected C:\WINDOWS\8857\backup1_09.exe Virus:Trj/Downloader.MIF Disinfected C:\WINDOWS\8857\backup1_09.zip[backup1_09.exe] Virus:Trj/Downloader.MIF Disinfected C:\WINDOWS\8857\backup1_37.exe Virus:Trj/Downloader.MIF Disinfected C:\WINDOWS\8857\backup1_37.zip[backup1_37.exe] Virus:Trj/Downloader.MIF Disinfected C:\WINDOWS\Agent.exe Virus:Trj/Downloader.MIF Disinfected C:\WINDOWS\Agent_09.exe Virus:Trj/Downloader.MIF Disinfected C:\WINDOWS\system32\2051\Setup_L02.exe Virus:Trj/Downloader.MIF Disinfected C:\WINDOWS\system32\2051\Setup_L04.exe Virus:Trj/Downloader.MIF Disinfected C:\WINDOWS\system32\2051\Setup_L07.exe Virus:Trj/Downloader.MIF Disinfected C:\WINDOWS\system32\2051\Setup_L09.exe Virus:Trj/Downloader.MIF Disinfected C:\WINDOWS\system32\2051\Setup_L10.exe Virus:Trj/Downloader.MIF Disinfected C:\WINDOWS\system32\2051\Setup_L11.exe Virus:Trj/Downloader.MIF Disinfected C:\WINDOWS\system32\2051\spoo1sv.ocx Potentially unwanted tool:Application/Psexec.A Not disinfected C:\WINDOWS\system32\drivers\spsexec.exe Virus:Trj/Downloader.MIF Disinfected C:\WINDOWS\system32\servcies\SetupXML09.exe Virus:Bck/Prorat.HT Not disinfected C:\WINDOWS\system32\tmp\fxe.exe[tqsin.dll] Adware:Adware/MyPCdoctor Not disinfected C:\WINDOWS\system32\uninst_mypd.exe Virus:Generic Trojan Disinfected C:\WINDOWS\Temp\a1206.exe Virus:Trj/Agent.FHL Disinfected C:\WINDOWS\Temp\cliffhan.exe Adware:Adware/MyPCdoctor Not disinfected C:\WINDOWS\Temp\dvwinwin_.exe VundoFix reportVundoFix V6.5.4Checking Java version...Java version is 1.4.2.3Old versions of java are exploitable and should be removed.Java version is 1.5.0.11Scan started at 6:24:13 PM 07/09/07Listing files found while scanning....No infected files were found.Beginning removal...Once again, thank youu! Link to post Share on other sites
Matt Posted July 11, 2007 Report Share Posted July 11, 2007 Alrighty, back to work...Please scan with HJT and place a check next to the following items:O4 - HKLM\..\Run: [MSNMessenger] "C:\Program Files\MSN Messenger\Device Manager\Loc\3099\msnmsgr.exe"O4 - HKLM\..\Run: [servcies] C:\WINDOWS\system32\servcies\servcies.exeO4 - HKLM\..\Run: [smss] "C:\WINDOWS\system32\DirectX\Dinput\smss.exe"O4 - HKLM\..\Run: [netfxsbs20] C:\WINDOWS\Microsoft.NET\\Framework\netfxsbs20.exeO4 - HKLM\..\Run: [fxserv] C:\WINDOWS\system32\fxcursn.exeO4 - HKCU\..\Run: [MSNMessenger] "C:\Program Files\MSN Messenger\Device Manager\Loc\3099\msnmsgr.exe"O4 - HKCU\..\Run: [servcies] C:\WINDOWS\system32\servcies\servcies.exeO4 - HKCU\..\Run: [asro] C:\WINDOWS\asrotray.exeO4 - HKCU\..\Run: [smss] "C:\WINDOWS\system32\DirectX\Dinput\smss.exe"O23 - Service: comcli Service (comcli) - Unknown owner - C:\WINDOWS\system32\comcli.exe (file missing)O23 - Service: Session Simulator (sessionsim) - Unknown owner - C:\Program Files\NetMeeting\sssnsml.exeO23 - Service: Web Brower (spoolsvc_c1) - Unknown owner - C:\Program Files\Common Files\Algsvc.exeO23 - Service: Distribute Support (spoolsvc_c2) - Unknown owner - C:\Program Files\Common Files\System\Ctfsys.exeO23 - Service: Security Support (spoolsvc_c3) - Unknown owner - C:\Program Files\Common Files\System\Npchosts.exeO23 - Service: Application Manager (spoolsvc_m) - Unknown owner - C:\Program Files\Common Files\services\syssvc.exeO23 - Service: Toggle Analysis (tgglana) - Unknown owner - C:\WINDOWS\system32\togglelg.exe (file missing)O23 - Service: Typer Interface Service (typemgr2) - Unknown owner - C:\WINDOWS\system32\Macromed\hddmgrs.exe (file missing)Then, make sure all browser windows and other applications are closed, and click the Fix Checked button. Close & Open HiJackThis Again Click on the "Config..." button on the bottom right Click on the tab "Misc Tools" click on "delete an NT service" Copy and paste this in: comcli Click "ok"Repeat the above steps, but enter the following in the 5th step:sessionsimspoolsvc_c1spoolsvc_c2spoolsvc_c3spoolsvc_mtgglanatypemgr2Then, Reboot your computer.Once you are booted back up, do the following:Please double-click Killbox.exe to run it. Select: Delete on Reboot then Click on the All Files button.[*]Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):C:\Program Files\MSN Messenger\Device Manager\Loc\3099\msnmsgr.exeC:\WINDOWS\system32\servcies\servcies.exeC:\WINDOWS\system32\DirectX\Dinput\smss.exeC:\WINDOWS\Microsoft.NET\\Framework\netfxsbs20.exeC:\WINDOWS\system32\fxcursn.exeC:\Program Files\MSN Messenger\Device Manager\Loc\3099\msnmsgr.exeC:\WINDOWS\system32\servcies\servcies.exeC:\WINDOWS\asrotray.exeC:\WINDOWS\system32\DirectX\Dinput\smss.exeC:\Program Files\NetMeeting\sssnsml.exeC:\Program Files\Common Files\Algsvc.exeC:\Program Files\Common Files\System\Ctfsys.exeC:\Program Files\Common Files\System\Npchosts.exeC:\Program Files\Common Files\services\syssvc.exe[*] Return to Killbox, go to the File menu, and choose Paste from Clipboard.[*]Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).If your computer does not restart automatically, please restart it manually.If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.Please go to UploadMalware to upload a suspicious file for analysis. Enter your username from this forumCopy and paste the link to this threadInput this filename: C:\Program Files\NATEON\Addin\B926D852-194B-4c62-9C73-3F0ECA8950EA\NateOnMain.exeIn the comments, please mention that I asked you to upload this fileClick on Send FileUpdating Java and Clearing CacheGo to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.It will say "Java Plug-in" under the icon.Please find the update button or tab in the Java Control Panel. Update your Java then reboot.If you are unable to update you can manually update by going here:http://www.java.com/en/download/manual.jsp[*]After the reboot, go back into the Control Panel and double-click the Java Icon.[*]Under Temporary Internet Files, click the Delete Files button.[*]There are three options in the window to clear the cache - Leave ALL 3 CheckedDownloaded AppletsDownloaded ApplicationsOther Files[*]Click OK on Delete Temporary Files WindowNote: This deletes ALL the Downloaded Applications and Applets from the CACHE.[*]Click OK to leave the Java Control Panel.Next, reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.Once in Safe Mode, find and delete the following folder:c:\program files\WinUpdate\Then, reboot your computer normally and post a new HJT log.Matt Link to post Share on other sites
itsjennyfer Posted July 11, 2007 Author Report Share Posted July 11, 2007 (edited) One question:When i copied and pasted "comcli" (as well as the other words listed after) an error message came up saying "The service 'comcli' is enable and/or running. Disable it first, using HijackThis itself (from the scan results) or the Services.msc window." I know it gives quite a direct.. direction, but how do you disable it? Is it the same as checking the item and clicking Fixed? I wasn't sure so I'm asking beforehand. Oh and i tried typing in services.msc on Run, and I found comcli but if i right-click it, the only option that comes up is "start," so I guess it's stopped right now so I don't really get why it's not working..Thank you~~ Edited July 11, 2007 by jennifer Link to post Share on other sites
Matt Posted July 11, 2007 Report Share Posted July 11, 2007 Yes, make sure you 'fix' it with HJT by checking this line:O23 - Service: comcli Service (comcli) - Unknown owner - C:\WINDOWS\system32\comcli.exe (file missing)If that still doesn't work, skip it and go onto the others in the list. Link to post Share on other sites
itsjennyfer Posted July 11, 2007 Author Report Share Posted July 11, 2007 (edited) Yes, make sure you 'fix' it with HJT by checking this line:O23 - Service: comcli Service (comcli) - Unknown owner - C:\WINDOWS\system32\comcli.exe (file missing)If that still doesn't work, skip it and go onto the others in the list.Oh, but no matter how many times I check-fix it, it reappears on the list if once I scan the system again; so when I try to delete any one of those NT service (like sessionsim and etc) it doesn't work-the same error appears for all. Edited July 11, 2007 by jennifer Link to post Share on other sites
Matt Posted July 11, 2007 Report Share Posted July 11, 2007 Skip that part, and continue with the rest of the directions. We'll work on this agin once we get a new HJT log. Link to post Share on other sites
itsjennyfer Posted July 11, 2007 Author Report Share Posted July 11, 2007 Here you go!(:With the Java Step, I couldn't update it any more because it says I have the most recent ones, so I just clicked to delete the Downloaded Applets&Applications. (There was no "Other Files" availiable to check on.)Logfile of HijackThis v1.99.1Scan saved at 10:44:04 AM, on 07/11/07Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Network Associates\Common Framework\FrameworkService.exeC:\Program Files\Network Associates\VirusScan\Mcshield.exeC:\Program Files\Network Associates\VirusScan\VsTskMgr.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\system32\PSIService.exeC:\WINDOWS\Explorer.EXEC:\Program Files\NATEON\Addin\B926D852-194B-4c62-9C73-3F0ECA8950EA\NateOnMain.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\Program Files\DAEMON Tools\daemon.exeC:\Program Files\Network Associates\VirusScan\SHSTAT.EXEC:\Program Files\Network Associates\Common Framework\UpdaterUI.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\System32\svchost.exeC:\PROGRA~1\MSNMES~1\msnmsgr.exeC:\Program Files\Common Files\AOL\1136571358\ee\aolsoftware.exec:\program files\common files\aol\1136571358\ee\aexplore.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\MSN Messenger\usnsvc.exeC:\Program Files\AIM6\aim6.exeC:\Program Files\AIM6\aolsoftware.exeC:\WINDOWS\system32\fscagent.exeC:\WINDOWS\system32\grdmgr.exeC:\Documents and Settings\Jennifer\Desktop\HijackThis.exeO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O4 - HKLM\..\Run: [NateOnMain] C:\Program Files\NATEON\Addin\B926D852-194B-4c62-9C73-3F0ECA8950EA\NateOnMain.exeO4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONEO4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKeyO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimizedO4 - HKCU\..\Run: [NateOnMain] C:\Program Files\NATEON\Addin\B926D852-194B-4c62-9C73-3F0ECA8950EA\NateOnMain.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /backgroundO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.htaO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLLO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exeO9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: begin tool - {F1F7763D-712D-4E24-A2EC-869982331C1C} - c:\program files\shopbegin\view.exe (HKCU)O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dllO11 - Options group: [iNTERNATIONAL] International*O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cabO16 - DPF: {0AE0F5F9-8233-49A4-A3C8-004CE190787B} (BMSpeedCheck Control) - http://www.pdbox.co.kr/boxmedia/ctrl_down/BMSpeedCheck.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cabO16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocxO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1166380705968O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures04.aim.com/ygp/aol/plugin/u...AIM.9.5.1.8.cabO16 - DPF: {A65552CC-8138-4D22-BEC8-4D0AFB2786BC} (melonset Class) - http://www.melon.com/utility/player/vod/package/melonset.cabO16 - DPF: {C296DB5F-4B01-47E1-AB57-C590BE769111} (MOPlayerWnd Class) - http://www.melon.com/cab/P3Melon.cabO16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{4AEE0E76-4ED3-4165-BF37-93704B1214CB}: NameServer = 192.168.2.1O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - D:\CDS300\__CDS2.dll (file missing)O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dllO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeO23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: C-DillaService - Unknown owner - C:\WINDOWS\system32\drivers\CDANSRV.EXE (file missing)O23 - Service: comcli Service (comcli) - Unknown owner - C:\WINDOWS\system32\comcli.exe (file missing)O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXEO23 - Service: Local Manager lagacy (LMlagacy) - Unknown owner - C:\WINDOWS\ctfmon.exe (file missing)O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exeO23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exeO23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exeO23 - Service: mrtgupd Service (mrtgupd) - Unknown owner - C:\WINDOWS\system32\mrtgupd.exe (file missing)O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exeO23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exeO23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exeO23 - Service: Session Simulator (sessionsim) - Unknown owner - C:\Program Files\NetMeeting\sssnsml.exe (file missing)O23 - Service: Web Brower (spoolsvc_c1) - Unknown owner - C:\Program Files\Common Files\Algsvc.exe (file missing)O23 - Service: Distribute Support (spoolsvc_c2) - Unknown owner - C:\Program Files\Common Files\System\Ctfsys.exe (file missing)O23 - Service: Security Support (spoolsvc_c3) - Unknown owner - C:\Program Files\Common Files\System\Npchosts.exe (file missing)O23 - Service: Application Manager (spoolsvc_m) - Unknown owner - C:\Program Files\Common Files\services\syssvc.exe (file missing)O23 - Service: Toggle Analysis (tgglana) - Unknown owner - C:\WINDOWS\system32\togglelg.exe (file missing)O23 - Service: Typer Interface Service (typemgr2) - Unknown owner - C:\WINDOWS\system32\Macromed\hddmgrs.exe (file missing) Link to post Share on other sites
Matt Posted July 12, 2007 Report Share Posted July 12, 2007 Lets try again.Go to Start > Run and type Services.msc then hit OkScroll down and find the below service:comcliWhen you find it, double-click on it. In the next window that opens, under the General tab click the Stop button, then click the drop-down box to change the Startup Type to Disabled. Now hit Apply and then Ok.Repeat the above steps with the following services:sessionsimspoolsvc_c1spoolsvc_c2spoolsvc_c3spoolsvc_mtgglanatypemgr2Open HiJackThis, click on Misc Tools, then click on Delete an NT Service. A window will pop up. Enter the below item into that field (make sure there are NO spaces before or after the name):comcliClick OK.It should pull up information about the service, then ask if you want to reboot. Click NO.Repeat the above steps with the following services:sessionsimspoolsvc_c1spoolsvc_c2spoolsvc_c3spoolsvc_mtgglanatypemgr2Please go to UploadMalware to upload a suspicious file for analysis. Enter your username from this forumCopy and paste the link to this threadInput for this filename: C:\WINDOWS\system32\grdmgr.exeIn the comments, please mention that I asked you to upload this fileClick on Send FileNow, Reboot your computer.Post a new HiJackThis log after it reboots and let me know if you received any error messages.Matt Link to post Share on other sites
itsjennyfer Posted July 12, 2007 Author Report Share Posted July 12, 2007 (edited) Edit: Okay I've FINALLLYYY got it done! :]If you read my other edit's and such.. I'm sorry- I couldn't configure around certain programs and etc.Until, now~~. &, I didn't receive any errors.&HJT on next page/post Edited July 12, 2007 by jennifer Link to post Share on other sites
Matt Posted July 12, 2007 Report Share Posted July 12, 2007 Try these names when disabling:Session SimulatorWeb BrowerDistribute SupportSecurity Support Application ManagerToggle AnalysisTyper Interface Service Link to post Share on other sites
itsjennyfer Posted July 12, 2007 Author Report Share Posted July 12, 2007 Thanks!HJT LogLogfile of HijackThis v1.99.1Scan saved at 6:23:12 PM, on 07/11/07Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Network Associates\Common Framework\FrameworkService.exeC:\Program Files\Network Associates\VirusScan\Mcshield.exeC:\Program Files\Network Associates\VirusScan\VsTskMgr.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\system32\PSIService.exeC:\WINDOWS\Explorer.EXEC:\Program Files\NATEON\Addin\B926D852-194B-4c62-9C73-3F0ECA8950EA\NateOnMain.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\Program Files\DAEMON Tools\daemon.exeC:\Program Files\Network Associates\VirusScan\SHSTAT.EXEC:\Program Files\Network Associates\Common Framework\UpdaterUI.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exeC:\WINDOWS\system32\ctfmon.exeC:\PROGRA~1\MSNMES~1\msnmsgr.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\MSN Messenger\usnsvc.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\iPod\bin\iPodService.exeC:\Documents and Settings\Jennifer\Desktop\HijackThis.exeO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O4 - HKLM\..\Run: [NateOnMain] C:\Program Files\NATEON\Addin\B926D852-194B-4c62-9C73-3F0ECA8950EA\NateOnMain.exeO4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONEO4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKeyO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimizedO4 - HKCU\..\Run: [NateOnMain] C:\Program Files\NATEON\Addin\B926D852-194B-4c62-9C73-3F0ECA8950EA\NateOnMain.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /backgroundO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.htaO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLLO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exeO9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: begin tool - {F1F7763D-712D-4E24-A2EC-869982331C1C} - c:\program files\shopbegin\view.exe (HKCU)O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dllO11 - Options group: [iNTERNATIONAL] International*O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cabO16 - DPF: {0AE0F5F9-8233-49A4-A3C8-004CE190787B} (BMSpeedCheck Control) - http://www.pdbox.co.kr/boxmedia/ctrl_down/BMSpeedCheck.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cabO16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocxO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1166380705968O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures04.aim.com/ygp/aol/plugin/u...AIM.9.5.1.8.cabO16 - DPF: {A65552CC-8138-4D22-BEC8-4D0AFB2786BC} (melonset Class) - http://www.melon.com/utility/player/vod/package/melonset.cabO16 - DPF: {C296DB5F-4B01-47E1-AB57-C590BE769111} (MOPlayerWnd Class) - http://www.melon.com/cab/P3Melon.cabO16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{4AEE0E76-4ED3-4165-BF37-93704B1214CB}: NameServer = 192.168.2.1O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - D:\CDS300\__CDS2.dll (file missing)O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dllO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeO23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: C-DillaService - Unknown owner - C:\WINDOWS\system32\drivers\CDANSRV.EXE (file missing)O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXEO23 - Service: Local Manager lagacy (LMlagacy) - Unknown owner - C:\WINDOWS\ctfmon.exe (file missing)O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exeO23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exeO23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exeO23 - Service: mrtgupd Service (mrtgupd) - Unknown owner - C:\WINDOWS\system32\mrtgupd.exe (file missing)O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exeO23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exeO23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe Link to post Share on other sites
Matt Posted July 12, 2007 Report Share Posted July 12, 2007 jennifer, I'm waiting for a response on those files you submitted for me. In the meantime, can you tell me how your computer is doing? Link to post Share on other sites
itsjennyfer Posted July 12, 2007 Author Report Share Posted July 12, 2007 jennifer, I'm waiting for a response on those files you submitted for me. In the meantime, can you tell me how your computer is doing?You mean the ones on upload malware?My computer's doing fine, thank you I noticed less programs are getting installed lately.-Before I'd find random anti-virus programs or misc installments made, all korean; So i guess it was because of a korean downloading program I use called Clubbox & Monkey3. But then again, I'm never sure Link to post Share on other sites
Matt Posted July 13, 2007 Report Share Posted July 13, 2007 Hi Jennifer, Please scan with HJT and place a check next to the following items:O4 - HKLM\..\Run: [NateOnMain] C:\Program Files\NATEON\Addin\B926D852-194B-4c62-9C73-3F0ECA8950EA\NateOnMain.exeO4 - HKCU\..\Run: [NateOnMain] C:\Program Files\NATEON\Addin\B926D852-194B-4c62-9C73-3F0ECA8950EA\NateOnMain.exeThen, make sure all browser windows and other applications are closed, and click the Fix Checked button.Please double-click Killbox.exe to run it. Select: Delete on Reboot then Click on the All Files button.[*]Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):C:\Program Files\NATEON\Addin\B926D852-194B-4c62-9C73-3F0ECA8950EA\NateOnMain.exeC:\WINDOWS\system32\grdmgr.exe[*] Return to Killbox, go to the File menu, and choose Paste from Clipboard.[*]Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).If your computer does not restart automatically, please restart it manually.If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.Then, post a fresh HJT log.Matt Link to post Share on other sites
itsjennyfer Posted July 13, 2007 Author Report Share Posted July 13, 2007 Alrightieee.HJTLogfile of HijackThis v1.99.1Scan saved at 12:36:01 PM, on 07/13/07Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Network Associates\Common Framework\FrameworkService.exeC:\Program Files\Network Associates\VirusScan\Mcshield.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Network Associates\VirusScan\VsTskMgr.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\system32\PSIService.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\Program Files\DAEMON Tools\daemon.exeC:\Program Files\Network Associates\VirusScan\SHSTAT.EXEC:\Program Files\Network Associates\Common Framework\UpdaterUI.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exeC:\Program Files\QuickTime\QTTask.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\system32\ctfmon.exeC:\PROGRA~1\MSNMES~1\msnmsgr.exeC:\WINDOWS\System32\svchost.exeC:\Documents and Settings\Jennifer\Desktop\HijackThis.exeC:\WINDOWS\system32\wuauclt.exeO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONEO4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKeyO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimizedO4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUserO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /backgroundO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.htaO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLLO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exeO9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: begin tool - {F1F7763D-712D-4E24-A2EC-869982331C1C} - c:\program files\shopbegin\view.exe (HKCU)O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dllO11 - Options group: [iNTERNATIONAL] International*O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cabO16 - DPF: {0AE0F5F9-8233-49A4-A3C8-004CE190787B} (BMSpeedCheck Control) - http://www.pdbox.co.kr/boxmedia/ctrl_down/BMSpeedCheck.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cabO16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocxO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1166380705968O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures04.aim.com/ygp/aol/plugin/u...AIM.9.5.1.8.cabO16 - DPF: {A65552CC-8138-4D22-BEC8-4D0AFB2786BC} (melonset Class) - http://www.melon.com/utility/player/vod/package/melonset.cabO16 - DPF: {C296DB5F-4B01-47E1-AB57-C590BE769111} (MOPlayerWnd Class) - http://www.melon.com/cab/P3Melon.cabO16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{4AEE0E76-4ED3-4165-BF37-93704B1214CB}: NameServer = 192.168.2.1O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - D:\CDS300\__CDS2.dll (file missing)O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dllO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeO23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: C-DillaService - Unknown owner - C:\WINDOWS\system32\drivers\CDANSRV.EXE (file missing)O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXEO23 - Service: Local Manager lagacy (LMlagacy) - Unknown owner - C:\WINDOWS\ctfmon.exe (file missing)O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exeO23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exeO23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exeO23 - Service: mrtgupd Service (mrtgupd) - Unknown owner - C:\WINDOWS\system32\mrtgupd.exe (file missing)O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exeO23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exeO23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe Link to post Share on other sites
Matt Posted July 13, 2007 Report Share Posted July 13, 2007 Congrats! Your computer is clean! How is your system running?The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.Firefox- Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox, however Opera is good as well.SpywareBlaster - Great prevention tool to keep malware from installing on your system.SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.ATF Cleaner - Cleans temporary files from web browsers, and much more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein and this guide on safer computing.Have comments or suggestions about our Malware Support? Fill free to post them here. Link to post Share on other sites
itsjennyfer Posted July 14, 2007 Author Report Share Posted July 14, 2007 Congrats! Your computer is clean! How is your system running?The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.Firefox- Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox, however Opera is good as well.SpywareBlaster - Great prevention tool to keep malware from installing on your system.SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.ATF Cleaner - Cleans temporary files from web browsers, and much more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein and this guide on safer computing.Have comments or suggestions about our Malware Support? Fill free to post them here.THANK YOUU! :]Very very much!I appreciate your help~.And I'll look into the above programs; I have some already Take care!! Link to post Share on other sites
Matt Posted July 14, 2007 Report Share Posted July 14, 2007 Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic. Link to post Share on other sites
Recommended Posts