Viruses, Spyware and other Nasties RSS Viruses, Spyware and other Nasties RSS

Browser opening by itself.

Reply
1 2 3

Join Date: Apr 2007
Posts: 40
Reputation: pacian is an unknown quantity at this point 
Solved Threads: 0
pacian pacian is offline Offline
Light Poster

Re: Browser opening by itself.

 
0
  #11
Apr 9th, 2007
Fresher log:

Logfile of HijackThis v1.99.1
Scan saved at 9:30:25 PM, on 4/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\PMJ151LA.BIN
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Garmin\gStart.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Kyle Zhang\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gaiaonline.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 69.60.124.19 L2authd.lineage2.com
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\ynxosbie.dll",setvm
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Heroplayer Online - C:\HEROSOFT\Hero Super Play\MPURLGET.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: hero player - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\HEROSOFT\Hero Super Play\MPLAYER.EXE
O9 - Extra 'Tools' menuitem: hero player - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\HEROSOFT\Hero Super Play\MPLAYER.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://behappy2002.spaces.msn.com//P...d/MsnPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: PMJ151 AutoLaunch Service (PMJ151LA) - Matsushita Electric Industrial Co. ,Ltd, - C:\WINDOWS\PMJ151LA.BIN
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
Reply With Quote Quick reply to this message  
Join Date: Jul 2005
Posts: 642
Reputation: swatkat is an unknown quantity at this point 
Solved Threads: 50
swatkat's Avatar
swatkat swatkat is offline Offline
Small Town Boy

Re: Browser opening by itself.

 
0
  #12
Apr 11th, 2007
Hi,
There are still some malware that needs to cleaned! Download and install AVG Anti-Spyware v7.5
(This is Ewido 4.0 renamed. If you already have Ewido installed, please update to AVG Anti-Spyware which has a special "clean driver" for removing persistent malware.)
  • After download, double click on the file to launch the install process.
  • Choose a language, click "OK" and then click "Next".
  • Read the "License Agreement" and click "I Agree".
  • Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click "Next", then click "Install".
  • After setup completes, click "Finish" to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.
  • The main "Status" menu will appear. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'. As AVG Anti-Spyware may interfere with some of our other fixes, we are temporarily disabling it's active protection features until your system is clean, then you can reenable them.
  • Then right click on AVG Anti-Spyware in the system tray and uncheck "Start with Windows".
  • Go to Start > Run and type: services.msc
  • Press "OK".
  • Click the "Extended tab" and scroll down the list to find AVG Anti-Spyware guard.
  • When you find the guard service, double-click on it.
  • In the Properties Window > General Tab that opens, click the "Stop" button.
  • From the drop-down menu next to "Startup Type", click on "Manual".
  • Now click "Apply", then "OK" and close the Services window.
  • Connect to the Internet, go back to AVG Anti-Spyware, select the "Update" button and click "Start update". Wait until you see the "Update successful" message. If you are having problems with the updater, manually update with the AVG Anti-Spyware Full database installer from here.
  • Exit AVG Anti-Spyware when done - DO NOT perform a scan yet.
Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with AVG Anti-Spyware as follows:
  • Click on the "Scanner" button and choose the "Settings" tab.
  • Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
  • Under "How to Scan?", "Possibly unwanted software", and What to Scan?" leave all the default settings.
  • Under "Reports" select "Automatically generate report after every scan" and UNcheck "Only if threats were found".
  • Click the "Scan" tab to return to scanning options.
  • Click "Complete System Scan" to start.
  • When the scan has finished you will be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.
IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button.
  • Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
  • Exit AVG Anti-Spyware when done, reboot normally and submit the log report in your next response.
Note: Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. Doing so can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.

AVG Anti-Spyware is free for 30 days and all the extensions of the full version will be activated. After the 30 day trial, active protection extensions will be deactivated and the program will turn into a feature-limited freeware version that you can continue to use as an on-demand scanner or you may purchase a license to use the full version. We are installing AVG AntiSpyware with its real-time protection disabled. Once your system is clean you may renable it so you can continue using this feature for the remainder of the trial period.


After the reboot, download The Avenger and extract it to Desktop.
Copy all the lines of text in the Quotebox below to your by highlighting them and pressing Ctrl+C: Code:
Files to delete:
C:\WINDOWS\system32\ynxosbie.dll
  • Now, start The Avenger program by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing Ctrl+V.
  • Click "Done".
  • Now click on the Green Light to begin execution of the script. Answer "Yes" twice when prompted.

The Avenger will automatically do the following:
  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files that are deleted, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

Please copy/paste the contents of C:\avenger.txt into your next reply along with the AVG AntiSpyware log and a fresh HijackThis log.
"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
-Albert Einstein.
Reply With Quote Quick reply to this message  
Join Date: Apr 2007
Posts: 40
Reputation: pacian is an unknown quantity at this point 
Solved Threads: 0
pacian pacian is offline Offline
Light Poster

Re: Browser opening by itself.

 
0
  #13
Apr 11th, 2007
There wasn't a such file as: C:\WINDOWS\system32\ynxosbie.dll

Logfile of HijackThis v1.99.1
Scan saved at 9:05:45 PM, on 4/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\PMJ151LA.BIN
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Garmin\gStart.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Documents and Settings\Kyle Zhang\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gaiaonline.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 69.60.124.19 L2authd.lineage2.com
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v8.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {483CC496-D041-4545-8D9E-2D64294F97B2} - C:\WINDOWS\system32\efcabxx.dll
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\estqkduh.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {BB043E60-7A28-47E8-97A8-A0522C35353A} - C:\WINDOWS\system32\rqopp.dll
O2 - BHO: XBTBPos00 Class - {E552EEFC-DE97-45D4-BA1A-F534A1B4A579} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Heroplayer Online - C:\HEROSOFT\Hero Super Play\MPURLGET.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: hero player - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\HEROSOFT\Hero Super Play\MPLAYER.EXE
O9 - Extra 'Tools' menuitem: hero player - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\HEROSOFT\Hero Super Play\MPLAYER.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://behappy2002.spaces.msn.com//P...d/MsnPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: efcabxx - C:\WINDOWS\SYSTEM32\efcabxx.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: rqopp - C:\WINDOWS\system32\rqopp.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winfja32 - winfja32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: PMJ151 AutoLaunch Service (PMJ151LA) - Matsushita Electric Industrial Co. ,Ltd, - C:\WINDOWS\PMJ151LA.BIN
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:48:19 PM 4/11/2007

+ Scan result:



C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Ignored.
C:\WINDOWS\system32\efcabxx.dll -> Adware.Virtumonde : Ignored.
C:\WINDOWS\system32\mljgday.dll -> Adware.Virtumonde : Ignored.
C:\WINDOWS\system32\qomnmki.dll -> Adware.Virtumonde : Ignored.
C:\WINDOWS\system32\vtutsrr.dll -> Adware.Virtumonde : Ignored.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP746\A0157471.exe -> Downloader.Small.edb : Cleaned with backup (quarantined).
:mozilla.100:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.101:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.102:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.103:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.104:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.105:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.106:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.107:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.108:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.109:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.110:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.111:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.112:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.113:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.114:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.302:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.333:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.355:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.365:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.394:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.474:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.52:C:\Documents and Settings\Lin Yang\Application Data\Mozilla\Firefox\Profiles\6tw10lx9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.53:C:\Documents and Settings\Lin Yang\Application Data\Mozilla\Firefox\Profiles\6tw10lx9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.54:C:\Documents and Settings\Lin Yang\Application Data\Mozilla\Firefox\Profiles\6tw10lx9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.64:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.65:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.66:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.88:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.99:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Kyle Zhang\Cookies\kyle_zhang@gaiainteractive.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.112:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.95:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.96:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.97:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.98:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.28:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.29:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.70:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.71:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.72:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.360:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Adobe : Cleaned.
:mozilla.203:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.204:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.205:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.206:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.207:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.208:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.253:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.254:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.255:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.256:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.257:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.258:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.198:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.199:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.19:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.200:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.201:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.202:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.20:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.21:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.21:C:\Documents and Settings\Lin Yang\Application Data\Mozilla\Firefox\Profiles\6tw10lx9.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.22:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.22:C:\Documents and Settings\Lin Yang\Application Data\Mozilla\Firefox\Profiles\6tw10lx9.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.23:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Kyle Zhang\Cookies\kyle_zhang@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.14:C:\Documents and Settings\Lin Yang\Application Data\Mozilla\Firefox\Profiles\6tw10lx9.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.47:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.58:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Kyle Zhang\Cookies\kyle_zhang@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Lin Yang\Cookies\lin yang@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.464:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.72:C:\Documents and Settings\Lin Yang\Application Data\Mozilla\Firefox\Profiles\6tw10lx9.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.73:C:\Documents and Settings\Lin Yang\Application Data\Mozilla\Firefox\Profiles\6tw10lx9.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\Lin Yang\Cookies\lin yang@bfast[1].txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.463:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.15:C:\Documents and Settings\Lin Yang\Application Data\Mozilla\Firefox\Profiles\6tw10lx9.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.16:C:\Documents and Settings\Lin Yang\Application Data\Mozilla\Firefox\Profiles\6tw10lx9.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.17:C:\Documents and Settings\Lin Yang\Application Data\Mozilla\Firefox\Profiles\6tw10lx9.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.377:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.330:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.213:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.214:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.215:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.266:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.503:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.169:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.11:C:\Documents and Settings\Lin Yang\Application Data\Mozilla\Firefox\Profiles\6tw10lx9.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.374:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Kyle Zhang\Cookies\kyle_zhang@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Lawrence Zhang\Cookies\lawrence_zhang@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.148:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.149:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.10:C:\Documents and Settings\Lin Yang\Application Data\Mozilla\Firefox\Profiles\6tw10lx9.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.27:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.42:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Kyle Zhang\Cookies\kyle_zhang@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Lawrence Zhang\Cookies\lawrence_zhang@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Lin Yang\Cookies\lin yang@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.146:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.147:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.259:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.263:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.264:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Kyle Zhang\Cookies\kyle_zhang@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Lawrence Zhang\Cookies\lawrence_zhang@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.150:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.131:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.132:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.141:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.142:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.145:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.241:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.242:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.243:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Kyle Zhang\Cookies\kyle_zhang@ehg-maniatv.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Kyle Zhang\Cookies\kyle_zhang@ehg-pcsecurityshield.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Kyle Zhang\Cookies\kyle_zhang@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Lawrence Zhang\Cookies\lawrence_zhang@ehg-maniatv.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Lawrence Zhang\Cookies\lawrence_zhang@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.448:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Hypertracker : Cleaned.
:mozilla.64:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.67:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
C:\Documents and Settings\Lin Yang\Cookies\lin yang@linksynergy[1].txt -> TrackingCookie.Linksynergy : Cleaned.
:mozilla.189:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Live : Cleaned.
:mozilla.190:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Live : Cleaned.
:mozilla.191:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Live : Cleaned.
:mozilla.238:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.239:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.240:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.338:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.339:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.69:C:\Documents and Settings\Lin Yang\Application Data\Mozilla\Firefox\Profiles\6tw10lx9.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.78:C:\Documents and Settings\Lin Yang\Application Data\Mozilla\Firefox\Profiles\6tw10lx9.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.79:C:\Documents and Settings\Lin Yang\Application Data\Mozilla\Firefox\Profiles\6tw10lx9.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Lin Yang\Cookies\lin yang@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Lin Yang\Cookies\lin yang@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.28:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.30:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.31:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.56:C:\Documents and Settings\Lin Yang\Application Data\Mozilla\Firefox\Profiles\6tw10lx9.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Kyle Zhang\Cookies\kyle_zhang@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Lawrence Zhang\Cookies\lawrence_zhang@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.73:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.74:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.12:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.284:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.133:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.134:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.135:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.435:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.61:C:\Documents and Settings\Lin Yang\Application Data\Mozilla\Firefox\Profiles\6tw10lx9.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Lin Yang\Cookies\lin yang@data1.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Lin Yang\Cookies\lin yang@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Lin Yang\Cookies\lin yang@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Lin Yang\Cookies\lin yang@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
:mozilla.100:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.18:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.24:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.25:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.26:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.34:C:\Documents and Settings\Lin Yang\Application Data\Mozilla\Firefox\Profiles\6tw10lx9.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.35:C:\Documents and Settings\Lin Yang\Application Data\Mozilla\Firefox\Profiles\6tw10lx9.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.36:C:\Documents and Settings\Lin Yang\Application Data\Mozilla\Firefox\Profiles\6tw10lx9.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.37:C:\Documents and Settings\Lin Yang\Application Data\Mozilla\Firefox\Profiles\6tw10lx9.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.126:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.127:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.48:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.49:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Lin Yang\Cookies\lin yang@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.196:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.197:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.198:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.14:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.16:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.17:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.18:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.21:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.22:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.23:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.24:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.25:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.26:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.27:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Kyle Zhang\Cookies\kyle_zhang@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Lawrence Zhang\Cookies\lawrence_zhang@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.248:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.297:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.298:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.299:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.300:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.301:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.58:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.59:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.60:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.61:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.62:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Kyle Zhang\Cookies\kyle_zhang@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.209:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.210:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.28:C:\Documents and Settings\Lin Yang\Application Data\Mozilla\Firefox\Profiles\6tw10lx9.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.29:C:\Documents and Settings\Lin Yang\Application Data\Mozilla\Firefox\Profiles\6tw10lx9.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.378:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.379:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Kyle Zhang\Cookies\kyle_zhang@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.178:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.179:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.180:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.181:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.182:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.183:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.362:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.101:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.187:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.189:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Kyle Zhang\Cookies\kyle_zhang@targetnet[2].txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.113:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.114:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.115:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.116:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.117:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.118:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.119:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.380:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.381:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Kyle Zhang\Cookies\kyle_zhang@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.145:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.46:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Kyle Zhang\Cookies\kyle_zhang@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.326:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.12:C:\Documents and Settings\Lin Yang\Application Data\Mozilla\Firefox\Profiles\6tw10lx9.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.185:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.106:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.107:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.175:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.176:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Kyle Zhang\Cookies\kyle_zhang@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.197:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.305:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.306:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Kyle Zhang\Cookies\kyle_zhang@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP750\A0159935.dll -> Trojan.Agent.qt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP753\A0160256.dll -> Trojan.Agent.qt : Cleaned with backup (quarantined).


::Report end
Reply With Quote Quick reply to this message  
Join Date: Jul 2005
Posts: 642
Reputation: swatkat is an unknown quantity at this point 
Solved Threads: 50
swatkat's Avatar
swatkat swatkat is offline Offline
Small Town Boy

Re: Browser opening by itself.

 
0
  #14
Apr 12th, 2007
Hi,
It's the nasty Vundo adware! We will now remove it for good! Please download
VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files,
    click YES
  • Once you click yes, your desktop will go blank as it starts removing
    Vundo.
  • When completed, it will prompt that it will shutdown your computer,
    click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new
    HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not
remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for

Vundo button." when VundoFix appears at reboot.
"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
-Albert Einstein.
Reply With Quote Quick reply to this message  
Join Date: Apr 2007
Posts: 40
Reputation: pacian is an unknown quantity at this point 
Solved Threads: 0
pacian pacian is offline Offline
Light Poster

Re: Browser opening by itself.

 
0
  #15
Apr 12th, 2007
VundoFix V6.3.19

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 2:52:33 PM 4/12/2007

Listing files found while scanning....

C:\WINDOWS\system32\estqkduh.dll
C:\WINDOWS\system32\hfttkyed.dll
C:\WINDOWS\system32\ihhjl.bak1
C:\WINDOWS\system32\ihhjl.ini
C:\WINDOWS\system32\jartdrkv.dll
C:\WINDOWS\system32\jkkkk.dll
C:\WINDOWS\system32\kkkkj.bak1
C:\WINDOWS\system32\kkkkj.ini
C:\WINDOWS\system32\ljhhi.dll
C:\WINDOWS\system32\mljgday.dll
C:\WINDOWS\system32\nqbuertr.ini
C:\WINDOWS\system32\rqopp.dll
C:\WINDOWS\system32\rtreubqn.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\estqkduh.dll
C:\WINDOWS\system32\estqkduh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ihhjl.bak1
C:\WINDOWS\system32\ihhjl.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ihhjl.ini
C:\WINDOWS\system32\ihhjl.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\jartdrkv.dll
C:\WINDOWS\system32\jartdrkv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkkk.dll
C:\WINDOWS\system32\jkkkk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\kkkkj.bak1
C:\WINDOWS\system32\kkkkj.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\kkkkj.ini
C:\WINDOWS\system32\kkkkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ljhhi.dll
C:\WINDOWS\system32\ljhhi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljgday.dll
C:\WINDOWS\system32\mljgday.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nqbuertr.ini
C:\WINDOWS\system32\nqbuertr.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqopp.dll
C:\WINDOWS\system32\rqopp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rtreubqn.dll
C:\WINDOWS\system32\rtreubqn.dll Has been deleted!

Performing Repairs to the registry.
Done!

Logfile of HijackThis v1.99.1
Scan saved at 3:17:31 PM, on 4/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\PMJ151LA.BIN
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Garmin\gStart.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Kyle Zhang\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gaiaonline.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 69.60.124.19 L2authd.lineage2.com
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v8.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {232200B3-9D33-4908-8862-BD3DD8F8804B} - C:\WINDOWS\system32\jkkkk.dll (file missing)
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {483CC496-D041-4545-8D9E-2D64294F97B2} - C:\WINDOWS\system32\efcabxx.dll
O2 - BHO: (no name) - {60630D22-A84A-4B1F-8524-4C2E45B38C2F} - C:\WINDOWS\system32\rqopp.dll (file missing)
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\estqkduh.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {899AD04A-C96E-4378-BFE6-2B2B158DD643} - C:\WINDOWS\system32\ljhhi.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {C7F0B604-357D-45F6-A9B1-9D47FCC161AF} - C:\WINDOWS\system32\rqopp.dll (file missing)
O2 - BHO: XBTBPos00 Class - {E552EEFC-DE97-45D4-BA1A-F534A1B4A579} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\rtreubqn.dll",setvm
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Heroplayer Online - C:\HEROSOFT\Hero Super Play\MPURLGET.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: hero player - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\HEROSOFT\Hero Super Play\MPLAYER.EXE
O9 - Extra 'Tools' menuitem: hero player - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\HEROSOFT\Hero Super Play\MPLAYER.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://behappy2002.spaces.msn.com//P...d/MsnPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: efcabxx - C:\WINDOWS\SYSTEM32\efcabxx.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winfja32 - winfja32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: PMJ151 AutoLaunch Service (PMJ151LA) - Matsushita Electric Industrial Co. ,Ltd, - C:\WINDOWS\PMJ151LA.BIN
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
Reply With Quote Quick reply to this message  
Join Date: Jul 2005
Posts: 642
Reputation: swatkat is an unknown quantity at this point 
Solved Threads: 50
swatkat's Avatar
swatkat swatkat is offline Offline
Small Town Boy

Re: Browser opening by itself.

 
0
  #16
Apr 13th, 2007
Hi,
Please download VirtumundoBeGone.exe:
1. Save it to your Desktop.
2. Locate and double-click VirtumundoBeGone.exe to run it.
3. Follow the instructions. Do not worry if you see a BLUE SCREEN "Fatal Error" Message, it is normal and expected.
4. When finished it will create a log named vbg.txt on your desktop.
5. Reboot your PC.

Run HijackThis and click Do only a System scan. Then put a check mark infront of below listed entries:-

O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v8.dll
O2 - BHO: (no name) - {232200B3-9D33-4908-8862-BD3DD8F8804B} - C:\WINDOWS\system32\jkkkk.dll (file missing)
O2 - BHO: (no name) - {483CC496-D041-4545-8D9E-2D64294F97B2} - C:\WINDOWS\system32\efcabxx.dll
O2 - BHO: (no name) - {60630D22-A84A-4B1F-8524-4C2E45B38C2F} - C:\WINDOWS\system32\rqopp.dll (file missing)
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\estqkduh.dll (file missing)
O2 - BHO: (no name) - {899AD04A-C96E-4378-BFE6-2B2B158DD643} - C:\WINDOWS\system32\ljhhi.dll (file missing)
O2 - BHO: (no name) - {C7F0B604-357D-45F6-A9B1-9D47FCC161AF} - C:\WINDOWS\system32\rqopp.dll (file missing)
O2 - BHO: XBTBPos00 Class - {E552EEFC-DE97-45D4-BA1A-F534A1B4A579} - (no file)
O20 - Winlogon Notify: efcabxx - C:\WINDOWS\SYSTEM32\efcabxx.dll
O20 - Winlogon Notify: winfja32 - winfja32.dll (file missing)

Close all other open programs except Hijackthis and click the button Fix Checked in HijackThis.

Please also download catchme.exe to your desktop from the following link:
CATCHME
  • Double click the catchme.exe to run it
  • Open catchme.log to see results and post its contents in a reply along with vbg.txt and a fresh HijackThis log.
Last edited by swatkat; Apr 13th, 2007 at 12:31 am.
"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
-Albert Einstein.
Reply With Quote Quick reply to this message  
Join Date: Apr 2007
Posts: 40
Reputation: pacian is an unknown quantity at this point 
Solved Threads: 0
pacian pacian is offline Offline
Light Poster

Re: Browser opening by itself.

 
0
  #17
Apr 13th, 2007
Logfile of HijackThis v1.99.1
Scan saved at 2:55:15 PM, on 4/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\PMJ151LA.BIN
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Garmin\gStart.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Kyle Zhang\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gaiaonline.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 69.60.124.19 L2authd.lineage2.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\rtreubqn.dll",setvm
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Heroplayer Online - C:\HEROSOFT\Hero Super Play\MPURLGET.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: hero player - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\HEROSOFT\Hero Super Play\MPLAYER.EXE
O9 - Extra 'Tools' menuitem: hero player - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\HEROSOFT\Hero Super Play\MPLAYER.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://behappy2002.spaces.msn.com//P...d/MsnPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: PMJ151 AutoLaunch Service (PMJ151LA) - Matsushita Electric Industrial Co. ,Ltd, - C:\WINDOWS\PMJ151LA.BIN
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe


[04/13/2007, 14:38:24] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Kyle Zhang\Desktop\VirtumundoBeGone.exe" )
[04/13/2007, 14:39:06] - Detected System Information:
[04/13/2007, 14:39:06] - Windows Version: 5.1.2600, Service Pack 2
[04/13/2007, 14:39:06] - Current Username: Kyle Zhang (Admin)
[04/13/2007, 14:39:06] - Windows is in NORMAL mode.
[04/13/2007, 14:39:06] - Searching for Browser Helper Objects:
[04/13/2007, 14:39:06] - BHO 1: {0005A87D-D626-4B3A-84F9-1D9571695F55} (ThunderIEHelper Class)
[04/13/2007, 14:39:06] - BHO 2: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[04/13/2007, 14:39:06] - BHO 3: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[04/13/2007, 14:39:06] - BHO 4: {232200B3-9D33-4908-8862-BD3DD8F8804B} ()
[04/13/2007, 14:39:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/13/2007, 14:39:06] - Checking for HKLM\...\Winlogon\Notify\jkkkk
[04/13/2007, 14:39:06] - Key not found: HKLM\...\Winlogon\Notify\jkkkk, continuing.
[04/13/2007, 14:39:06] - BHO 5: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} (IeCatch5 Class)
[04/13/2007, 14:39:06] - BHO 6: {483CC496-D041-4545-8D9E-2D64294F97B2} ()
[04/13/2007, 14:39:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/13/2007, 14:39:06] - Checking for HKLM\...\Winlogon\Notify\efcabxx
[04/13/2007, 14:39:06] - Found: HKLM\...\Winlogon\Notify\efcabxx - This is probably Virtumundo.
[04/13/2007, 14:39:06] - Assigning {483CC496-D041-4545-8D9E-2D64294F97B2} MSEvents Object
[04/13/2007, 14:39:06] - BHO list has been changed! Starting over...
[04/13/2007, 14:39:06] - BHO 1: {0005A87D-D626-4B3A-84F9-1D9571695F55} (ThunderIEHelper Class)
[04/13/2007, 14:39:06] - BHO 2: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[04/13/2007, 14:39:06] - BHO 3: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[04/13/2007, 14:39:06] - BHO 4: {232200B3-9D33-4908-8862-BD3DD8F8804B} ()
[04/13/2007, 14:39:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/13/2007, 14:39:06] - Checking for HKLM\...\Winlogon\Notify\jkkkk
[04/13/2007, 14:39:06] - Key not found: HKLM\...\Winlogon\Notify\jkkkk, continuing.
[04/13/2007, 14:39:06] - BHO 5: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} (IeCatch5 Class)
[04/13/2007, 14:39:06] - BHO 6: {483CC496-D041-4545-8D9E-2D64294F97B2} (MSEvents Object)
[04/13/2007, 14:39:06] - ALERT: Found MSEvents Object!
[04/13/2007, 14:39:06] - BHO 7: {60630D22-A84A-4B1F-8524-4C2E45B38C2F} ()
[04/13/2007, 14:39:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/13/2007, 14:39:06] - Checking for HKLM\...\Winlogon\Notify\rqopp
[04/13/2007, 14:39:06] - Key not found: HKLM\...\Winlogon\Notify\rqopp, continuing.
[04/13/2007, 14:39:06] - BHO 8: {66E1191B-3229-4DF0-81F7-9127E8A3FF25} ()
[04/13/2007, 14:39:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/13/2007, 14:39:06] - Checking for HKLM\...\Winlogon\Notify\vtuvs
[04/13/2007, 14:39:06] - Found: HKLM\...\Winlogon\Notify\vtuvs - This is probably Virtumundo.
[04/13/2007, 14:39:06] - Assigning {66E1191B-3229-4DF0-81F7-9127E8A3FF25} MSEvents Object
[04/13/2007, 14:39:06] - BHO list has been changed! Starting over...
[04/13/2007, 14:39:06] - BHO 1: {0005A87D-D626-4B3A-84F9-1D9571695F55} (ThunderIEHelper Class)
[04/13/2007, 14:39:06] - BHO 2: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[04/13/2007, 14:39:06] - BHO 3: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[04/13/2007, 14:39:06] - BHO 4: {232200B3-9D33-4908-8862-BD3DD8F8804B} ()
[04/13/2007, 14:39:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/13/2007, 14:39:06] - Checking for HKLM\...\Winlogon\Notify\jkkkk
[04/13/2007, 14:39:06] - Key not found: HKLM\...\Winlogon\Notify\jkkkk, continuing.
[04/13/2007, 14:39:06] - BHO 5: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} (IeCatch5 Class)
[04/13/2007, 14:39:06] - BHO 6: {483CC496-D041-4545-8D9E-2D64294F97B2} (MSEvents Object)
[04/13/2007, 14:39:06] - ALERT: Found MSEvents Object!
[04/13/2007, 14:39:06] - BHO 7: {60630D22-A84A-4B1F-8524-4C2E45B38C2F} ()
[04/13/2007, 14:39:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/13/2007, 14:39:06] - Checking for HKLM\...\Winlogon\Notify\rqopp
[04/13/2007, 14:39:06] - Key not found: HKLM\...\Winlogon\Notify\rqopp, continuing.
[04/13/2007, 14:39:06] - BHO 8: {66E1191B-3229-4DF0-81F7-9127E8A3FF25} (MSEvents Object)
[04/13/2007, 14:39:06] - ALERT: Found MSEvents Object!
[04/13/2007, 14:39:06] - BHO 9: {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} ()
[04/13/2007, 14:39:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/13/2007, 14:39:06] - Checking for HKLM\...\Winlogon\Notify\estqkduh
[04/13/2007, 14:39:06] - Key not found: HKLM\...\Winlogon\Notify\estqkduh, continuing.
[04/13/2007, 14:39:06] - BHO 10: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[04/13/2007, 14:39:06] - BHO 11: {899AD04A-C96E-4378-BFE6-2B2B158DD643} ()
[04/13/2007, 14:39:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/13/2007, 14:39:06] - Checking for HKLM\...\Winlogon\Notify\ljhhi
[04/13/2007, 14:39:06] - Key not found: HKLM\...\Winlogon\Notify\ljhhi, continuing.
[04/13/2007, 14:39:06] - BHO 12: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[04/13/2007, 14:39:06] - BHO 13: {C7F0B604-357D-45F6-A9B1-9D47FCC161AF} ()
[04/13/2007, 14:39:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/13/2007, 14:39:07] - Checking for HKLM\...\Winlogon\Notify\rqopp
[04/13/2007, 14:39:07] - Key not found: HKLM\...\Winlogon\Notify\rqopp, continuing.
[04/13/2007, 14:39:07] - BHO 14: {E552EEFC-DE97-45D4-BA1A-F534A1B4A579} (XBTBPos00 Class)
[04/13/2007, 14:39:07] - Finished Searching Browser Helper Objects
[04/13/2007, 14:39:07] - *** Detected MSEvents Object
[04/13/2007, 14:39:07] - Trying to remove MSEvents Object...
[04/13/2007, 14:39:08] - Terminating Process: IEXPLORE.EXE
[04/13/2007, 14:39:08] - Terminating Process: RUNDLL32.EXE
[04/13/2007, 14:39:09] - Disabling Automatic Shell Restart
[04/13/2007, 14:39:09] - Terminating Process: EXPLORER.EXE
[04/13/2007, 14:39:09] - Suspending the NT Session Manager System Service
[04/13/2007, 14:39:09] - Terminating Windows NT Logon/Logoff Manager
[04/13/2007, 14:39:10] - Re-enabling Automatic Shell Restart
[04/13/2007, 14:39:10] - File to disable: C:\WINDOWS\system32\efcabxx.dll
[04/13/2007, 14:39:10] - Removing HKLM\...\Browser Helper Objects\{483CC496-D041-4545-8D9E-2D64294F97B2}
[04/13/2007, 14:39:11] - Removing HKCR\CLSID\{483CC496-D041-4545-8D9E-2D64294F97B2}
[04/13/2007, 14:39:11] - Adding Kill Bit for ActiveX for GUID: {483CC496-D041-4545-8D9E-2D64294F97B2}
[04/13/2007, 14:39:12] - Deleting ATLEvents/MSEvents Registry entries
[04/13/2007, 14:39:12] - Removing HKLM\...\Winlogon\Notify\efcabxx
[04/13/2007, 14:39:12] - Searching for Browser Helper Objects:
[04/13/2007, 14:39:12] - BHO 1: {0005A87D-D626-4B3A-84F9-1D9571695F55} (ThunderIEHelper Class)
[04/13/2007, 14:39:12] - BHO 2: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[04/13/2007, 14:39:12] - BHO 3: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[04/13/2007, 14:39:12] - BHO 4: {232200B3-9D33-4908-8862-BD3DD8F8804B} ()
[04/13/2007, 14:39:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/13/2007, 14:39:12] - Checking for HKLM\...\Winlogon\Notify\jkkkk
[04/13/2007, 14:39:12] - Key not found: HKLM\...\Winlogon\Notify\jkkkk, continuing.
[04/13/2007, 14:39:12] - BHO 5: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} (IeCatch5 Class)
[04/13/2007, 14:39:12] - BHO 6: {60630D22-A84A-4B1F-8524-4C2E45B38C2F} ()
[04/13/2007, 14:39:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/13/2007, 14:39:12] - Checking for HKLM\...\Winlogon\Notify\rqopp
[04/13/2007, 14:39:12] - Key not found: HKLM\...\Winlogon\Notify\rqopp, continuing.
[04/13/2007, 14:39:12] - BHO 7: {66E1191B-3229-4DF0-81F7-9127E8A3FF25} (MSEvents Object)
[04/13/2007, 14:39:12] - ALERT: Found MSEvents Object!
[04/13/2007, 14:39:12] - BHO 8: {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} ()
[04/13/2007, 14:39:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/13/2007, 14:39:12] - Checking for HKLM\...\Winlogon\Notify\estqkduh
[04/13/2007, 14:39:12] - Key not found: HKLM\...\Winlogon\Notify\estqkduh, continuing.
[04/13/2007, 14:39:12] - BHO 9: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[04/13/2007, 14:39:12] - BHO 10: {899AD04A-C96E-4378-BFE6-2B2B158DD643} ()
[04/13/2007, 14:39:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/13/2007, 14:39:12] - Checking for HKLM\...\Winlogon\Notify\ljhhi
[04/13/2007, 14:39:12] - Key not found: HKLM\...\Winlogon\Notify\ljhhi, continuing.
[04/13/2007, 14:39:12] - BHO 11: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[04/13/2007, 14:39:12] - BHO 12: {C7F0B604-357D-45F6-A9B1-9D47FCC161AF} ()
[04/13/2007, 14:39:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/13/2007, 14:39:12] - Checking for HKLM\...\Winlogon\Notify\rqopp
[04/13/2007, 14:39:12] - Key not found: HKLM\...\Winlogon\Notify\rqopp, continuing.
[04/13/2007, 14:39:12] - BHO 13: {E552EEFC-DE97-45D4-BA1A-F534A1B4A579} (XBTBPos00 Class)
[04/13/2007, 14:39:12] - Finished Searching Browser Helper Objects
[04/13/2007, 14:39:12] - *** Detected MSEvents Object
[04/13/2007, 14:39:12] - Trying to remove MSEvents Object...
[04/13/2007, 14:39:13] - Terminating Process: IEXPLORE.EXE
[04/13/2007, 14:39:14] - Terminating Process: RUNDLL32.EXE
[04/13/2007, 14:39:14] - Disabling Automatic Shell Restart
[04/13/2007, 14:39:14] - Terminating Process: EXPLORER.EXE
[04/13/2007, 14:39:14] - Suspending the NT Session Manager System Service
[04/13/2007, 14:39:14] - Terminating Windows NT Logon/Logoff Manager
[04/13/2007, 14:39:14] - Re-enabling Automatic Shell Restart
[04/13/2007, 14:39:14] - File to disable: C:\WINDOWS\system32\vtuvs.dll
[04/13/2007, 14:39:14] - Renaming C:\WINDOWS\system32\vtuvs.dll -> C:\WINDOWS\system32\vtuvs.dll.vir
[04/13/2007, 14:39:15] - File successfully renamed!
[04/13/2007, 14:39:15] - Removing HKLM\...\Browser Helper Objects\{66E1191B-3229-4DF0-81F7-9127E8A3FF25}
[04/13/2007, 14:39:15] - Removing HKCR\CLSID\{66E1191B-3229-4DF0-81F7-9127E8A3FF25}
[04/13/2007, 14:39:15] - Adding Kill Bit for ActiveX for GUID: {66E1191B-3229-4DF0-81F7-9127E8A3FF25}
[04/13/2007, 14:39:15] - Deleting ATLEvents/MSEvents Registry entries
[04/13/2007, 14:39:15] - Removing HKLM\...\Winlogon\Notify\vtuvs
[04/13/2007, 14:39:15] - Searching for Browser Helper Objects:
[04/13/2007, 14:39:15] - BHO 1: {0005A87D-D626-4B3A-84F9-1D9571695F55} (ThunderIEHelper Class)
[04/13/2007, 14:39:15] - BHO 2: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[04/13/2007, 14:39:15] - BHO 3: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[04/13/2007, 14:39:15] - BHO 4: {232200B3-9D33-4908-8862-BD3DD8F8804B} ()
[04/13/2007, 14:39:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/13/2007, 14:39:15] - Checking for HKLM\...\Winlogon\Notify\jkkkk
[04/13/2007, 14:39:15] - Key not found: HKLM\...\Winlogon\Notify\jkkkk, continuing.
[04/13/2007, 14:39:15] - BHO 5: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} (IeCatch5 Class)
[04/13/2007, 14:39:15] - BHO 6: {60630D22-A84A-4B1F-8524-4C2E45B38C2F} ()
[04/13/2007, 14:39:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/13/2007, 14:39:15] - Checking for HKLM\...\Winlogon\Notify\rqopp
[04/13/2007, 14:39:15] - Key not found: HKLM\...\Winlogon\Notify\rqopp, continuing.
[04/13/2007, 14:39:15] - BHO 7: {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} ()
[04/13/2007, 14:39:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/13/2007, 14:39:15] - Checking for HKLM\...\Winlogon\Notify\estqkduh
[04/13/2007, 14:39:15] - Key not found: HKLM\...\Winlogon\Notify\estqkduh, continuing.
[04/13/2007, 14:39:15] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[04/13/2007, 14:39:15] - BHO 9: {899AD04A-C96E-4378-BFE6-2B2B158DD643} ()
[04/13/2007, 14:39:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/13/2007, 14:39:15] - Checking for HKLM\...\Winlogon\Notify\ljhhi
[04/13/2007, 14:39:15] - Key not found: HKLM\...\Winlogon\Notify\ljhhi, continuing.
[04/13/2007, 14:39:15] - BHO 10: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[04/13/2007, 14:39:15] - BHO 11: {C7F0B604-357D-45F6-A9B1-9D47FCC161AF} ()
[04/13/2007, 14:39:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/13/2007, 14:39:15] - Checking for HKLM\...\Winlogon\Notify\rqopp
[04/13/2007, 14:39:15] - Key not found: HKLM\...\Winlogon\Notify\rqopp, continuing.
[04/13/2007, 14:39:15] - BHO 12: {E552EEFC-DE97-45D4-BA1A-F534A1B4A579} (XBTBPos00 Class)
[04/13/2007, 14:39:15] - Finished Searching Browser Helper Objects
[04/13/2007, 14:39:15] - Finishing up...
[04/13/2007, 14:39:15] - A restart is needed.
[04/13/2007, 14:39:15] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
[04/13/2007, 14:39:27] - Attempting to Restart via STOP error (Blue Screen!)

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Reply With Quote Quick reply to this message  
Join Date: Jul 2005
Posts: 642
Reputation: swatkat is an unknown quantity at this point 
Solved Threads: 50
swatkat's Avatar
swatkat swatkat is offline Offline
Small Town Boy

Re: Browser opening by itself.

 
0
  #18
Apr 14th, 2007
Hi,

Log's looking good. There's one more thing to remove now! Reboot in Safe Mode:-
Restart (or switch ON) the PC. Then, keep tapping the F8 Key. From the menu that will be displayed, out of which choose Safe Mode and press Enter key.


Run HijackThis and click Do only a System scan. Then put a check mark infront of below listed entries:-

O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\rtreubqn.dll",setvm

Close all other open programs except Hijackthis and click the button Fix Checked in HijackThis.

Make Windows to show all files:-
Go to Start > My Computer. Go to Tools menu, click Folder Options. Uncheck Hide protected operating system files. Then, click to select the option Show hidden files and folders. Click Apply and then click OK to exit.

Exit from HijackThis. Delete this file:-
C:\WINDOWS\system32\rtreubqn.dll

Run CCleaner, click "Options" button and here go to "Advanced" tab and uncheck the option "Only delete files in Windows Temp folder older than 48 hours". Click OK to exit from the Options. Finally click "Run Cleaner" and click "OK" to continue cleaning.

Reboot to Normal Mode. Rename HijackThis executable to something else (like Xyz.exe) and run it. Click Do a System scan and save log, and post the fresh log.
"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
-Albert Einstein.
Reply With Quote Quick reply to this message  
Join Date: Apr 2007
Posts: 40
Reputation: pacian is an unknown quantity at this point 
Solved Threads: 0
pacian pacian is offline Offline
Light Poster

Re: Browser opening by itself.

 
0
  #19
Apr 15th, 2007
Hey, I haven't been getting anymore browser problems! Hopefully this log will show that my computer's perfectly fine now.

Logfile of HijackThis v1.99.1
Scan saved at 5:20:11 PM, on 4/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\PMJ151LA.BIN
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Garmin\gStart.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Documents and Settings\Kyle Zhang\Desktop\HijackThis\Getaloadofthis.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gaiaonline.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 69.60.124.19 L2authd.lineage2.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Heroplayer Online - C:\HEROSOFT\Hero Super Play\MPURLGET.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: hero player - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\HEROSOFT\Hero Super Play\MPLAYER.EXE
O9 - Extra 'Tools' menuitem: hero player - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\HEROSOFT\Hero Super Play\MPLAYER.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://behappy2002.spaces.msn.com//P...d/MsnPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: PMJ151 AutoLaunch Service (PMJ151LA) - Matsushita Electric Industrial Co. ,Ltd, - C:\WINDOWS\PMJ151LA.BIN
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
Reply With Quote Quick reply to this message  
Join Date: Jul 2005
Posts: 642
Reputation: swatkat is an unknown quantity at this point 
Solved Threads: 50
swatkat's Avatar
swatkat swatkat is offline Offline
Small Town Boy

Re: Browser opening by itself.

 
0
  #20
Apr 17th, 2007
Hi,
Log looks clean Good to hear that the PC is working fine. By the way, please download and install the latest Java Runtime from here --> http://www.java.com/en/download/manual.jsp . Older Java Runtime had some exploits which were used by malware to infect the PC.
"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
-Albert Einstein.
Reply With Quote Quick reply to this message  
Reply
1 2 3

Quick Reply to Thread
This thread is more than three months old.
Perhaps start a new thread instead?
Message:



Similar Threads
Other Threads in the Viruses, Spyware and other Nasties Forum
Thread Tools Search this Thread



adware anti-malware anti-virussitesaccessissue antivirus apple attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cybercrime cyberwarfare ddos domains e-mafia education email europe exam exploit facebook fake fancheckvirus gaming gtaiv gumblar halloween herss.exe hijack hosting internet iphone logfiles mail malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch policeprovirusmba-mblockedinternetaccess president privacy pro redirect redirecting reliability report research rogueantivirus samhain sans scareware school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista war warning windows worm yahoo zeroday
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC