Sponsored By

edmandoo

Members
  • Content Count

    14
  • Joined

  • Last visited

About edmandoo

  • Rank
    Member
  1. I have been constantly finding install exe's by the title of "MFC 응용 프로그램" inside WINDOWS folder. It's korean...and i've searched it on google and it seems like it's microsoft oriented...but it had the same title for those weird korean anti virus programs that constantly installed themselves in my comp. Here is my hijackthis log. Oh and i've checked vmnat and smss processes from where they came from...and in those folder that korean thing was in there. PLEASE HELP. C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\MSN Messenger\Device Manager\Loc\3099\msnmsgr.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\DirectX\Dinput\smss.exe C:\WINDOWS\AppPatch\vmnat.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Program Files\AIM\aim.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [MSNMessenger] "C:\Program Files\MSN Messenger\Device Manager\Loc\3099\msnmsgr.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [smss] "C:\WINDOWS\system32\DirectX\Dinput\smss.exe" O4 - HKLM\..\Run: [vmnat] "C:\WINDOWS\AppPatch\vmnat.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSNMessenger] "C:\Program Files\MSN Messenger\Device Manager\Loc\3099\msnmsgr.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [vmnat] "C:\WINDOWS\AppPatch\vmnat.exe" O4 - HKCU\..\Run: [smss] "C:\WINDOWS\system32\DirectX\Dinput\smss.exe" O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} (GomWeb Control) - http://app.ipop.co.kr/gom/GomWeb.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {BCEF5CDE-BAD4-4532-A30B-9D16D502DE69} (BugsInstallEx Control) - http://install.bugs.co.kr/install/BugsInstallerEx.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing) O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PCI lagacy (PCIlagacy) - Unknown owner - C:\WINDOWS\nerochk.exe (file missing) O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
  2. yea even if i do combofix.exe and hijackthis scans. I believe i'm still getting signs of this korean stuff. Not only that, but i think now it's weekly...instead of daily that these things show up I scanned with hijackthis today and it scanned 3 ctfmon.exe, ususally only scanning one. And i found out that two of them were in the WINDOWS folder so i checked what it was. And it was in korean again , and definitely not related to Microsoft Office. PLEASE HELP!
  3. ComboFix 07-06-13.3 - C:\Documents and Settings\Edmundo Unit\Desktop\ComboFix.exe "Edmundo Unit" - 2007-06-12 21:23:58 - Service Pack 2 NTFS ((((((((((((((((((((((((( Files Created from 2007-05-13 to 2007-06-13 ))))))))))))))))))))))))))))))) 2007-06-12 21:18 337,920 --a------ C:\WINDOWS\system32\bmdelete.exe 2007-06-05 22:02 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-06-04 14:52 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-04 07:51 <DIR> d-------- C:\WINDOWS\1088 2007-06-03 07:58 <DIR> d-------- C:\NVSTEREO.LOG 2007-06-03 07:33 221,184 --a------ C:\WINDOWS\system32\install.exe 2007-05-31 16:34 421 --a------ C:\WINDOWS\system32\ccman.sys 2007-05-31 16:34 218,624 --a------ C:\WINDOWS\system32\ccmansetup.exe 2007-05-30 12:50 <DIR> d-------- C:\WINDOWS\1059 2007-05-30 12:50 <DIR> d-------- C:\WINDOWS\1057 2007-05-29 09:06 347 --a------ C:\WINDOWS\system32\takeup.sys 2007-05-29 09:06 226,304 --a------ C:\WINDOWS\system32\takeup.exe 2007-05-29 09:06 208,896 --a------ C:\WINDOWS\msconfig_uninstaller.exe 2007-05-29 09:06 <DIR> d-------- C:\WINDOWS\system32\nwproc 2007-05-29 09:06 <DIR> d-------- C:\WINDOWS\1045 2007-05-29 09:06 <DIR> d-------- C:\Program Files\nwproc 2007-05-28 15:36 <DIR> d-------- C:\DOCUME~1\Glara\APPLIC~1\Viewpoint 2007-05-28 08:25 <DIR> d-------- C:\WINDOWS\1051 2007-05-26 18:39 204,800 --a------ C:\WINDOWS\system32\urluninstaller.exe 2007-05-24 17:21 1,718 --a------ C:\WINDOWS\system32\exchange.sys 2007-05-22 19:45 458,752 --a------ C:\WINDOWS\LinkProSetupAx_8.exe 2007-05-22 19:45 15,872 --a------ C:\WINDOWS\system32\linkpro.exe 2007-05-20 17:37 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment 2007-05-19 21:29 <DIR> d-------- C:\DOCUME~1\EDMUND~1\APPLIC~1\dvdcss 2007-05-18 22:54 <DIR> d--h----- C:\WINDOWS\HUL 2007-05-15 15:26 <DIR> d-------- C:\WINDOWS\1365 2007-05-14 01:35 246,784 --a------ C:\WINDOWS\dlwl.exe (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-08 03:09:09 -------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-06-06 05:54:29 -------- d-----w C:\Program Files\Symantec 2007-06-06 05:45:57 -------- d-----w C:\Program Files\Messenger 2007-06-06 05:40:04 -------- d-----w C:\Program Files\Easy CD-DA Extractor 10 2007-06-06 05:34:48 -------- d-----w C:\Program Files\AlienGUIse 2007-06-06 05:14:28 -------- d-----w C:\DOCUME~1\EDMUND~1\APPLIC~1\Symantec 2007-06-03 15:12:13 -------- d-----w C:\DOCUME~1\EDMUND~1\APPLIC~1\Uniblue 2007-06-03 15:05:16 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-06-03 15:05:15 -------- d-----w C:\Program Files\Netmarble 2007-06-03 03:01:18 -------- d-----w C:\Program Files\Windows Media Connect 2 2007-05-31 23:34:24 1,486 ----a-w C:\WINDOWS\uninstall_all.sys 2007-05-30 19:52:31 -------- d-----w C:\DOCUME~1\EDMUND~1\APPLIC~1\Lavasoft 2007-05-29 20:38:15 -------- d-----w C:\Program Files\Steam 2007-05-26 04:51:56 -------- d-----w C:\DOCUME~1\EDMUND~1\APPLIC~1\Azureus 2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-05-11 04:48:13 1,543 ----a-w C:\WINDOWS\system32\fine.sys 2007-05-09 04:17:51 345,600 ----a-w C:\WINDOWS\system32\super.exe 2007-05-09 04:02:15 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-04-29 15:31:55 204,800 ----a-w C:\WINDOWS\system32viuninstaller.exe 2007-04-29 15:31:32 53,248 ----a-w C:\WINDOWS\system32\spintmp.exe 2007-04-26 01:58:32 200,704 ----a-w C:\WINDOWS\system32\pcsafe_uninstaller.exe 2007-04-25 22:58:38 242,688 ----a-w C:\WINDOWS\system32\uninst_vcpr.exe 2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-04-22 00:41:02 204,800 ----a-w C:\WINDOWS\system32\rsq.exe 2007-04-19 03:29:57 -------- d-----w C:\Program Files\Winamp 2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-17 05:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-04-17 05:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-04-17 05:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-04-17 05:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-04-17 05:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-04-17 05:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-04-17 05:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-04-17 05:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-04-17 05:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll 2007-04-17 05:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll 2007-04-15 16:45:35 -------- d-----w C:\Program Files\Norton AntiVirus 2007-04-15 16:42:28 48,776 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL 2007-04-15 16:42:28 115,000 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-04-14 04:40:48 204,800 ----a-w C:\WINDOWS\system32\viuninstaller.exe 2007-04-14 04:34:02 242,176 ----a-w C:\WINDOWS\system32\uninst_zerov.exe 2007-04-11 22:49:17 94,309 ----a-w C:\WINDOWS\Nate_Setup19.exe 2007-04-10 01:59:44 200,704 ----a-w C:\WINDOWS\system32\vacprouninstaller.exe 2007-03-29 20:51:46 300,784 ----a-w C:\WINDOWS\system32\Bugsctrl.dll 2007-03-29 01:51:54 538,256 ----a-w C:\WINDOWS\system32\SymNeti.dll 2007-03-29 01:51:52 161,424 ----a-w C:\WINDOWS\system32\SymRedir.dll 2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 02:56] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43] {9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-04-17 13:32] {A8F38D8D-E480-4D52-B7A2-731BB6995FDD}=C:\Program Files\Norton AntiVirus\NavShExt.dll [2007-04-02 19:19] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "@"="" [] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 23:19] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-06-03 17:33] "nwiz"="nwiz.exe" [2006-03-09 15:29 C:\WINDOWS\system32\nwiz.exe] "MSNMessenger"="C:\Program Files\MSN Messenger\Device Manager\Loc\3099\msnmsgr.exe" [2007-04-07 11:29] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00] "Uniblue RegistryBooster2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [] "MSNMessenger"="C:\Program Files\MSN Messenger\Device Manager\Loc\3099\msnmsgr.exe" [2007-04-07 11:29] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run] "SystemManager"=C:\WINDOWS\system32\a3p.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] C:\Program Files\AlienGUIse\fastload.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Usnsvc usnsvc Contents of the 'Scheduled Tasks' folder 2007-06-04 14:53:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job 2007-06-09 03:00:16 C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Edmundo Unit.job ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-12 21:27:16 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-06-12 21:27:52 C:\ComboFix-quarantined-files.txt ... 2007-06-12 21:27 C:\ComboFix2.txt ... 2007-06-04 14:52 --- E O F ---
  4. the one's in the moved it files. I deleted them..because everyone i searched on google dealt with korean siets and virus etc. So please help! Should i delete the msmon.sys.vir file also? in the qoobox folder from combofix i believe.
  5. yea it was another korean virus scanner thing....im getting scared now.
  6. hey you still didn't tell me what to do with the moved files. Should i delete them? Not only that..but today i turned on my computer...and this bmpatch.exe installed itself in my computer What is that? I searched it on google and it showed up on like chinese sites..? Should i delete it or what? Oh btw here's a new hijack log. Please tell me what to do with the quarantined and moved files... And why did this bmpatch.exe install itself into my computer? Is it a program extension? It's in my C drive in program files in a folder called "pcmedic" And the files inside include bmpatch.exe, pcmedic.dll2, and pcmedic.exe2 PLEASE HELP! this is my hijack log Logfile of HijackThis v1.99.1 Scan saved at 9:02:18 PM, on 6/9/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5700.0006) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\MSN Messenger\Device Manager\Loc\3099\msnmsgr.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Program Files\AIM\aim.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\pcmedic\bmpatch.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Norton AntiVirus\NAVW32.EXE C:\Program Files\Hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NateOnMain] C:\Program Files\NATEON\Addin\B926D852-194B-4c62-9C73-3F0ECA8950EA\NateOnMain.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [MSNMessenger] "C:\Program Files\MSN Messenger\Device Manager\Loc\3099\msnmsgr.exe" O4 - HKLM\..\Run: [pcmedic] C:\Program Files\pcmedic\pcmedic.exe Icon <---- what is that? O4 - HKCU\..\Run: [NateOnMain] C:\Program Files\NATEON\Addin\B926D852-194B-4c62-9C73-3F0ECA8950EA\NateOnMain.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKCU\..\Run: [MSNMessenger] "C:\Program Files\MSN Messenger\Device Manager\Loc\3099\msnmsgr.exe" O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} (GomWeb Control) - http://app.ipop.co.kr/gom/GomWeb.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {BCEF5CDE-BAD4-4532-A30B-9D16D502DE69} (BugsInstallEx Control) - http://install.bugs.co.kr/install/BugsInstallerEx.cab O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Error Event Log (ereventlog) - Unknown owner - C:\WINDOWS\system32\drivers\erelog.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing) O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PCI lagacy (PCIlagacy) - Unknown owner - C:\WINDOWS\nerochk.exe (file missing) O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
  7. NOT ONLY THAT but what should i do with the quarantined files in the otmovieit folder and the Qoobox folder? shouldnt i delete those files? Not only that, but what should i do with the "fix.reg" file. just leave it on my desktop? And that dll that was infected...what should i do with that (the one avg detected as infected) should i just leave it as is or delete it? thanks
  8. everything worked fine after the first post you made (and youre a mother freakin genius) thank you for everything. and yea i removed the last two. Thanks for being there for me so quick Matt told me that you techies had like finals and stuff to study for (our high school being charter got out a month earlier than all of you guys, yet we start a month earlier T_T) So yea and are you korean? because your name is birdsong and i have a friend named daniel song and i call him songbird. lol that was random but yea everything works fine THANKS MAN! Hope to encounter you again haha
  9. before i post i think i need to tell you why panda detected so many spyware. My sister and my dad has an account on this computer also..and i dont think they deleted the temporary internet files WHICH I WILL DO and WHICH I APOLOGIZE FOR NOT TELLING BEFOREHAND (if there are any mistakes i have made -__-) So yea and the weird thing is..when panda was scanning...avg detected (maybe it is just infected) a backup file in the hijackthis backups folder stated as a threat because the description stated some trojan horse generic4.SQG and the dll name was backup-20070604-144722-876.dll It indeed was a backup copy and infected. (i double checked) Im just going to leave it in the virusvault for now. So yea tomorrow i'll delete every temporary internet file from my sister's and dad's account. Here is the OTMoveIt log C:\WINDOWS\asrotray.exe moved successfully. Folder C:\ktf\ not found. File/Folder C:\WINDOWS\system32\onpcs.dll not found. File/Folder C:\WINDOWS\system32\apo.dll not found. C:\WINDOWS\system32\a3p.exe moved successfully. File/Folder C:\WINDOWS\asrotray.exe not found. C:\WINDOWS\system32\ccman.exe moved successfully. C:\WINDOWS\system32\carion.exe moved successfully. C:\WINDOWS\rundl64.exe moved successfully. C:\WINDOWS\system32\mswasie.exe moved successfully. C:\WINDOWS\system32\drivers\erelog.exe moved successfully. C:\WINDOWS\nerochk.exe moved successfully. Created on 06/05/2007 21:52:35 Here is the Panda Scan log (wow a lot of spyware..probably because of the other accounts mentioned above) Incident Status Location Virus:Trj/Agent.FHL Disinfected Operating system Virus:Trj/Agent.FHL Disinfected Operating system Adware:adware/statblaster Not disinfected Windows Registry Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Edmundo Unit\Application Data\Mozilla\Firefox\Profiles\gtjsf4vz.default\cookies.txt[.statcounter.com/] Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Edmundo Unit\Application Data\Mozilla\Firefox\Profiles\gtjsf4vz.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Edmundo Unit\Application Data\Mozilla\Firefox\Profiles\gtjsf4vz.default\cookies.txt[.trafficmp.com/] Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Edmundo Unit\Application Data\Mozilla\Firefox\Profiles\gtjsf4vz.default\cookies.txt[.fastclick.net/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Edmundo Unit\Application Data\Mozilla\Firefox\Profiles\gtjsf4vz.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Edmundo Unit\Application Data\Mozilla\Firefox\Profiles\gtjsf4vz.default\cookies.txt[.fastclick.net/] Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Edmundo Unit\Application Data\Mozilla\Firefox\Profiles\gtjsf4vz.default\cookies.txt[.trafficmp.com/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Edmundo Unit\Application Data\Mozilla\Firefox\Profiles\gtjsf4vz.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Edmundo Unit\Application Data\Mozilla\Firefox\Profiles\gtjsf4vz.default\cookies.txt[.trafficmp.com/] Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Edmundo Unit\Application Data\Mozilla\Firefox\Profiles\gtjsf4vz.default\cookies.txt[.fastclick.net/] Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Edmundo Unit\Application Data\Mozilla\Firefox\Profiles\gtjsf4vz.default\cookies.txt[.trafficmp.com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Edmundo Unit\Application Data\Mozilla\Firefox\Profiles\gtjsf4vz.default\cookies.txt[.atdmt.com/] Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Edmundo Unit\Application Data\Mozilla\Firefox\Profiles\gtjsf4vz.default\cookies.txt[.casalemedia.com/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Edmundo Unit\Application Data\Mozilla\Firefox\Profiles\gtjsf4vz.default\cookies.txt[.advertising.com/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Edmundo Unit\Application Data\Mozilla\Firefox\Profiles\gtjsf4vz.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Edmundo Unit\Application Data\Mozilla\Firefox\Profiles\gtjsf4vz.default\cookies.txt[.ads.pointroll.com/] Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Edmundo Unit\Application Data\Mozilla\Firefox\Profiles\gtjsf4vz.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Edmundo Unit\Application Data\Mozilla\Firefox\Profiles\gtjsf4vz.default\cookies.txt[searchportal.information.com/] Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Edmundo Unit\Application Data\Mozilla\Firefox\Profiles\gtjsf4vz.default\cookies.txt[.revenue.net/] Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Edmundo Unit\Application Data\Mozilla\Firefox\Profiles\gtjsf4vz.default\cookies.txt[.questionmarket.com/] Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Edmundo Unit\Application Data\Mozilla\Firefox\Profiles\gtjsf4vz.default\cookies.txt[.adrevolver.com/] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Edmundo Unit\Application Data\Mozilla\Firefox\Profiles\gtjsf4vz.default\cookies.txt[.com.com/] Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Edmundo Unit\Application Data\Mozilla\Firefox\Profiles\gtjsf4vz.default\cookies.txt[.zedo.com/] Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Edmundo Unit\Application Data\Mozilla\Firefox\Profiles\gtjsf4vz.default\cookies.txt[.atwola.com/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Edmundo Unit\Application Data\Mozilla\Firefox\Profiles\gtjsf4vz.default\cookies.txt[.2o7.net/] Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Edmundo Unit\Desktop\ComboFix.exe[ComboFixT\nircmd.exe] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[.advertising.com/] Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[.2o7.net/] Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[.atwola.com/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[.adrevolver.com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[.atdmt.com/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[.realmedia.com/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[server.iad.liveperson.net/hc/LPpacificsunwear] Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[server.iad.liveperson.net/] Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[server.iad.liveperson.net/hc/LPpacificsunwear] Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[.overture.com/] Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[.perf.overture.com/] Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[.casalemedia.com/] Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[.trafficmp.com/] Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[.zedo.com/] Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[.ads.pointroll.com/] Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[.fastclick.net/] Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[counter.hitslink.com/] Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[.bluestreak.com/] Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[.questionmarket.com/] Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[.statcounter.com/] Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[.burstnet.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[.serving-sys.com/] Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[.hitbox.com/] Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[.ehg-dig.hitbox.com/] Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[.tradedoubler.com/] Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[searchportal.information.com/] Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[statse.webtrendslive.com/S148222] Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[statse.webtrendslive.com/] Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[statse.webtrendslive.com/S148222] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[.247realmedia.com/] Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Glara\Application Data\Mozilla\Firefox\Profilesynrkohc.default\cookies.txt[.entrepreneur.com/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][1].txt Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][2].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][1].txt Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][2].txt Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][1].txt Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][1].txt Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][2].txt Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][2].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][2].txt Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][2].txt Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][2].txt Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][2].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][2].txt Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][1].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][1].txt Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][1].txt Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][1].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][1].txt Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][2].txt Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][1].txt Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][2].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][1].txt Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][1].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][2].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][1].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][1].txt Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][1].txt Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][2].txt Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][2].txt Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][2].txt Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][3].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][1].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][2].txt Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][2].txt Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][1].txt Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][2].txt Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][1].txt Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][2].txt Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][1].txt Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][2].txt Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][5].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][1].txt Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][1].txt Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][2].txt Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][2].txt Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][2].txt Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][1].txt Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][1].txt Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][1].txt Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][2].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][2].txt Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][1].txt Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][1].txt Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][1].txt Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][1].txt Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][1].txt Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][1].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Glara\Cookies\[email protected][1].txt Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Glara\Local Settings\Temp\Cookies\[email protected][1].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Glara\Local Settings\Temp\Cookies\g[email protected][2].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Glara\Local Settings\Temp\Cookies\[email protected][2].txt Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Glara\Local Settings\Temp\Cookies\[email protected][1].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Glara\Local Settings\Temp\Cookies\[email protected][1].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Glara\Local Settings\Temp\Cookies\[email protected][2].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Glara\Local Settings\Temp\Cookies\[email protected][1].txt Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Glara\Local Settings\Temp\Cookies\[email protected][1].txt Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Glara\Local Settings\Temp\Cookies\[email protected][2].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Glara\Local Settings\Temp\Cookies\[email protected][1].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\rjjdmvmu.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\rjjdmvmu.default\cookies.txt[.fastclick.net/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\rjjdmvmu.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\rjjdmvmu.default\cookies.txt[.questionmarket.com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\rjjdmvmu.default\cookies.txt[.atdmt.com/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\rjjdmvmu.default\cookies.txt[.realmedia.com/] Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\rjjdmvmu.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\rjjdmvmu.default\cookies.txt[.advertising.com/] Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\rjjdmvmu.default\cookies.txt[.casalemedia.com/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\rjjdmvmu.default\cookies.txt[.ad.yieldmanager.com/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\rjjdmvmu.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\rjjdmvmu.default\cookies.txt[.ad.yieldmanager.com/] Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\rjjdmvmu.default\cookies.txt[.ads.pointroll.com/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\rjjdmvmu.default\cookies.txt[.microsofteup.112.2o7.net/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\rjjdmvmu.default\cookies.txt[.go.com/] Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\rjjdmvmu.default\cookies.txt[.statse.webtrendslive.com/S134168] Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\rjjdmvmu.default\cookies.txt[.statse.webtrendslive.com/S0014-01-3-13-180631-60051] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][3].txt Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected]w.myaffiliateprogram[1].txt Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Virus:Bck/Agent.FKJ Disinfected C:\WINDOWS\1045\JJG_setup.exe Virus:Trj/Agent.FHL Disinfected C:\WINDOWS\melonsrv.dll Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\nircmd.exe Virus:Trj/Agent.FHL Disinfected C:\WINDOWS\system32\~res0003.exe Virus:Trj/Agent.FHL Disinfected C:\_OTMoveIt\MovedFiles\WINDOWS\nerochk.exe Virus:Trj/Agent.FHL Disinfected C:\_OTMoveIt\MovedFiles\WINDOWS\system32\drivers\erelog.exe THIS IS THE FRESH (after scanning with panda and "moving it") HIJACKTHIS log Logfile of HijackThis v1.99.1 Scan saved at 11:17:55 PM, on 6/5/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5700.0006) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\ALCWZRD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\AIM\aim.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file) O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NateOnMain] C:\Program Files\NATEON\Addin\B926D852-194B-4c62-9C73-3F0ECA8950EA\NateOnMain.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [MSNMessenger] "C:\Program Files\MSN Messenger\Device Manager\Loc\3099\msnmsgr.exe" O4 - HKLM\..\Run: [asro] C:\WINDOWS\asrotray.exe O4 - HKCU\..\Run: [NateOnMain] C:\Program Files\NATEON\Addin\B926D852-194B-4c62-9C73-3F0ECA8950EA\NateOnMain.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} (GomWeb Control) - http://app.ipop.co.kr/gom/GomWeb.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {BCEF5CDE-BAD4-4532-A30B-9D16D502DE69} (BugsInstallEx Control) - http://install.bugs.co.kr/install/BugsInstallerEx.cab O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Error Event Log (ereventlog) - Unknown owner - C:\WINDOWS\system32\drivers\erelog.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing) O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PCI lagacy (PCIlagacy) - Unknown owner - C:\WINDOWS\nerochk.exe (file missing) O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe P.S. thank you for helping me so much. I have never felt luckier. THANK YOU SERIOUSLY!
  10. yea sorry i carelessly forgot to paste the rest of it in stupid me. Oh and quick question before i post. I remember i was in the regedit place...and i think i accidentally deleted one of my realtek functions which automatically detects a headphone/microphone in the beginning. Because now i have to constantly go back to the realtek folder in program files and run the audio wizard whenever i want to use my headset. How can i make it so it functions again whenever i start the computer? Oh and the virus doesn't install anymore woot! but i know there's still more to do "Edmundo Unit" - 2007-06-04 14:48:12 Service Pack 2 NTFS ComboFix 07-06-3 - Running from: "C:\Documents and Settings\Edmundo Unit\Desktop\" ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Program Files\winupdate C:\WINDOWS\system32\msmon.sys ((((((((((((((((((((((((( Files Created from 2007-05-04 to 2007-06-04 ))))))))))))))))))))))))))))))) 2007-06-04 07:51 <DIR> d-------- C:\WINDOWS\1088 2007-06-03 20:52 <DIR> d-------- C:\Program Files\uhelp 2007-06-03 07:58 <DIR> d-------- C:\NVSTEREO.LOG 2007-06-03 07:33 53,248 --a------ C:\WINDOWS\system32\mswasie.exe 2007-06-03 07:33 221,184 --a------ C:\WINDOWS\system32\install.exe 2007-06-01 08:19 222,568 --a------ C:\WINDOWS\system32\carion.exe 2007-05-31 17:16 221,643 --a------ C:\WINDOWS\system32\ccman.exe 2007-05-31 16:34 421 --a------ C:\WINDOWS\system32\ccman.sys 2007-05-31 16:34 218,624 --a------ C:\WINDOWS\system32\ccmansetup.exe 2007-05-31 16:34 <DIR> d-------- C:\ktf 2007-05-31 00:48 69,632 --a------ C:\WINDOWS\rundl64.exe 2007-05-30 12:50 188,416 --a------ C:\WINDOWS\system32\apo.dll 2007-05-30 12:50 <DIR> d-------- C:\WINDOWS\1059 2007-05-30 12:50 <DIR> d-------- C:\WINDOWS\1057 2007-05-29 09:06 347 --a------ C:\WINDOWS\system32\takeup.sys 2007-05-29 09:06 226,304 --a------ C:\WINDOWS\system32\takeup.exe 2007-05-29 09:06 208,896 --a------ C:\WINDOWS\msconfig_uninstaller.exe 2007-05-29 09:06 <DIR> d-------- C:\WINDOWS\system32\nwproc 2007-05-29 09:06 <DIR> d-------- C:\WINDOWS\1045 2007-05-29 09:06 <DIR> d-------- C:\Program Files\nwproc 2007-05-28 15:36 <DIR> d-------- C:\DOCUME~1\Glara\APPLIC~1\Viewpoint 2007-05-28 08:25 <DIR> d-------- C:\WINDOWS\1051 2007-05-26 18:39 204,800 --a------ C:\WINDOWS\system32\urluninstaller.exe 2007-05-24 17:21 1,718 --a------ C:\WINDOWS\system32\exchange.sys 2007-05-22 19:45 458,752 --a------ C:\WINDOWS\LinkProSetupAx_8.exe 2007-05-22 19:45 15,872 --a------ C:\WINDOWS\system32\linkpro.exe 2007-05-20 17:37 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment 2007-05-19 21:29 <DIR> d-------- C:\DOCUME~1\EDMUND~1\APPLIC~1\dvdcss 2007-05-18 22:54 <DIR> d--h----- C:\WINDOWS\HUL 2007-05-15 15:26 <DIR> d-------- C:\WINDOWS\1365 2007-05-14 01:35 246,784 --a------ C:\WINDOWS\dlwl.exe 2007-05-11 16:53 57,344 --a------ C:\WINDOWS\melonsrv.dll 2007-05-11 16:53 40,960 --a------ C:\WINDOWS\nerochk.exe 2007-05-11 16:53 35,840 --a------ C:\WINDOWS\nvdualhd.exe 2007-05-10 21:48 1,543 --a------ C:\WINDOWS\system32\fine.sys 2007-05-10 21:48 1,486 --a------ C:\WINDOWS\uninstall_all.sys 2007-05-10 21:47 <DIR> d-------- C:\WINDOWS\1369 2007-05-10 16:51 <DIR> d-------- C:\WINDOWS\1358 2007-05-08 21:17 345,600 --a------ C:\WINDOWS\system32\super.exe 2007-05-08 21:02 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-03 15:12:13 -------- d-----w C:\DOCUME~1\EDMUND~1\APPLIC~1\Uniblue 2007-06-03 15:05:16 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-06-03 15:05:15 -------- d-----w C:\Program Files\Netmarble 2007-06-03 03:01:18 -------- d-----w C:\Program Files\Windows Media Connect 2 2007-06-02 00:12:06 -------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-05-30 19:52:31 -------- d-----w C:\DOCUME~1\EDMUND~1\APPLIC~1\Lavasoft 2007-05-29 20:38:15 -------- d-----w C:\Program Files\Steam 2007-05-26 04:51:56 -------- d-----w C:\DOCUME~1\EDMUND~1\APPLIC~1\Azureus 2007-05-01 23:49:17 94,208 ----a-w C:\WINDOWS\system32\~res0003.exe 2007-04-29 15:31:55 204,800 ----a-w C:\WINDOWS\system32viuninstaller.exe 2007-04-29 15:31:32 53,248 ----a-w C:\WINDOWS\system32\spintmp.exe 2007-04-26 01:58:32 200,704 ----a-w C:\WINDOWS\system32\pcsafe_uninstaller.exe 2007-04-25 22:58:38 242,688 ----a-w C:\WINDOWS\system32\uninst_vcpr.exe 2007-04-22 00:41:02 204,800 ----a-w C:\WINDOWS\system32\rsq.exe 2007-04-19 03:29:57 -------- d-----w C:\Program Files\Winamp 2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-15 16:45:35 -------- d-----w C:\Program Files\Norton AntiVirus 2007-04-15 16:42:30 -------- d-----w C:\Program Files\Symantec 2007-04-15 16:42:28 48,776 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL 2007-04-15 16:42:28 115,000 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-04-14 04:40:48 204,800 ----a-w C:\WINDOWS\system32\viuninstaller.exe 2007-04-14 04:34:02 242,176 ----a-w C:\WINDOWS\system32\uninst_zerov.exe 2007-04-11 22:49:17 94,309 ----a-w C:\WINDOWS\Nate_Setup19.exe 2007-04-10 01:59:44 200,704 ----a-w C:\WINDOWS\system32\vacprouninstaller.exe 2007-04-08 03:56:02 -------- d-----w C:\Program Files\iTunes 2007-04-08 03:55:53 -------- d-----w C:\Program Files\iPod 2007-04-08 03:55:26 -------- d-----w C:\Program Files\QuickTime 2007-04-08 03:53:15 -------- d-----w C:\Program Files\Apple Software Update 2007-03-29 20:51:46 300,784 ----a-w C:\WINDOWS\system32\Bugsctrl.dll 2007-03-29 01:51:54 538,256 ----a-w C:\WINDOWS\system32\SymNeti.dll 2007-03-29 01:51:52 161,424 ----a-w C:\WINDOWS\system32\SymRedir.dll 2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll 2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll 2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll 2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll 2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys 2007-03-08 03:02:36 6,420,160 ----a-w C:\WINDOWS\system32\FoxSetup_Monkey3.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 02:56] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43] {9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-04-17 13:32] {A8F38D8D-E480-4D52-B7A2-731BB6995FDD}=C:\Program Files\Norton AntiVirus\NavShExt.dll [2007-04-02 19:19] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "@"="" [] "NateOnMain"="C:\Program Files\NATEON\Addin\B926D852-194B-4c62-9C73-3F0ECA8950EA\NateOnMain.exe" [] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 23:19] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-06-03 17:33] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NateOnMain"="C:\Program Files\NATEON\Addin\B926D852-194B-4c62-9C73-3F0ECA8950EA\NateOnMain.exe" [] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00] "Uniblue RegistryBooster2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run] "SystemManager"=C:\WINDOWS\system32\a3p.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] C:\Program Files\AlienGUIse\fastload.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=wbsys.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Usnsvc usnsvc HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs* Contents of the 'Scheduled Tasks' folder 2007-06-04 14:53:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job 2007-06-02 04:27:01 C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Edmundo Unit.job ************************************************************************** catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-04 14:52:02 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-06-04 14:52:38 C:\ComboFix-quarantined-files.txt ... 2007-06-04 14:52 --- E O F ---
  11. well thank you song~ here is the combofix log file (weirdly it didnt ask me to reboot the computer) Combofix log file "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00] "Uniblue RegistryBooster2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run] "SystemManager"=C:\WINDOWS\system32\a3p.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] C:\Program Files\AlienGUIse\fastload.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=wbsys.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Usnsvc usnsvc HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs* Contents of the 'Scheduled Tasks' folder 2007-06-04 14:53:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job 2007-06-02 04:27:01 C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Edmundo Unit.job ************************************************************************** catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-04 14:52:02 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-06-04 14:52:38 C:\ComboFix-quarantined-files.txt ... 2007-06-04 14:52 --- E O F --- Here is my new hijackthis log. Logfile of HijackThis v1.99.1 Scan saved at 2:56:12 PM, on 6/4/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5700.0006) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\nvdualhd.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\explorer.exe C:\Program Files\AIM\aim.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file) O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NateOnMain] C:\Program Files\NATEON\Addin\B926D852-194B-4c62-9C73-3F0ECA8950EA\NateOnMain.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [NateOnMain] C:\Program Files\NATEON\Addin\B926D852-194B-4c62-9C73-3F0ECA8950EA\NateOnMain.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} (GomWeb Control) - http://app.ipop.co.kr/gom/GomWeb.cab O16 - DPF: {BCEF5CDE-BAD4-4532-A30B-9D16D502DE69} (BugsInstallEx Control) - http://install.bugs.co.kr/install/BugsInstallerEx.cab O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Error Event Log (ereventlog) - Unknown owner - C:\WINDOWS\system32\drivers\erelog.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing) O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PCI lagacy (PCIlagacy) - Unknown owner - C:\WINDOWS\nerochk.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe THANK YOU SO MUCH! PLEASE REPLY BACK WITH MORE DETAILS! peace p.s. combofix created a quarantine folder...what should i do with it?
  12. wow so pro. So yea if i do that will the errors or korean trojans or whatever be deleted/fixed? Because you say this is a good start....? And after your message there is a line ------------ Then it says things like you need and things like you want...do i have to download that or do you just put that in every message you post? Thanks! Im at a community college right now waiting for my sister to finish signing up for some summer college classes and im typing this message to you Thanks for helping again! Im going to go home and fix this right away!
  13. Logfile of HijackThis v1.99.1 Scan saved at 8:23:13 AM, on 6/4/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5700.0006) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\nvdualhd.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\asrotray.exe C:\Program Files\MSN Messenger\Device Manager\Loc\3099\msnmsgr.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\ktf\svchost.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Edmundo Unit\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: linkprohelper - {11E78485-C932-4944-BDCD-3B57CD676E5C} - (no file) O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: NetCtrl Class - {68FACDB7-76C2-481F-BED0-5176BFC06F40} - C:\WINDOWS\system32\jng.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: chkprc Class - {7DA7BE7D-A382-4AA7-A125-CA55A2070125} - C:\WINDOWS\system32\onpcs.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: ApoUp Class - {DA96C092-D3A6-4772-AB95-21523D152BEA} - C:\WINDOWS\system32\apo.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [asro] C:\WINDOWS\asrotray.exe O4 - HKLM\..\Run: [NateOnMain] C:\Program Files\NATEON\Addin\B926D852-194B-4c62-9C73-3F0ECA8950EA\NateOnMain.exe O4 - HKLM\..\Run: [MSNMessenger] "C:\Program Files\MSN Messenger\Device Manager\Loc\3099\msnmsgr.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Xweb] "C:\Program Files\SoftForum\XecureWeb\ActiveX\Xecureweb.exe" O4 - HKLM\..\Run: [sdae] "C:\ktf\svchost.exe" O4 - HKLM\..\Run: [ccman] C:\WINDOWS\system32\ccman.exe O4 - HKLM\..\Run: [carion] C:\WINDOWS\system32\carion.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [rundl64] C:\WINDOWS\rundl64.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [exfine] C:\Program Files\Common Files\System\exfine.exe O4 - HKCU\..\Run: [asro] C:\WINDOWS\asrotray.exe O4 - HKCU\..\Run: [MSNMessenger] "C:\Program Files\MSN Messenger\Device Manager\Loc\3099\msnmsgr.exe" O4 - HKCU\..\Run: [NateOnMain] C:\Program Files\NATEON\Addin\B926D852-194B-4c62-9C73-3F0ECA8950EA\NateOnMain.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Xweb] "C:\Program Files\SoftForum\XecureWeb\ActiveX\Xecureweb.exe" O4 - HKCU\..\Run: [mswasie.exe] C:\WINDOWS\system32\mswasie.exe O4 - HKCU\..\Run: [uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} (GomWeb Control) - http://app.ipop.co.kr/gom/GomWeb.cab O16 - DPF: {BCEF5CDE-BAD4-4532-A30B-9D16D502DE69} (BugsInstallEx Control) - http://install.bugs.co.kr/install/BugsInstallerEx.cab O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Error Event Log (ereventlog) - Unknown owner - C:\WINDOWS\system32\drivers\erelog.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing) O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PCI lagacy (PCIlagacy) - Unknown owner - C:\WINDOWS\nerochk.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
  14. hi...im very nervous and paranoid when it comes to worms/trojans/viruses. I remember the first time i had a virus...my computer shut down automatically and when i tried rebooting the comp...it get to the win logon page and then restart automatically continuously..OH horrible Anyway...i'm very afraid right now also. I currently have a Gateway computer bought in late 2004 505 GR model number XAB49 210 03895 and lately...i've been getting Korean viruses (i know because i can read it) They would happen sometimes when i would start my computer, these "antivirus" programs would install automatically into my computer and say that i have viruses etc...probably they were advertisements. And everytime i deleted it...new ones would come out...so today morning, i got very mad and tired of it because it started installing programs like Windows freesearch, uccsearchapplication, etc. (which i know are viruses because none of them showed up in google) So i tried my best. Then i came across a weird folder "ktf" in my C: drive. It WASN'T in the WINDOWS folder...and strangely the file inside the ktf folder was a svchost.exe with a weird/stylish gray icon. One of my friends told me it should immediately be deleted...but it couldn't...because then i would take a risk of breaking my computer from ending the wrong svchost.exe in the processes. So i'm very confused...how can i get rid of this? Not only that, but i scanned my comp with NAV 2007 with the latest definitions..detecting no threat. Then i scanned it with AVG Free edition from cnet.com and it detected 5 trojan droppers from my computer which it successfully deleted. Yet even AVG with the latest definitions do not detect that "foreign" folder as a threat. Can you guys recommend me any solutions that can help me delete this pestering problem? I mean i have a restore dvd but i don't want to delete all my materials. Plus if i do get something like an external hard drive to my materials in...im pretty sure the virus can get in also. PLEASE REPLY! THANK YOU!