Hijack This Log Help?-[RESOLVED]


Recommended Posts

I took another System Scan/Log, and I got the following:

(I've posted before and I was told to make a new topic.

Anyhow, help would be appreciated!)

Logfile of HijackThis v1.99.1

Scan saved at 6:10:22 PM, on 07/03/07

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\PSIService.exe

C:\Program Files\Common Files\Algsvc.exe

C:\Program Files\Common Files\System\Ctfsys.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\System\Npchosts.exe

C:\Program Files\Common Files\services\syssvc.exe

C:\Program Files\NATEON\Addin\B926D852-194B-4c62-9C73-3F0ECA8950EA\NateOnMain.exe

C:\Program Files\MSN Messenger\Device Manager\Loc\3099\msnmsgr.exe

C:\WINDOWS\system32\servcies\servcies.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\WINDOWS\system32\2051\spoo1sv.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\system32\DirectX\Dinput\smss.exe

C:\WINDOWS\AppPatch\vmnat.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\MSNMES~1\msnmsgr.exe

C:\WINDOWS\system32\cmd.exe

C:\WINDOWS\system32\conime.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\asrotray.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\Common Files\AOL\1136571358\ee\aolsoftware.exe

c:\program files\common files\aol\1136571358\ee\aexplore.exe

C:\Program Files\AIM6\aim6.exe

C:\Program Files\AIM6\aolsoftware.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\TI Education\TI Connect\TIConnect.exe

C:\Program Files\TI Education\TI Connect\TISendTo.exe

C:\Documents and Settings\Jennifer\Local Settings\Temporary Internet Files\Content.IE5\4M6OD3P4\HijackThis[1].exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {674F65AF-2475-4D18-97B4-E74603F23F97} - C:\WINDOWS\system32\bridge.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Windows Guide Plus - {7CE3FFFE-53D6-47b5-896D-D4233C77E271} - C:\WINDOWS\system32\prvsvrs.dll

O2 - BHO: chkprc Class - {7DA7BE7D-A382-4AA7-A125-CA55A2070125} - C:\WINDOWS\system32\onpcs.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {900F4412-C5F4-4B5C-BF5D-F73D5D458B9B} - C:\PROGRA~1\POINTP~1\pplus.dll

O2 - BHO: CDLPObj Object - {BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} - C:\WINDOWS\DLP.dll

O2 - BHO: (no name) - {C449AB75-308B-4428-A710-C68B8E87E0D5} - C:\WINDOWS\system32\pket.dll

O2 - BHO: ApoUp Class - {DA96C092-D3A6-4772-AB95-21523D152BEA} - C:\WINDOWS\system32\apo.dll

O4 - HKLM\..\Run: [NateOnMain] C:\Program Files\NATEON\Addin\B926D852-194B-4c62-9C73-3F0ECA8950EA\NateOnMain.exe

O4 - HKLM\..\Run: [MSNMessenger] "C:\Program Files\MSN Messenger\Device Manager\Loc\3099\msnmsgr.exe"

O4 - HKLM\..\Run: [servcies] C:\WINDOWS\system32\servcies\servcies.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [spoo1sv] C:\WINDOWS\system32\2051\spoo1sv.exe

O4 - HKLM\..\Run: [asro] C:\WINDOWS\asrotray.exe

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [smss] "C:\WINDOWS\system32\DirectX\Dinput\smss.exe"

O4 - HKLM\..\Run: [vmnat] "C:\WINDOWS\AppPatch\vmnat.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [exmon] C:\Program Files\Common Files\System\exmon.exe

O4 - HKCU\..\Run: [NateOnMain] C:\Program Files\NATEON\Addin\B926D852-194B-4c62-9C73-3F0ECA8950EA\NateOnMain.exe

O4 - HKCU\..\Run: [MSNMessenger] "C:\Program Files\MSN Messenger\Device Manager\Loc\3099\msnmsgr.exe"

O4 - HKCU\..\Run: [servcies] C:\WINDOWS\system32\servcies\servcies.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spoo1sv] C:\WINDOWS\system32\2051\spoo1sv.exe

O4 - HKCU\..\Run: [asro] C:\WINDOWS\asrotray.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background

O4 - HKCU\..\Run: [vmnat] "C:\WINDOWS\AppPatch\vmnat.exe"

O4 - HKCU\..\Run: [smss] "C:\WINDOWS\system32\DirectX\Dinput\smss.exe"

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: begin tool - {F1F7763D-712D-4E24-A2EC-869982331C1C} - c:\program files\shopbegin\view.exe (HKCU)

O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cab

O16 - DPF: {0AE0F5F9-8233-49A4-A3C8-004CE190787B} (BMSpeedCheck Control) - http://www.pdbox.co.kr/boxmedia/ctrl_down/BMSpeedCheck.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab

O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1166380705968

O16 - DPF: {84F7A3A9-B92A-41F4-890F-83F2DC0ADB7E} (ToolBarInstall Control) - http://toolbar.imbc.com/toolbar/MBCToolBar.cab

O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab

O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures04.aim.com/ygp/aol/plugin/u...AIM.9.5.1.8.cab

O16 - DPF: {A65552CC-8138-4D22-BEC8-4D0AFB2786BC} (melonset Class) - http://www.melon.com/utility/player/vod/package/melonset.cab

O16 - DPF: {C296DB5F-4B01-47E1-AB57-C590BE769111} (MOPlayerWnd Class) - http://www.melon.com/cab/P3Melon.cab

O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{4AEE0E76-4ED3-4165-BF37-93704B1214CB}: NameServer = 192.168.2.1

O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - D:\CDS300\__CDS2.dll (file missing)

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: mlljh - C:\WINDOWS\system32\mlljh.dll (file missing)

O20 - Winlogon Notify: msrd2x40 - ircIass.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O21 - SSODL: mqcfqpvw - {314F53CD-F1E8-4589-B9AC-9A8EDBC0198E} - C:\WINDOWS\system32\mqcfqpvw.dll (file missing)

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: C-DillaService - Unknown owner - C:\WINDOWS\system32\drivers\CDANSRV.EXE

O23 - Service: comcli Service (comcli) - Unknown owner - C:\WINDOWS\system32\comcli.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Local Manager lagacy (LMlagacy) - Unknown owner - C:\WINDOWS\ctfmon.exe (file missing)

O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

O23 - Service: mrtgupd Service (mrtgupd) - Unknown owner - C:\WINDOWS\system32\mrtgupd.exe (file missing)

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: Session Simulator (sessionsim) - Unknown owner - C:\Program Files\NetMeeting\sssnsml.exe

O23 - Service: Web Brower (spoolsvc_c1) - Unknown owner - C:\Program Files\Common Files\Algsvc.exe

O23 - Service: Distribute Support (spoolsvc_c2) - Unknown owner - C:\Program Files\Common Files\System\Ctfsys.exe

O23 - Service: Security Support (spoolsvc_c3) - Unknown owner - C:\Program Files\Common Files\System\Npchosts.exe

O23 - Service: Application Manager (spoolsvc_m) - Unknown owner - C:\Program Files\Common Files\services\syssvc.exe

O23 - Service: Toggle Analysis (tgglana) - Unknown owner - C:\WINDOWS\system32\togglelg.exe

O23 - Service: Typer Interface Service (typemgr2) - Unknown owner - C:\WINDOWS\system32\Macromed\hddmgrs.exe

Thank you in advance :)

Link to post
Share on other sites

Hi jennifer,

First download AVG Anti-Spyware from HERE and save that file to your desktop.

This is a 30 day trial of the program

  1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  3. On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.

[*]Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.

[*]Once in the Settings screen click on "Recommended actions" and then select "Quarantine".

[*]Under "Reports"

  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"

Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

  1. Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  2. Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  4. AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  5. If you have any infections you will prompted, then select "Apply all actions"
  6. Next select the "Reports" icon at the top.
  7. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  8. Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan and a new HJT log.

Link to post
Share on other sites
Hi jennifer,

First download AVG Anti-Spyware from HERE and save that file to your desktop.

This is a 30 day trial of the program

  1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  3. On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.

[*]Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.

[*]Once in the Settings screen click on "Recommended actions" and then select "Quarantine".

[*]Under "Reports"

  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"

Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

  1. Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  2. Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  4. AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  5. If you have any infections you will prompted, then select "Apply all actions"
  6. Next select the "Reports" icon at the top.
  7. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  8. Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan and a new HJT log.

Oh, but when the scan was completed, there was no report to be saved, strangely. I clicked Apply all actions and after it .. I guessed went through all about 200 traces with a "done" sign, I clicked REports icon but there was nothing to click or save.

Did I do something wrong?

Link to post
Share on other sites

Oh wait nevermind I got the report! :) I was trying to delete the other post but I didn't find a delete key.

HJT

Logfile of HijackThis v1.99.1

Scan saved at 7:59:05 PM, on 07/08/07

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\PSIService.exe

C:\Program Files\Common Files\Algsvc.exe

C:\Program Files\Common Files\System\Ctfsys.exe

C:\Program Files\Common Files\System\Npchosts.exe

C:\Program Files\Common Files\services\syssvc.exe

C:\Program Files\NATEON\Addin\B926D852-194B-4c62-9C73-3F0ECA8950EA\NateOnMain.exe

C:\Program Files\MSN Messenger\Device Manager\Loc\3099\msnmsgr.exe

C:\WINDOWS\system32\servcies\servcies.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\system32\DirectX\Dinput\smss.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Services\nwa01.exe

C:\WINDOWS\system32\fxcursn.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Common Files\Services\insdwe01.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\conime.exe

C:\WINDOWS\explorer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Opera\Opera.exe

C:\Documents and Settings\Jennifer\Desktop\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: PowerLObj Class - {65D3B062-938C-4BB6-89B7-9E6FCD184E01} - C:\WINDOWS\system32\PowerL.dll

O2 - BHO: (no name) - {674F65AF-2475-4D18-97B4-E74603F23F97} - C:\WINDOWS\system32\bridge.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Windows Guide Plus - {7CE3FFFE-53D6-47b5-896D-D4233C77E271} - C:\WINDOWS\system32\prvsvrs.dll

O2 - BHO: chkprc Class - {7DA7BE7D-A382-4AA7-A125-CA55A2070125} - C:\WINDOWS\system32\onpcs.dll (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {900F4412-C5F4-4B5C-BF5D-F73D5D458B9B} - C:\PROGRA~1\POINTP~1\pplus.dll

O2 - BHO: (no name) - {C449AB75-308B-4428-A710-C68B8E87E0D5} - C:\WINDOWS\system32\pket.dll

O2 - BHO: ApoUp Class - {DA96C092-D3A6-4772-AB95-21523D152BEA} - C:\WINDOWS\system32\apo.dll (file missing)

O4 - HKLM\..\Run: [NateOnMain] C:\Program Files\NATEON\Addin\B926D852-194B-4c62-9C73-3F0ECA8950EA\NateOnMain.exe

O4 - HKLM\..\Run: [MSNMessenger] "C:\Program Files\MSN Messenger\Device Manager\Loc\3099\msnmsgr.exe"

O4 - HKLM\..\Run: [servcies] C:\WINDOWS\system32\servcies\servcies.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [smss] "C:\WINDOWS\system32\DirectX\Dinput\smss.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [nwa01] c:\Program Files\Common Files\Services\nwa01.exe

O4 - HKLM\..\Run: [inwa01] c:\Program Files\Internet Explorer\inwa01.exe

O4 - HKLM\..\Run: [netfxsbs20] C:\WINDOWS\Microsoft.NET\\Framework\netfxsbs20.exe

O4 - HKLM\..\Run: [nwapi32] C:\WINDOWS\system32\dllcache\nwapi32.exe

O4 - HKLM\..\Run: [fxserv] C:\WINDOWS\system32\fxcursn.exe

O4 - HKLM\..\Run: [spooler] C:\WINDOWS\system32\spool\spooler.exe

O4 - HKLM\..\Run: [insdwe01] c:\Program Files\Common Files\Services\insdwe01.exe

O4 - HKLM\..\Run: [iinsdwe01] c:\Program Files\Internet Explorer\iinsdwe01.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [ip4fw] C:\WINDOWS\system32\drivers\ip4fw.exe

O4 - HKCU\..\Run: [NateOnMain] C:\Program Files\NATEON\Addin\B926D852-194B-4c62-9C73-3F0ECA8950EA\NateOnMain.exe

O4 - HKCU\..\Run: [MSNMessenger] "C:\Program Files\MSN Messenger\Device Manager\Loc\3099\msnmsgr.exe"

O4 - HKCU\..\Run: [servcies] C:\WINDOWS\system32\servcies\servcies.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spoo1sv] C:\WINDOWS\system32\2051\spoo1sv.exe

O4 - HKCU\..\Run: [asro] C:\WINDOWS\asrotray.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background

O4 - HKCU\..\Run: [smss] "C:\WINDOWS\system32\DirectX\Dinput\smss.exe"

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: begin tool - {F1F7763D-712D-4E24-A2EC-869982331C1C} - c:\program files\shopbegin\view.exe (HKCU)

O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cab

O16 - DPF: {0AE0F5F9-8233-49A4-A3C8-004CE190787B} (BMSpeedCheck Control) - http://www.pdbox.co.kr/boxmedia/ctrl_down/BMSpeedCheck.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab

O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1166380705968

O16 - DPF: {84F7A3A9-B92A-41F4-890F-83F2DC0ADB7E} (ToolBarInstall Control) - http://toolbar.imbc.com/toolbar/MBCToolBar.cab

O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab

O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures04.aim.com/ygp/aol/plugin/u...AIM.9.5.1.8.cab

O16 - DPF: {A65552CC-8138-4D22-BEC8-4D0AFB2786BC} (melonset Class) - http://www.melon.com/utility/player/vod/package/melonset.cab

O16 - DPF: {C296DB5F-4B01-47E1-AB57-C590BE769111} (MOPlayerWnd Class) - http://www.melon.com/cab/P3Melon.cab

O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{4AEE0E76-4ED3-4165-BF37-93704B1214CB}: NameServer = 192.168.2.1

O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - D:\CDS300\__CDS2.dll (file missing)

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: mlljh - C:\WINDOWS\system32\mlljh.dll (file missing)

O20 - Winlogon Notify: msrd2x40 - ircIass.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O21 - SSODL: mqcfqpvw - {314F53CD-F1E8-4589-B9AC-9A8EDBC0198E} - C:\WINDOWS\system32\mqcfqpvw.dll (file missing)

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: C-DillaService - Unknown owner - C:\WINDOWS\system32\drivers\CDANSRV.EXE (file missing)

O23 - Service: comcli Service (comcli) - Unknown owner - C:\WINDOWS\system32\comcli.exe (file missing)

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Local Manager lagacy (LMlagacy) - Unknown owner - C:\WINDOWS\ctfmon.exe (file missing)

O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

O23 - Service: mrtgupd Service (mrtgupd) - Unknown owner - C:\WINDOWS\system32\mrtgupd.exe (file missing)

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: Session Simulator (sessionsim) - Unknown owner - C:\Program Files\NetMeeting\sssnsml.exe

O23 - Service: Web Brower (spoolsvc_c1) - Unknown owner - C:\Program Files\Common Files\Algsvc.exe

O23 - Service: Distribute Support (spoolsvc_c2) - Unknown owner - C:\Program Files\Common Files\System\Ctfsys.exe

O23 - Service: Security Support (spoolsvc_c3) - Unknown owner - C:\Program Files\Common Files\System\Npchosts.exe

O23 - Service: Application Manager (spoolsvc_m) - Unknown owner - C:\Program Files\Common Files\services\syssvc.exe

O23 - Service: Toggle Analysis (tgglana) - Unknown owner - C:\WINDOWS\system32\togglelg.exe (file missing)

O23 - Service: Typer Interface Service (typemgr2) - Unknown owner - C:\WINDOWS\system32\Macromed\hddmgrs.exe (file missing)

&The Report-

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

+ Created at: 7:51:43 PM 07/08/07

+ Scan result:

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5X6BKPI7\a1128udt[1].exe -> Adware.Ddclick : Cleaned with backup (quarantined).

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4PANWHMV\a1124udt[1].exe -> Adware.Ddclick : Cleaned with backup (quarantined).

C:\WINDOWS\Temp\a1124udt.exe -> Adware.Ddclick : Cleaned with backup (quarantined).

C:\WINDOWS\Temp\a1128udt.exe -> Adware.Ddclick : Cleaned with backup (quarantined).

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2353FCBC-012D-487B-8BF3-865C0929FBEB} -> Adware.Virtumonde : Cleaned with backup (quarantined).

HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2353FCBC-012D-487B-8BF3-865C0929FBEB} -> Adware.Virtumonde : Cleaned with backup (quarantined).

HKU\S-1-5-21-577493093-3075917838-3829363503-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2353FCBC-012D-487B-8BF3-865C0929FBEB} -> Adware.Virtumonde : Cleaned with backup (quarantined).

C:\WINDOWS\DLP.dll -> Adware.Webdir : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Classes\CLSID\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} -> Adware.WebDir : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} -> Adware.WebDir : Cleaned with backup (quarantined).

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} -> Adware.WebDir : Cleaned with backup (quarantined).

HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} -> Adware.WebDir : Cleaned with backup (quarantined).

HKU\S-1-5-21-577493093-3075917838-3829363503-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} -> Adware.WebDir : Cleaned with backup (quarantined).

C:\WINDOWS\system32\faid0.exe -> Adware.Websearch : Cleaned with backup (quarantined).

C:\Program Files\Common Files\System\ctfmon.exe -> Backdoor.Agent.apk : Cleaned with backup (quarantined).

C:\WINDOWS\system32\vac7.exe -> Backdoor.Ghost : Cleaned with backup (quarantined).

C:\WINDOWS\system32\drivers\winhelper.exe -> Backdoor.Hupigon.hk : Cleaned with backup (quarantined).

C:\WINDOWS\system32\drivers\pnc.exe -> Backdoor.Ncx.a : Cleaned with backup (quarantined).

C:\WINDOWS\system32\bridge.dll -> Backdoor.Nobrain : Cleaned with backup (quarantined).

C:\WINDOWS\system32\tqsin.dll -> Backdoor.Prorat.16 : Cleaned with backup (quarantined).

C:\Documents and Settings\Jennifer\My Documents\Programs\Extra KeyGens\Adobe.Photoshop.CS3.Crack.exe/crack.exe -> Backdoor.Rbot.bwh : Cleaned with backup (quarantined).

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4PANWHMV\smup-incap[1].exe -> Downloader.Agent.bob : Cleaned with backup (quarantined).

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4PANWHMV\winslr-setup[1].exe -> Downloader.Agent.bob : Cleaned with backup (quarantined).

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\winslr-setup[1].exe -> Downloader.Agent.bob : Cleaned with backup (quarantined).

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W9QVGTUZ\smup-incap[1].exe -> Downloader.Agent.bob : Cleaned with backup (quarantined).

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W9QVGTUZ\winslr-setup[1].exe -> Downloader.Agent.bob : Cleaned with backup (quarantined).

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5X6BKPI7\gatz26[1].exe -> Downloader.Agent.bog : Cleaned with backup (quarantined).

C:\WINDOWS\system32\Macromed\hddmgrs.exe -> Downloader.Agent.bog : Cleaned with backup (quarantined).

C:\WINDOWS\system32\drivers\erelog.exe -> Downloader.Agent.bog : Cleaned with backup (quarantined).

C:\WINDOWS\asrotray.exe -> Downloader.Agent.bsj : Cleaned with backup (quarantined).

C:\Program Files\Security Guard\lopa.exe -> Downloader.Agent.btn : Cleaned with backup (quarantined).

C:\WINDOWS\vi\opa.exe -> Downloader.Agent.btn : Cleaned with backup (quarantined).

C:\WINDOWS\system32\Macromed\cm\cm.exe -> Downloader.Small : Cleaned with backup (quarantined).

C:\WINDOWS\system32\Vrunzip.dIl -> Downloader.Small : Cleaned with backup (quarantined).

C:\WINDOWS\system32\comcli.exe -> Downloader.Small : Cleaned with backup (quarantined).

C:\WINDOWS\system32\dgsetup.dIl -> Downloader.Small : Cleaned with backup (quarantined).

C:\WINDOWS\system32\drivers\CDANSRV.EXE -> Downloader.Small : Cleaned with backup (quarantined).

C:\WINDOWS\system32\togglelg.exe -> Downloader.Small : Cleaned with backup (quarantined).

C:\WINDOWS\system32\~res0003.exe -> Downloader.Small : Cleaned with backup (quarantined).

C:\WINDOWS\system32\~tmp1324.exe -> Downloader.Small : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP49\A0014608.exe -> Downloader.Small.eac : Cleaned with backup (quarantined).

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W9QVGTUZ\spintmp10[1].exe -> Downloader.VB.anf : Cleaned with backup (quarantined).

C:\WINDOWS\Temp\spintmp10.exe -> Downloader.VB.anf : Cleaned with backup (quarantined).

C:\WINDOWS\system32\spintmp.exe -> Downloader.VB.anf : Cleaned with backup (quarantined).

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5X6BKPI7\spdn10[1].exe -> Downloader.VB.ayv : Cleaned with backup (quarantined).

C:\WINDOWS\Temp\spdn10.exe -> Downloader.VB.ayv : Cleaned with backup (quarantined).

C:\Documents and Settings\Jennifer\Cookies\jennifer@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.

:mozilla.151:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.256:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.271:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.299:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.398:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.413:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.43:C:\Documents and Settings\Moon\Application Data\Mozilla\Firefox\Profiles\ki77a5fd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.89:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.90:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.91:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.92:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.93:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.94:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.95:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.96:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.97:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Jennifer\Cookies\jennifer@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\LocalService\Cookies\system@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.115:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.

:mozilla.116:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.

:mozilla.117:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.

:mozilla.118:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.

:mozilla.119:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.

C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt -> TrackingCookie.Adbrite : Cleaned.

C:\Documents and Settings\Jennifer\Cookies\jennifer@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.

C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt -> TrackingCookie.Adbrite : Cleaned.

C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt -> TrackingCookie.Addynamix : Cleaned.

:mozilla.470:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Adobe : Cleaned.

:mozilla.30:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.36:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.36:C:\Documents and Settings\Moon\Application Data\Mozilla\Firefox\Profiles\ki77a5fd.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.37:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.37:C:\Documents and Settings\Moon\Application Data\Mozilla\Firefox\Profiles\ki77a5fd.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.38:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.38:C:\Documents and Settings\Moon\Application Data\Mozilla\Firefox\Profiles\ki77a5fd.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.39:C:\Documents and Settings\Moon\Application Data\Mozilla\Firefox\Profiles\ki77a5fd.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.20:C:\Documents and Settings\Moon\Application Data\Mozilla\Firefox\Profiles\ki77a5fd.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.

:mozilla.7:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.

C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt -> TrackingCookie.Burstbeacon : Cleaned.

:mozilla.152:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.

C:\Documents and Settings\Jennifer\Cookies\jennifer@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.

C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt -> TrackingCookie.Burstnet : Cleaned.

C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt -> TrackingCookie.Clickhype : Cleaned.

:mozilla.163:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Com : Cleaned.

:mozilla.164:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Com : Cleaned.

C:\Documents and Settings\Jennifer\Cookies\jennifer@com[2].txt -> TrackingCookie.Com : Cleaned.

C:\Documents and Settings\Jennifer\Cookies\jennifer@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.

:mozilla.21:C:\Documents and Settings\Moon\Application Data\Mozilla\Firefox\Profiles\ki77a5fd.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.

:mozilla.34:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.

:mozilla.125:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.

:mozilla.126:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.

C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt -> TrackingCookie.Euroclick : Cleaned.

:mozilla.139:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.

:mozilla.194:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Findwhat : Cleaned.

:mozilla.60:C:\Documents and Settings\Moon\Application Data\Mozilla\Firefox\Profiles\ki77a5fd.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.

:mozilla.219:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.

:mozilla.220:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.

:mozilla.461:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Information : Cleaned.

C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt -> TrackingCookie.Information : Cleaned.

:mozilla.44:C:\Documents and Settings\Moon\Application Data\Mozilla\Firefox\Profiles\ki77a5fd.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.

:mozilla.45:C:\Documents and Settings\Moon\Application Data\Mozilla\Firefox\Profiles\ki77a5fd.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.

:mozilla.46:C:\Documents and Settings\Moon\Application Data\Mozilla\Firefox\Profiles\ki77a5fd.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.

:mozilla.47:C:\Documents and Settings\Moon\Application Data\Mozilla\Firefox\Profiles\ki77a5fd.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.

C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt -> TrackingCookie.Liveperson : Cleaned.

:mozilla.35:C:\Documents and Settings\Moon\Application Data\Mozilla\Firefox\Profiles\ki77a5fd.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.

C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt -> TrackingCookie.Msn : Cleaned.

:mozilla.368:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.

C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt -> TrackingCookie.Netflame : Cleaned.

:mozilla.314:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Overture : Cleaned.

:mozilla.315:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Overture : Cleaned.

:mozilla.52:C:\Documents and Settings\Moon\Application Data\Mozilla\Firefox\Profiles\ki77a5fd.default\cookies.txt -> TrackingCookie.Overture : Cleaned.

C:\Documents and Settings\Jennifer\Cookies\jennifer@overture[1].txt -> TrackingCookie.Overture : Cleaned.

C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned.

:mozilla.490:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.

:mozilla.127:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.

:mozilla.128:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.

:mozilla.129:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.

:mozilla.130:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.

:mozilla.131:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.

:mozilla.30:C:\Documents and Settings\Moon\Application Data\Mozilla\Firefox\Profiles\ki77a5fd.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.

:mozilla.31:C:\Documents and Settings\Moon\Application Data\Mozilla\Firefox\Profiles\ki77a5fd.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.

:mozilla.32:C:\Documents and Settings\Moon\Application Data\Mozilla\Firefox\Profiles\ki77a5fd.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.

:mozilla.33:C:\Documents and Settings\Moon\Application Data\Mozilla\Firefox\Profiles\ki77a5fd.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.

C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : Cleaned.

:mozilla.320:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.

:mozilla.321:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.

:mozilla.28:C:\Documents and Settings\Moon\Application Data\Mozilla\Firefox\Profiles\ki77a5fd.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.

:mozilla.29:C:\Documents and Settings\Moon\Application Data\Mozilla\Firefox\Profiles\ki77a5fd.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.

:mozilla.64:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.

:mozilla.65:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.

C:\Documents and Settings\Jennifer\Cookies\jennifer@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.

:mozilla.333:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.

:mozilla.334:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.

:mozilla.335:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.

:mozilla.336:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.

:mozilla.337:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.

C:\Documents and Settings\Jennifer\Cookies\jennifer@realmedia[2].txt -> TrackingCookie.Realmedia : Cleaned.

:mozilla.343:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.

:mozilla.344:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.

C:\Documents and Settings\Jennifer\Cookies\jennifer@revenue[2].txt -> TrackingCookie.Revenue : Cleaned.

:mozilla.42:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.43:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.44:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.45:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.46:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.47:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.48:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.49:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

C:\Documents and Settings\Jennifer\Cookies\jennifer@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.191:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.

:mozilla.192:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.

:mozilla.48:C:\Documents and Settings\Moon\Application Data\Mozilla\Firefox\Profiles\ki77a5fd.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.

C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt -> TrackingCookie.Ru4 : Cleaned.

:mozilla.150:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.350:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.351:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.352:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.353:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.354:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.355:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt -> TrackingCookie.Serving-sys : Cleaned.

C:\Documents and Settings\Jennifer\Cookies\jennifer@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.

C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt -> TrackingCookie.Specificclick : Cleaned.

C:\Documents and Settings\Jennifer\Cookies\jennifer@specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.

:mozilla.427:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.

:mozilla.72:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.

:mozilla.73:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.

:mozilla.74:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.

:mozilla.75:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.

:mozilla.76:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.

:mozilla.77:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.

:mozilla.78:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.

C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned.

C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt -> TrackingCookie.Tacoda : Cleaned.

C:\Documents and Settings\Jennifer\Cookies\jennifer@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.

:mozilla.82:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.

:mozilla.83:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.

:mozilla.84:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.

:mozilla.85:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.

:mozilla.86:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.

:mozilla.87:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.

:mozilla.88:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.

C:\Documents and Settings\Jennifer\Cookies\jennifer@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.

:mozilla.374:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.

:mozilla.375:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.

C:\Documents and Settings\Jennifer\Cookies\jennifer@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.

C:\Documents and Settings\Jennifer\Cookies\[email protected][2].txt -> TrackingCookie.Webtrends : Cleaned.

:mozilla.71:C:\Documents and Settings\Moon\Application Data\Mozilla\Firefox\Profiles\ki77a5fd.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.

:mozilla.72:C:\Documents and Settings\Moon\Application Data\Mozilla\Firefox\Profiles\ki77a5fd.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.

C:\Documents and Settings\Jennifer\Cookies\jennifer@yadro[2].txt -> TrackingCookie.Yadro : Cleaned.

:mozilla.27:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.28:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.31:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.32:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.33:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.35:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

C:\WINDOWS\system32\apo.dll -> Trojan.BHO.ax : Cleaned with backup (quarantined).

C:\WINDOWS\system32\onpcs.dll -> Trojan.BHO.ax : Cleaned with backup (quarantined).

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4PANWHMV\a1207[1].exe -> Trojan.Daum.m : Cleaned with backup (quarantined).

C:\WINDOWS\Temp\a1207up.exe -> Trojan.Daum.m : Cleaned with backup (quarantined).

C:\WINDOWS\system32\drivers\taskmgr.exe -> Trojan.Daum.m : Cleaned with backup (quarantined).

C:\WINDOWS\system32\2051\spoo1sv.exe -> Trojan.Notifier : Cleaned with backup (quarantined).

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\~tmp7630[1].exe -> Trojan.Small : Cleaned with backup (quarantined).

C:\WINDOWS\Temp\~tmp7630.exe -> Trojan.Small : Cleaned with backup (quarantined).

C:\WINDOWS\inisc.dll -> Trojan.Small : Cleaned with backup (quarantined).

C:\WINDOWS\melonsrv.dll -> Trojan.Small : Cleaned with backup (quarantined).

C:\WINDOWS\nerochk.exe -> Trojan.Small : Cleaned with backup (quarantined).

::Report end

Thanks ! :]

Link to post
Share on other sites

Boy you've got a messy log! My directions may take a while to complete, but please follow them exactly. Let's get to work...

Please print out these directions for use if/when you cannot access this page.

Please download VundoFix.exe to your desktop

  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt in a reply to this thread.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Next, please scan with HJT and place a check next to the following items (if present):

O2 - BHO: PowerLObj Class - {65D3B062-938C-4BB6-89B7-9E6FCD184E01} - C:\WINDOWS\system32\PowerL.dll

O2 - BHO: (no name) - {674F65AF-2475-4D18-97B4-E74603F23F97} - C:\WINDOWS\system32\bridge.dll (file missing)

O2 - BHO: Windows Guide Plus - {7CE3FFFE-53D6-47b5-896D-D4233C77E271} - C:\WINDOWS\system32\prvsvrs.dll

O2 - BHO: chkprc Class - {7DA7BE7D-A382-4AA7-A125-CA55A2070125} - C:\WINDOWS\system32\onpcs.dll (file missing)

O2 - BHO: (no name) - {900F4412-C5F4-4B5C-BF5D-F73D5D458B9B} - C:\PROGRA~1\POINTP~1\pplus.dll

O2 - BHO: (no name) - {C449AB75-308B-4428-A710-C68B8E87E0D5} - C:\WINDOWS\system32\pket.dll

O2 - BHO: ApoUp Class - {DA96C092-D3A6-4772-AB95-21523D152BEA} - C:\WINDOWS\system32\apo.dll (file missing)

O4 - HKLM\..\Run: [nwa01] c:\Program Files\Common Files\Services\nwa01.exe

O4 - HKLM\..\Run: [inwa01] c:\Program Files\Internet Explorer\inwa01.exe

O4 - HKLM\..\Run: [nwapi32] C:\WINDOWS\system32\dllcache\nwapi32.exe

O4 - HKLM\..\Run: [spooler] C:\WINDOWS\system32\spool\spooler.exe

O4 - HKLM\..\Run: [insdwe01] c:\Program Files\Common Files\Services\insdwe01.exe

O4 - HKLM\..\Run: [iinsdwe01] c:\Program Files\Internet Explorer\iinsdwe01.exe

O4 - HKCU\..\Run: [spoo1sv] C:\WINDOWS\system32\2051\spoo1sv.exe

O16 - DPF: {84F7A3A9-B92A-41F4-890F-83F2DC0ADB7E} (ToolBarInstall Control) - http://toolbar.imbc.com/toolbar/MBCToolBar.cab

O20 - Winlogon Notify: mlljh - C:\WINDOWS\system32\mlljh.dll (file missing)

O20 - Winlogon Notify: msrd2x40 - ircIass.dll (file missing)

O21 - SSODL: mqcfqpvw - {314F53CD-F1E8-4589-B9AC-9A8EDBC0198E} - C:\WINDOWS\system32\mqcfqpvw.dll (file missing)

Then, make sure all browser windows and other applications are closed, and click the Fix Checked button.

Please go to UploadMalware to upload a suspicious file for analysis.

  • Enter your username from this forum
  • Copy and paste the link to this thread
  • Input this filename: C:\WINDOWS\system32\servcies\servcies.exe
  • In the comments, please mention that I asked you to upload this file
  • Click on Send File

Repeat the above steps for file submission with the following files:

C:\WINDOWS\system32\DirectX\Dinput\smss.exe

C:\WINDOWS\system32\fxcursn.exe

C:\WINDOWS\Microsoft.NET\\Framework\netfxsbs20.exe

C:\WINDOWS\system32\drivers\ip4fw.exe

C:\WINDOWS\asrotray.exe

C:\Program Files\Common Files\Algsvc.exe

C:\Program Files\Common Files\System\Ctfsys.exe

C:\Program Files\Common Files\System\Npchosts.exe

C:\Program Files\Common Files\services\syssvc.exe

Next, Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.

  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.

    [*]Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\system32\PowerL.dll

    C:\WINDOWS\system32\bridge.dll

    C:\WINDOWS\system32\prvsvrs.dll

    C:\WINDOWS\system32\onpcs.dll

    C:\PROGRA~1\POINTP~1\pplus.dll

    C:\WINDOWS\system32\pket.dll

    C:\WINDOWS\system32\apo.dll

    c:\Program Files\Common Files\Services\nwa01.exe

    c:\Program Files\Internet Explorer\inwa01.exe

    C:\WINDOWS\system32\dllcache\nwapi32.exe

    C:\WINDOWS\system32\spool\spooler.exe

    c:\Program Files\Common Files\Services\insdwe01.exe

    c:\Program Files\Internet Explorer\iinsdwe01.exe

    C:\WINDOWS\system32\mlljh.dll

    C:\WINDOWS\system32\mqcfqpvw.dll

    [*] Return to Killbox, go to the File menu, and choose Paste from Clipboard.

    [*]Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

Please go HERE to run Panda's ActiveScan

  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Finally, post a new HJT log, the ActiveScan report and the VundoFix report.

Link to post
Share on other sites

I know.. haha it's a hugee mess >_<

Below are the log, and two reports.

However, when deleting the files that I checked in HJT, three of the same error boxes popped up with a long description, but it had a prompt to click Okay to delete/fix them, as I did.

Also, for the VundoFix, there was no promt to remove files as it read something like, "No Infections Detected," but I think that's what it says in the following vundo scan.

If I did something wrong I'm sorry >_<&Please alert me! I double checked everything I clicked but...

HJT Log

Logfile of HijackThis v1.99.1

Scan saved at 10:14:43 PM, on 07/09/07

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\PSIService.exe

C:\Program Files\Common Files\Algsvc.exe

C:\Program Files\Common Files\System\Ctfsys.exe

C:\Program Files\Common Files\System\Npchosts.exe

C:\Program Files\Common Files\services\syssvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\NATEON\Addin\B926D852-194B-4c62-9C73-3F0ECA8950EA\NateOnMain.exe

C:\Program Files\MSN Messenger\Device Manager\Loc\3099\msnmsgr.exe

C:\WINDOWS\system32\servcies\servcies.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\system32\DirectX\Dinput\smss.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\fxcursn.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\PROGRA~1\MSNMES~1\msnmsgr.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\AOL\1136571358\ee\aolsoftware.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\AIM6\aim6.exe

C:\Program Files\AIM6\aolsoftware.exe

C:\WINDOWS\system32\ctfmon.exe

c:\program files\common files\aol\1136571358\ee\aexplore.exe

C:\Documents and Settings\Jennifer\Desktop\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [NateOnMain] C:\Program Files\NATEON\Addin\B926D852-194B-4c62-9C73-3F0ECA8950EA\NateOnMain.exe

O4 - HKLM\..\Run: [MSNMessenger] "C:\Program Files\MSN Messenger\Device Manager\Loc\3099\msnmsgr.exe"

O4 - HKLM\..\Run: [servcies] C:\WINDOWS\system32\servcies\servcies.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [smss] "C:\WINDOWS\system32\DirectX\Dinput\smss.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [netfxsbs20] C:\WINDOWS\Microsoft.NET\\Framework\netfxsbs20.exe

O4 - HKLM\..\Run: [fxserv] C:\WINDOWS\system32\fxcursn.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [NateOnMain] C:\Program Files\NATEON\Addin\B926D852-194B-4c62-9C73-3F0ECA8950EA\NateOnMain.exe

O4 - HKCU\..\Run: [MSNMessenger] "C:\Program Files\MSN Messenger\Device Manager\Loc\3099\msnmsgr.exe"

O4 - HKCU\..\Run: [servcies] C:\WINDOWS\system32\servcies\servcies.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [asro] C:\WINDOWS\asrotray.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background

O4 - HKCU\..\Run: [smss] "C:\WINDOWS\system32\DirectX\Dinput\smss.exe"

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: begin tool - {F1F7763D-712D-4E24-A2EC-869982331C1C} - c:\program files\shopbegin\view.exe (HKCU)

O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cab

O16 - DPF: {0AE0F5F9-8233-49A4-A3C8-004CE190787B} (BMSpeedCheck Control) - http://www.pdbox.co.kr/boxmedia/ctrl_down/BMSpeedCheck.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab

O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1166380705968

O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures04.aim.com/ygp/aol/plugin/u...AIM.9.5.1.8.cab

O16 - DPF: {A65552CC-8138-4D22-BEC8-4D0AFB2786BC} (melonset Class) - http://www.melon.com/utility/player/vod/package/melonset.cab

O16 - DPF: {C296DB5F-4B01-47E1-AB57-C590BE769111} (MOPlayerWnd Class) - http://www.melon.com/cab/P3Melon.cab

O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{4AEE0E76-4ED3-4165-BF37-93704B1214CB}: NameServer = 192.168.2.1

O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - D:\CDS300\__CDS2.dll (file missing)

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: C-DillaService - Unknown owner - C:\WINDOWS\system32\drivers\CDANSRV.EXE (file missing)

O23 - Service: comcli Service (comcli) - Unknown owner - C:\WINDOWS\system32\comcli.exe (file missing)

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Local Manager lagacy (LMlagacy) - Unknown owner - C:\WINDOWS\ctfmon.exe (file missing)

O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

O23 - Service: mrtgupd Service (mrtgupd) - Unknown owner - C:\WINDOWS\system32\mrtgupd.exe (file missing)

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: Session Simulator (sessionsim) - Unknown owner - C:\Program Files\NetMeeting\sssnsml.exe

O23 - Service: Web Brower (spoolsvc_c1) - Unknown owner - C:\Program Files\Common Files\Algsvc.exe

O23 - Service: Distribute Support (spoolsvc_c2) - Unknown owner - C:\Program Files\Common Files\System\Ctfsys.exe

O23 - Service: Security Support (spoolsvc_c3) - Unknown owner - C:\Program Files\Common Files\System\Npchosts.exe

O23 - Service: Application Manager (spoolsvc_m) - Unknown owner - C:\Program Files\Common Files\services\syssvc.exe

O23 - Service: Toggle Analysis (tgglana) - Unknown owner - C:\WINDOWS\system32\togglelg.exe (file missing)

O23 - Service: Typer Interface Service (typemgr2) - Unknown owner - C:\WINDOWS\system32\Macromed\hddmgrs.exe (file missing)

ActiveScan Report

Incident Status Location

Adware:adware/wupd Not disinfected c:\program files\WinUpdate

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\zus7tjoj.default\cookies.txt[.uol.com.br/]

Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jennifer\Cookies\jennifer@247realmedia[2].txt

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Jennifer\Cookies\jennifer@2o7[2].txt

Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Jennifer\Cookies\jennifer@atwola[2].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Jennifer\Cookies\jennifer@com[1].txt

Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Jennifer\Cookies\jennifer@did-it[1].txt

Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Jennifer\Cookies\jennifer@go[2].txt

Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Jennifer\Cookies\jennifer@questionmarket[2].txt

Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jennifer\Cookies\jennifer@realmedia[1].txt

Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Jennifer\Cookies\jennifer@tickle[2].txt

Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Jennifer\Cookies\jennifer@toplist[1].txt

Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Jennifer\Cookies\jennifer@trafficmp[2].txt

Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Jennifer\Cookies\jennifer@tribalfusion[2].txt

Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt

Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Jennifer\Cookies\[email protected][1].txt

Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Jennifer\Cookies\jennifer@xiti[1].txt

Virus:Bck/Agent.FKJ Disinfected C:\Documents and Settings\Jennifer\Local Settings\Temp\tooin2.exe

Virus:Trj/Downloader.MIF Disinfected C:\Documents and Settings\Jennifer\Local Settings\Temporary Internet Files\Content.IE5\Z0TDKRT7\Agent_07[1].zip[Agent_07.exe]

Virus:Generic Trojan Disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5X6BKPI7\a1206[1].exe

Virus:Trj/Banker.IDK Disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5X6BKPI7\VSInst[1].exe

Adware:Adware/MyPCdoctor Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4PANWHMV\dvwinwin_[1].exe

Virus:Trj/Agent.FHL Disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\cliffhan[1].exe

Virus:Trj/Proxyserver.AB Disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W9QVGTUZ\gamans2[1].exe

Virus:Bck/Agent.FKJ Disinfected C:\Program Files\adlock\lockup.exe

Virus:Bck/Agent.FKJ Disinfected C:\Program Files\msconfig\ilikeprice.exe

Virus:Generic Trojan Disinfected C:\Program Files\Security Guard\AppInstaller_bsbs.exe

Virus:Generic Malware Not disinfected C:\Program Files\Security Guard\mp0510.exe[ctfmon01.exe]

Virus:Trj/Banker.IDK Disinfected C:\Program Files\VSInst03\VSInst.exe

Virus:Generic Trojan Disinfected C:\Program Files\WinUpdate\WinUpdate.ocx

Virus:Trj/Downloader.MIF Disinfected C:\WINDOWS\1076\PS102.zip[PS102.exe]

Virus:Bck/Agent.FKJ Disinfected C:\WINDOWS\1077\clean1.exe

Virus:Trj/Downloader.MIF Disinfected C:\WINDOWS\3457\backup2_09.exe

Virus:Trj/Downloader.MIF Disinfected C:\WINDOWS\3457\backup2_09.zip[backup2_09.exe]

Virus:Trj/Downloader.MIF Disinfected C:\WINDOWS\3457\backup2_37.exe

Virus:Trj/Downloader.MIF Disinfected C:\WINDOWS\3457\backup2_37.zip[backup2_37.exe]

Virus:Trj/Downloader.MIF Disinfected C:\WINDOWS\8857\Agent_01.exe

Virus:Trj/Downloader.MIF Disinfected C:\WINDOWS\8857\Agent_01.zip[Agent_01.exe]

Virus:Trj/Downloader.MIF Disinfected C:\WINDOWS\8857\Agent_07.exe

Virus:Trj/Downloader.MIF Disinfected C:\WINDOWS\8857\Agent_07.zip[Agent_07.exe]

Virus:Trj/Downloader.MIF Disinfected C:\WINDOWS\8857\backup1_09.exe

Virus:Trj/Downloader.MIF Disinfected C:\WINDOWS\8857\backup1_09.zip[backup1_09.exe]

Virus:Trj/Downloader.MIF Disinfected C:\WINDOWS\8857\backup1_37.exe

Virus:Trj/Downloader.MIF Disinfected C:\WINDOWS\8857\backup1_37.zip[backup1_37.exe]

Virus:Trj/Downloader.MIF Disinfected C:\WINDOWS\Agent.exe

Virus:Trj/Downloader.MIF Disinfected C:\WINDOWS\Agent_09.exe

Virus:Trj/Downloader.MIF Disinfected C:\WINDOWS\system32\2051\Setup_L02.exe

Virus:Trj/Downloader.MIF Disinfected C:\WINDOWS\system32\2051\Setup_L04.exe

Virus:Trj/Downloader.MIF Disinfected C:\WINDOWS\system32\2051\Setup_L07.exe

Virus:Trj/Downloader.MIF Disinfected C:\WINDOWS\system32\2051\Setup_L09.exe

Virus:Trj/Downloader.MIF Disinfected C:\WINDOWS\system32\2051\Setup_L10.exe

Virus:Trj/Downloader.MIF Disinfected C:\WINDOWS\system32\2051\Setup_L11.exe

Virus:Trj/Downloader.MIF Disinfected C:\WINDOWS\system32\2051\spoo1sv.ocx

Potentially unwanted tool:Application/Psexec.A Not disinfected C:\WINDOWS\system32\drivers\spsexec.exe

Virus:Trj/Downloader.MIF Disinfected C:\WINDOWS\system32\servcies\SetupXML09.exe

Virus:Bck/Prorat.HT Not disinfected C:\WINDOWS\system32\tmp\fxe.exe[tqsin.dll]

Adware:Adware/MyPCdoctor Not disinfected C:\WINDOWS\system32\uninst_mypd.exe

Virus:Generic Trojan Disinfected C:\WINDOWS\Temp\a1206.exe

Virus:Trj/Agent.FHL Disinfected C:\WINDOWS\Temp\cliffhan.exe

Adware:Adware/MyPCdoctor Not disinfected C:\WINDOWS\Temp\dvwinwin_.exe

VundoFix report

VundoFix V6.5.4

Checking Java version...

Java version is 1.4.2.3

Old versions of java are exploitable and should be removed.

Java version is 1.5.0.11

Scan started at 6:24:13 PM 07/09/07

Listing files found while scanning....

No infected files were found.

Beginning removal...

Once again, thank youu! :thumbsup:

Link to post
Share on other sites

Alrighty, back to work...

Please scan with HJT and place a check next to the following items:

O4 - HKLM\..\Run: [MSNMessenger] "C:\Program Files\MSN Messenger\Device Manager\Loc\3099\msnmsgr.exe"

O4 - HKLM\..\Run: [servcies] C:\WINDOWS\system32\servcies\servcies.exe

O4 - HKLM\..\Run: [smss] "C:\WINDOWS\system32\DirectX\Dinput\smss.exe"

O4 - HKLM\..\Run: [netfxsbs20] C:\WINDOWS\Microsoft.NET\\Framework\netfxsbs20.exe

O4 - HKLM\..\Run: [fxserv] C:\WINDOWS\system32\fxcursn.exe

O4 - HKCU\..\Run: [MSNMessenger] "C:\Program Files\MSN Messenger\Device Manager\Loc\3099\msnmsgr.exe"

O4 - HKCU\..\Run: [servcies] C:\WINDOWS\system32\servcies\servcies.exe

O4 - HKCU\..\Run: [asro] C:\WINDOWS\asrotray.exe

O4 - HKCU\..\Run: [smss] "C:\WINDOWS\system32\DirectX\Dinput\smss.exe"

O23 - Service: comcli Service (comcli) - Unknown owner - C:\WINDOWS\system32\comcli.exe (file missing)

O23 - Service: Session Simulator (sessionsim) - Unknown owner - C:\Program Files\NetMeeting\sssnsml.exe

O23 - Service: Web Brower (spoolsvc_c1) - Unknown owner - C:\Program Files\Common Files\Algsvc.exe

O23 - Service: Distribute Support (spoolsvc_c2) - Unknown owner - C:\Program Files\Common Files\System\Ctfsys.exe

O23 - Service: Security Support (spoolsvc_c3) - Unknown owner - C:\Program Files\Common Files\System\Npchosts.exe

O23 - Service: Application Manager (spoolsvc_m) - Unknown owner - C:\Program Files\Common Files\services\syssvc.exe

O23 - Service: Toggle Analysis (tgglana) - Unknown owner - C:\WINDOWS\system32\togglelg.exe (file missing)

O23 - Service: Typer Interface Service (typemgr2) - Unknown owner - C:\WINDOWS\system32\Macromed\hddmgrs.exe (file missing)

Then, make sure all browser windows and other applications are closed, and click the Fix Checked button.

  • Close & Open HiJackThis Again
  • Click on the "Config..." button on the bottom right
  • Click on the tab "Misc Tools"
  • click on "delete an NT service"
  • Copy and paste this in: comcli
  • Click "ok"

Repeat the above steps, but enter the following in the 5th step:

sessionsim

spoolsvc_c1

spoolsvc_c2

spoolsvc_c3

spoolsvc_m

tgglana

typemgr2

Then, Reboot your computer.

Once you are booted back up, do the following:

  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.

    [*]Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\Program Files\MSN Messenger\Device Manager\Loc\3099\msnmsgr.exe

    C:\WINDOWS\system32\servcies\servcies.exe

    C:\WINDOWS\system32\DirectX\Dinput\smss.exe

    C:\WINDOWS\Microsoft.NET\\Framework\netfxsbs20.exe

    C:\WINDOWS\system32\fxcursn.exe

    C:\Program Files\MSN Messenger\Device Manager\Loc\3099\msnmsgr.exe

    C:\WINDOWS\system32\servcies\servcies.exe

    C:\WINDOWS\asrotray.exe

    C:\WINDOWS\system32\DirectX\Dinput\smss.exe

    C:\Program Files\NetMeeting\sssnsml.exe

    C:\Program Files\Common Files\Algsvc.exe

    C:\Program Files\Common Files\System\Ctfsys.exe

    C:\Program Files\Common Files\System\Npchosts.exe

    C:\Program Files\Common Files\services\syssvc.exe

    [*] Return to Killbox, go to the File menu, and choose Paste from Clipboard.

    [*]Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

Please go to UploadMalware to upload a suspicious file for analysis.

  • Enter your username from this forum
  • Copy and paste the link to this thread
  • Input this filename: C:\Program Files\NATEON\Addin\B926D852-194B-4c62-9C73-3F0ECA8950EA\NateOnMain.exe
  • In the comments, please mention that I asked you to upload this file
  • Click on Send File

Updating Java and Clearing Cache

  1. Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
  2. It will say "Java Plug-in" under the icon.
    Please find the update button or tab in the Java Control Panel. Update your Java then reboot.
  3. If you are unable to update you can manually update by going here:http://www.java.com/en/download/manual.jsp

[*]After the reboot, go back into the Control Panel and double-click the Java Icon.

[*]Under Temporary Internet Files, click the Delete Files button.

[*]There are three options in the window to clear the cache - Leave ALL 3 Checked

  • Downloaded Applets
    Downloaded Applications
    Other Files

[*]Click OK on Delete Temporary Files Window

Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

[*]Click OK to leave the Java Control Panel.

Next, reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

Once in Safe Mode, find and delete the following folder:

c:\program files\WinUpdate\

Then, reboot your computer normally and post a new HJT log.

Matt

Link to post
Share on other sites

One question:

When i copied and pasted "comcli" (as well as the other words listed after) an error message came up saying "The service 'comcli' is enable and/or running. Disable it first, using HijackThis itself (from the scan results) or the Services.msc window." I know it gives quite a direct.. direction, but how do you disable it? Is it the same as checking the item and clicking Fixed? I wasn't sure so I'm asking beforehand. Oh and i tried typing in services.msc on Run, and I found comcli but if i right-click it, the only option that comes up is "start," so I guess it's stopped right now so I don't really get why it's not working..

Thank you~~

Edited by jennifer
Link to post
Share on other sites

Yes, make sure you 'fix' it with HJT by checking this line:

O23 - Service: comcli Service (comcli) - Unknown owner - C:\WINDOWS\system32\comcli.exe (file missing)

If that still doesn't work, skip it and go onto the others in the list.

Link to post
Share on other sites
Yes, make sure you 'fix' it with HJT by checking this line:

O23 - Service: comcli Service (comcli) - Unknown owner - C:\WINDOWS\system32\comcli.exe (file missing)

If that still doesn't work, skip it and go onto the others in the list.

Oh, but no matter how many times I check-fix it, it reappears on the list if once I scan the system again; so when I try to delete any one of those NT service (like sessionsim and etc) it doesn't work-the same error appears for all.

Edited by jennifer
Link to post
Share on other sites

Here you go!(:

With the Java Step, I couldn't update it any more because it says I have the most recent ones, so I just clicked to delete the Downloaded Applets&Applications. (There was no "Other Files" availiable to check on.)

Logfile of HijackThis v1.99.1

Scan saved at 10:44:04 AM, on 07/11/07

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\PSIService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\NATEON\Addin\B926D852-194B-4c62-9C73-3F0ECA8950EA\NateOnMain.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\MSNMES~1\msnmsgr.exe

C:\Program Files\Common Files\AOL\1136571358\ee\aolsoftware.exe

c:\program files\common files\aol\1136571358\ee\aexplore.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\AIM6\aim6.exe

C:\Program Files\AIM6\aolsoftware.exe

C:\WINDOWS\system32\fscagent.exe

C:\WINDOWS\system32\grdmgr.exe

C:\Documents and Settings\Jennifer\Desktop\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [NateOnMain] C:\Program Files\NATEON\Addin\B926D852-194B-4c62-9C73-3F0ECA8950EA\NateOnMain.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [NateOnMain] C:\Program Files\NATEON\Addin\B926D852-194B-4c62-9C73-3F0ECA8950EA\NateOnMain.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: begin tool - {F1F7763D-712D-4E24-A2EC-869982331C1C} - c:\program files\shopbegin\view.exe (HKCU)

O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cab

O16 - DPF: {0AE0F5F9-8233-49A4-A3C8-004CE190787B} (BMSpeedCheck Control) - http://www.pdbox.co.kr/boxmedia/ctrl_down/BMSpeedCheck.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab

O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1166380705968

O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures04.aim.com/ygp/aol/plugin/u...AIM.9.5.1.8.cab

O16 - DPF: {A65552CC-8138-4D22-BEC8-4D0AFB2786BC} (melonset Class) - http://www.melon.com/utility/player/vod/package/melonset.cab

O16 - DPF: {C296DB5F-4B01-47E1-AB57-C590BE769111} (MOPlayerWnd Class) - http://www.melon.com/cab/P3Melon.cab

O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{4AEE0E76-4ED3-4165-BF37-93704B1214CB}: NameServer = 192.168.2.1

O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - D:\CDS300\__CDS2.dll (file missing)

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: C-DillaService - Unknown owner - C:\WINDOWS\system32\drivers\CDANSRV.EXE (file missing)

O23 - Service: comcli Service (comcli) - Unknown owner - C:\WINDOWS\system32\comcli.exe (file missing)

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Local Manager lagacy (LMlagacy) - Unknown owner - C:\WINDOWS\ctfmon.exe (file missing)

O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

O23 - Service: mrtgupd Service (mrtgupd) - Unknown owner - C:\WINDOWS\system32\mrtgupd.exe (file missing)

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: Session Simulator (sessionsim) - Unknown owner - C:\Program Files\NetMeeting\sssnsml.exe (file missing)

O23 - Service: Web Brower (spoolsvc_c1) - Unknown owner - C:\Program Files\Common Files\Algsvc.exe (file missing)

O23 - Service: Distribute Support (spoolsvc_c2) - Unknown owner - C:\Program Files\Common Files\System\Ctfsys.exe (file missing)

O23 - Service: Security Support (spoolsvc_c3) - Unknown owner - C:\Program Files\Common Files\System\Npchosts.exe (file missing)

O23 - Service: Application Manager (spoolsvc_m) - Unknown owner - C:\Program Files\Common Files\services\syssvc.exe (file missing)

O23 - Service: Toggle Analysis (tgglana) - Unknown owner - C:\WINDOWS\system32\togglelg.exe (file missing)

O23 - Service: Typer Interface Service (typemgr2) - Unknown owner - C:\WINDOWS\system32\Macromed\hddmgrs.exe (file missing)

Link to post
Share on other sites

Lets try again.

Go to Start > Run and type Services.msc then hit Ok

Scroll down and find the below service:

comcli

When you find it, double-click on it. In the next window that opens, under the General tab click the Stop button, then click the drop-down box to change the Startup Type to Disabled. Now hit Apply and then Ok.

Repeat the above steps with the following services:

sessionsim

spoolsvc_c1

spoolsvc_c2

spoolsvc_c3

spoolsvc_m

tgglana

typemgr2

Open HiJackThis, click on Misc Tools, then click on Delete an NT Service. A window will pop up. Enter the below item into that field (make sure there are NO spaces before or after the name):

comcli

Click OK.

It should pull up information about the service, then ask if you want to reboot. Click NO.

Repeat the above steps with the following services:

sessionsim

spoolsvc_c1

spoolsvc_c2

spoolsvc_c3

spoolsvc_m

tgglana

typemgr2

Please go to UploadMalware to upload a suspicious file for analysis.

  • Enter your username from this forum
  • Copy and paste the link to this thread
  • Input for this filename: C:\WINDOWS\system32\grdmgr.exe
  • In the comments, please mention that I asked you to upload this file
  • Click on Send File

Now, Reboot your computer.

Post a new HiJackThis log after it reboots and let me know if you received any error messages.

Matt

Link to post
Share on other sites

Edit: Okay I've FINALLLYYY got it done! :]

If you read my other edit's and such.. I'm sorry-

I couldn't configure around certain programs and etc.

Until, now~~. &, I didn't receive any errors.

&HJT on next page/post

Edited by jennifer
Link to post
Share on other sites

Thanks!

HJT Log

Logfile of HijackThis v1.99.1

Scan saved at 6:23:12 PM, on 07/11/07

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\PSIService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\NATEON\Addin\B926D852-194B-4c62-9C73-3F0ECA8950EA\NateOnMain.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\MSNMES~1\msnmsgr.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Documents and Settings\Jennifer\Desktop\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [NateOnMain] C:\Program Files\NATEON\Addin\B926D852-194B-4c62-9C73-3F0ECA8950EA\NateOnMain.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [NateOnMain] C:\Program Files\NATEON\Addin\B926D852-194B-4c62-9C73-3F0ECA8950EA\NateOnMain.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: begin tool - {F1F7763D-712D-4E24-A2EC-869982331C1C} - c:\program files\shopbegin\view.exe (HKCU)

O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cab

O16 - DPF: {0AE0F5F9-8233-49A4-A3C8-004CE190787B} (BMSpeedCheck Control) - http://www.pdbox.co.kr/boxmedia/ctrl_down/BMSpeedCheck.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab

O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1166380705968

O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures04.aim.com/ygp/aol/plugin/u...AIM.9.5.1.8.cab

O16 - DPF: {A65552CC-8138-4D22-BEC8-4D0AFB2786BC} (melonset Class) - http://www.melon.com/utility/player/vod/package/melonset.cab

O16 - DPF: {C296DB5F-4B01-47E1-AB57-C590BE769111} (MOPlayerWnd Class) - http://www.melon.com/cab/P3Melon.cab

O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{4AEE0E76-4ED3-4165-BF37-93704B1214CB}: NameServer = 192.168.2.1

O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - D:\CDS300\__CDS2.dll (file missing)

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: C-DillaService - Unknown owner - C:\WINDOWS\system32\drivers\CDANSRV.EXE (file missing)

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Local Manager lagacy (LMlagacy) - Unknown owner - C:\WINDOWS\ctfmon.exe (file missing)

O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

O23 - Service: mrtgupd Service (mrtgupd) - Unknown owner - C:\WINDOWS\system32\mrtgupd.exe (file missing)

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

Link to post
Share on other sites
jennifer, I'm waiting for a response on those files you submitted for me. In the meantime, can you tell me how your computer is doing?

You mean the ones on upload malware?

My computer's doing fine, thank you :)

I noticed less programs are getting installed lately.-

Before I'd find random anti-virus programs or misc installments made, all korean; So i guess it was because of a korean downloading program I use called Clubbox & Monkey3. But then again, I'm never sure :)

Link to post
Share on other sites

Hi Jennifer,

Please scan with HJT and place a check next to the following items:

O4 - HKLM\..\Run: [NateOnMain] C:\Program Files\NATEON\Addin\B926D852-194B-4c62-9C73-3F0ECA8950EA\NateOnMain.exe

O4 - HKCU\..\Run: [NateOnMain] C:\Program Files\NATEON\Addin\B926D852-194B-4c62-9C73-3F0ECA8950EA\NateOnMain.exe

Then, make sure all browser windows and other applications are closed, and click the Fix Checked button.

  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.

    [*]Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\Program Files\NATEON\Addin\B926D852-194B-4c62-9C73-3F0ECA8950EA\NateOnMain.exe

    C:\WINDOWS\system32\grdmgr.exe

    [*] Return to Killbox, go to the File menu, and choose Paste from Clipboard.

    [*]Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

Then, post a fresh HJT log.

Matt

Link to post
Share on other sites

Alrightieee.

HJT

Logfile of HijackThis v1.99.1

Scan saved at 12:36:01 PM, on 07/13/07

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\PSIService.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\MSNMES~1\msnmsgr.exe

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\Jennifer\Desktop\HijackThis.exe

C:\WINDOWS\system32\wuauclt.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: begin tool - {F1F7763D-712D-4E24-A2EC-869982331C1C} - c:\program files\shopbegin\view.exe (HKCU)

O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cab

O16 - DPF: {0AE0F5F9-8233-49A4-A3C8-004CE190787B} (BMSpeedCheck Control) - http://www.pdbox.co.kr/boxmedia/ctrl_down/BMSpeedCheck.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab

O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1166380705968

O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures04.aim.com/ygp/aol/plugin/u...AIM.9.5.1.8.cab

O16 - DPF: {A65552CC-8138-4D22-BEC8-4D0AFB2786BC} (melonset Class) - http://www.melon.com/utility/player/vod/package/melonset.cab

O16 - DPF: {C296DB5F-4B01-47E1-AB57-C590BE769111} (MOPlayerWnd Class) - http://www.melon.com/cab/P3Melon.cab

O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{4AEE0E76-4ED3-4165-BF37-93704B1214CB}: NameServer = 192.168.2.1

O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - D:\CDS300\__CDS2.dll (file missing)

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: C-DillaService - Unknown owner - C:\WINDOWS\system32\drivers\CDANSRV.EXE (file missing)

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Local Manager lagacy (LMlagacy) - Unknown owner - C:\WINDOWS\ctfmon.exe (file missing)

O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

O23 - Service: mrtgupd Service (mrtgupd) - Unknown owner - C:\WINDOWS\system32\mrtgupd.exe (file missing)

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

Link to post
Share on other sites

Congrats! Your computer is clean! :thumbsup:

How is your system running?

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

  1. Firefox- Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox, however Opera is good as well.
  2. SpywareBlaster - Great prevention tool to keep malware from installing on your system.
  3. SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  4. IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  5. ATF Cleaner - Cleans temporary files from web browsers, and much more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  6. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  7. Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein and this guide on safer computing.

Have comments or suggestions about our Malware Support? Fill free to post them here.

Link to post
Share on other sites
Congrats! Your computer is clean! :thumbsup:

How is your system running?

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

  1. Firefox- Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox, however Opera is good as well.
  2. SpywareBlaster - Great prevention tool to keep malware from installing on your system.
  3. SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  4. IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  5. ATF Cleaner - Cleans temporary files from web browsers, and much more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  6. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  7. Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein and this guide on safer computing.

Have comments or suggestions about our Malware Support? Fill free to post them here.

THANK YOUU! :]

Very very much!

I appreciate your help~.

And I'll look into the above programs; I have some already :thumbsup:

Take care!!

Link to post
Share on other sites

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.