Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Can somebody help with this log

Started by dawni , Nov 29 2006 05:22 PM

Please log in to reply

#1
dawni

Posted 29 November 2006 - 05:22 PM

Member

Member
10 posts

I tried to remove the trojan for a million times and they are still there...I even tried to fix it using hijackThis the best I can. but still, I got those 8 infected files. can someone help me?

Logfile of HijackThis v1.99.1
Scan saved at 7:18:57 AM, on 11/30/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\Com\LSASS.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\zh-tw\msntb.dll
O3 - Toolbar: |?-μ?÷(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\zh-tw\msntb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ItMonitor] C:\WINDOWS\WASAY\MONITOR.EXE
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ExFilter] Rundll32.exe "C:\PROGRA~1\CNNIC\Cdn\cdnspie.dll",ExecFilter solo
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O16 - DPF: i.Game MJImpressYHK - http://202.43.223.14...JImpressYHK.cab
O16 - DPF: {3AC7F64E-6154-47B0-82B5-764ED4077F77} (DataStorage Class) - http://txn.hkjc.com/.../HKJCSecKey.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1160929999484
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1160929935031
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.c...ropper1_7us.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://itv.5qzone.ne...82_20060329.cab
O21 - SSODL: AdobePDF - {D92D666A-0F7B-5892-A7E8-29340333F07E} - "C:\Program Files\Internet Explorer\PLUGINS\nppdf.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

#2
MFDnSC

Posted 02 December 2006 - 03:56 PM

Banned

Banned
1,137 posts

run this and post its log and a new hijack log

http://download.blee...ta/combofix.exe

#3
dawni

Posted 04 December 2006 - 05:15 PM

Member

Topic Starter
Member
10 posts

I'm sorry but this link is dead. I tried to search on the web for programs like called combo fix also, but got nothing. what is it I have to download to run the check?

#4
dawni

Posted 04 December 2006 - 05:17 PM

Member

Topic Starter
Member
10 posts

btw, these few days, I did quite a bit of web research and have been trying to fix the computer myself. I know the problems are still not solved.

now, it's the updated hijack this log.

Logfile of HijackThis v1.99.1
Scan saved at 7:08:03 AM, on 12/5/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\Com\LSASS.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\Rundll32.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\WINLOGON.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe 1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\zh-tw\msntb.dll
O3 - Toolbar: |?-μ?÷(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\zh-tw\msntb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ItMonitor] C:\WINDOWS\WASAY\MONITOR.EXE
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ExFilter] Rundll32.exe "C:\PROGRA~1\CNNIC\Cdn\cdnspie.dll",ExecFilter solo
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Torjan Program] C:\WINDOWS\WINLOGON.EXE
O4 - HKLM\..\RunServices: [Torjan Program] C:\WINDOWS\WINLOGON.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue Registry Booster] D:\Program Files\Registry Booster\RegistryBooster.exe /S
O16 - DPF: i.Game MJImpressYHK - http://202.43.223.14...JImpressYHK.cab
O16 - DPF: {3AC7F64E-6154-47B0-82B5-764ED4077F77} (DataStorage Class) - http://txn.hkjc.com/.../HKJCSecKey.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1160929999484
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1160929935031
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.c...ropper1_7us.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://itv.5qzone.ne...82_20060329.cab
O21 - SSODL: AdobePDF - {D92D666A-0F7B-5892-A7E8-29340333F07E} - "C:\Program Files\Internet Explorer\PLUGINS\nppdf.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

#5
MFDnSC

Posted 04 December 2006 - 05:24 PM

Banned

Banned
1,137 posts

I must have pasted the compressed version

http://download.blee...aB/combofix.exe

#6
dawni

Posted 05 December 2006 - 01:18 AM

Member

Topic Starter
Member
10 posts

so i ran the program and here's the log.

Ivy - 06-12-05 15:07:55.53 Service Pack 1
ComboFix 06.12.01W - Running from: "C:\Documents and Settings\Ivy\桌面"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\regedit.com
d:\pagefile.pif
d:\autorun.inf
C:\Program Files\INSTALL.LOG
C:\Program Files\Internet Explorer\PLUGINS\system.jmp
C:\Program Files\svhost32.exe
C:\nxldr.dat
C:\WINDOWS\1.com
C:\WINDOWS\exeroute.exe
C:\WINDOWS\explorer.com
C:\WINDOWS\finder.com
C:\WINDOWS\IO.SYS.BAK
C:\WINDOWS\mrgtask.ini
C:\WINDOWS\vbarun.dll
C:\WINDOWS\winlogon.exe
C:\WINDOWS\debug\debugprogram.exe
C:\WINDOWS\system32\command.pif
C:\WINDOWS\system32\dllwm.dll
C:\WINDOWS\system32\dxdiag.com
C:\WINDOWS\system32\finder.com
C:\WINDOWS\system32\msconfig.com
C:\WINDOWS\system32\myrx.dll
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\rundll32.com
C:\WINDOWS\system32\SVKP.sys
C:\WINDOWS\system32\GroupPolicy\Machine\Scripts\scripts.ini
C:\WINDOWS\system32\8.exe
C:\WINDOWS\system32\11637735692.exe
C:\_desktop.ini
C:\Program Files\internet explorer\iexplore.com
C:\Program Files\Common Files\iexplore.pif
C:\WINDOWS\system32\8.exe
C:\WINDOWS\system32\1.txt
C:\Program Files\wsearch
C:\WINDOWS\system32\Update
C:\Program Files\CNNIC

((((((((((((((((((((((((((((((( Files Created from 2006-11-05 to 2006-12-05 ))))))))))))))))))))))))))))))))))

2006-12-05 15:14 <DIR> d-------- C:\WINDOWS\erdnt
2006-12-05 06:52 <DIR> d-------- C:\Documents and Settings\Ivy\Application Data\Uniblue
2006-12-05 02:48 24,322 --a------ C:\WINDOWS\L_xy30.exe
2006-12-01 19:55 25,472 --a------ C:\WINDOWS\system32\drivers\AGP440.SYS
2006-11-29 22:51 <DIR> d-------- C:\Program Files\Mozilla Firefox
2006-11-29 16:53 <DIR> dr-h----- C:\$VAULT$.AVG
2006-11-29 16:51 816,672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-11-29 16:51 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-11-29 16:51 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2006-11-29 16:51 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-11-29 16:51 <DIR> d-------- C:\Program Files\Grisoft
2006-11-29 16:51 <DIR> d-------- C:\Documents and Settings\Ivy\Application Data\AVG7
2006-11-29 15:59 <DIR> d-------- C:\Documents and Settings\Ivy\Application Data\PC Suite
2006-11-29 15:03 <DIR> d-------- C:\WINDOWS\uninstall
2006-11-29 15:03 <DIR> d-------- C:\WINDOWS\Download
2006-11-29 15:03 <DIR> d-------- C:\WINDOWS\down
2006-11-29 15:03 <DIR> d-------- C:\Program Files\Microsoft
2006-11-26 01:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2006-11-25 10:56 <DIR> d--hs---- C:\WINDOWS\ftpcache
2006-11-25 10:40 <DIR> d-------- C:\Program Files\DIFX
2006-11-25 10:40 <DIR> d-------- C:\Program Files\Common Files\Nokia
2006-11-25 10:39 8,704 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2006-11-25 10:39 50,688 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2006-11-25 10:39 4,608 --a------ C:\WINDOWS\system32\nmwcdlog.dll
2006-11-25 10:39 30,720 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2006-11-25 10:39 13,312 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2006-11-25 10:39 13,312 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2006-11-25 10:39 127,488 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2006-11-25 10:39 <DIR> d-------- C:\Program Files\Nokia
2006-11-25 10:39 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2006-11-25 10:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2006-11-25 10:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2006-11-20 23:51 <DIR> d-------- C:\Intel
2006-11-20 03:06 <DIR> d--hs---- C:\FOUND.001
2006-11-18 00:59 9,181 --a------ C:\WINDOWS\system32\E13D94A0.DLL
2006-11-18 00:59 30,814 --a------ C:\WINDOWS\system32\60A72DC0T.EXE
2006-11-18 00:59 26,607 --a------ C:\WINDOWS\system32\60A72DC0.DLL
2006-11-18 00:59 16,523 --a------ C:\WINDOWS\system32\AdsWin.dll
2006-11-18 00:59 <DIR> d--hs---- C:\FOUND.000
2006-11-17 22:26 <DIR> dr------- C:\WINDOWS\Favorites
2006-11-17 13:30 30,814 --a------ C:\WINDOWS\system32\60A72DC0.EXE
2006-11-15 01:13 <DIR> d-------- C:\Program Files\MSN Messenger
2006-11-13 01:58 <DIR> d-------- C:\Program Files\MSN Apps

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-11-29 23:43 29999 --a------ C:\WINDOWS\system32\PluginENLOG.DLL
2006-11-29 23:43 27790 --a------ C:\WINDOWS\system32\PluginCNLOG.DLL
2006-11-06 23:09 494672 --a------ C:\WINDOWS\system32\alexa.exe
2006-10-19 01:33 -------- d-------- C:\Program Files\eRightSoft
2006-10-19 01:33 -------- d-------- C:\Program Files\AviSynth 2.5
2006-10-13 18:01 -------- d-------- C:\Program Files\WinAVI MP4 Converter
2006-09-28 01:40 908288 -r-hs---- C:\WINDOWS\Hacker.com.cn.exe

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\System32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"PHIME2002ASync"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"ItMonitor"="C:\\WINDOWS\\WASAY\\MONITOR.EXE"
"IMEKRMIG6.1"="C:\\WINDOWS\\ime\\imkr6_1\\IMEKRMIG.EXE"
"MSPY2002"="C:\\WINDOWS\\System32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb09.exe"
"SoundMan"="SOUNDMAN.EXE"
"ExFilter"="Rundll32.exe \"C:\\PROGRA~1\\CNNIC\\Cdn\\cdnspie.dll\",ExecFilter solo"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Easy-PrintToolBox"="C:\\Program Files\\Canon\\Easy-PrintToolBox\\BJPSMAIN.EXE /logon"
"PCSuiteTrayApplication"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE -startup"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="目前的首頁"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,12,03,00,00,23,00,00,00,dc,00,00,00,d2,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\System32\\ctfmon.exe"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\System32\\ctfmon.exe"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{F7A67C5F-7C5F-7A60-5F7A-C5FA6C5F7A60}"=""
"{AF7AA607-607C-7C60-5F7A-C5C5FA607C7A}"=""
"{1A404685-7563-4d02-B0F6-58B308A406A9}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"AdobePDF"="{D92D666A-0F7B-5892-A7E8-29340333F07E}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

Completion time: 06-12-05 15:16:33.04
C:\ComboFix2.txt ... 06-12-05 14:59
C:\ComboFix.txt ... 06-12-05 15:16

#7
MFDnSC

Posted 05 December 2006 - 09:16 AM

Banned

Banned
1,137 posts

Please run combo again and then post a new log from hijack

#8
dawni

Posted 05 December 2006 - 10:59 AM

Member

Topic Starter
Member
10 posts

Hi MFDnSC,
sorry I forgot to post the hijack this log...

I just ran combofix again and here's the log:

Ivy - 06-12-06 0:08:03.04 Service Pack 1
ComboFix 06.12.01W - Running from: "C:\Documents and Settings\Ivy\桌面"

((((((((((((((((((((((((((((((( Files Created from 2006-11-06 to 2006-12-06 ))))))))))))))))))))))))))))))))))

2006-12-05 15:38 <DIR> d-------- C:\Documents and Settings\Ivy\Application Data\SUPERAntiSpyware.com
2006-12-05 15:35 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-12-05 15:16 <DIR> d-------- C:\WINDOWS\temp
2006-12-05 15:14 <DIR> d-------- C:\WINDOWS\erdnt
2006-12-05 06:52 <DIR> d-------- C:\Documents and Settings\Ivy\Application Data\Uniblue
2006-12-05 02:48 24,322 --a------ C:\WINDOWS\L_xy30.exe
2006-12-01 19:55 25,472 --a------ C:\WINDOWS\system32\drivers\AGP440.SYS
2006-11-29 22:51 <DIR> d-------- C:\Program Files\Mozilla Firefox
2006-11-29 16:53 <DIR> dr-h----- C:\$VAULT$.AVG
2006-11-29 16:51 816,672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-11-29 16:51 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-11-29 16:51 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2006-11-29 16:51 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-11-29 16:51 <DIR> d-------- C:\Program Files\Grisoft
2006-11-29 16:51 <DIR> d-------- C:\Documents and Settings\Ivy\Application Data\AVG7
2006-11-29 15:59 <DIR> d-------- C:\Documents and Settings\Ivy\Application Data\PC Suite
2006-11-29 15:03 <DIR> d-------- C:\WINDOWS\uninstall
2006-11-29 15:03 <DIR> d-------- C:\WINDOWS\Download
2006-11-29 15:03 <DIR> d-------- C:\WINDOWS\down
2006-11-29 15:03 <DIR> d-------- C:\Program Files\Microsoft
2006-11-26 01:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2006-11-25 10:56 <DIR> d--hs---- C:\WINDOWS\ftpcache
2006-11-25 10:40 <DIR> d-------- C:\Program Files\DIFX
2006-11-25 10:40 <DIR> d-------- C:\Program Files\Common Files\Nokia
2006-11-25 10:39 8,704 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2006-11-25 10:39 50,688 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2006-11-25 10:39 4,608 --a------ C:\WINDOWS\system32\nmwcdlog.dll
2006-11-25 10:39 30,720 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2006-11-25 10:39 13,312 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2006-11-25 10:39 13,312 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2006-11-25 10:39 127,488 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2006-11-25 10:39 <DIR> d-------- C:\Program Files\Nokia
2006-11-25 10:39 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2006-11-25 10:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2006-11-25 10:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2006-11-20 23:51 <DIR> d-------- C:\Intel
2006-11-20 03:06 <DIR> d--hs---- C:\FOUND.001
2006-11-18 00:59 9,181 --a------ C:\WINDOWS\system32\E13D94A0.DLL
2006-11-18 00:59 30,814 --a------ C:\WINDOWS\system32\60A72DC0T.EXE
2006-11-18 00:59 26,607 --a------ C:\WINDOWS\system32\60A72DC0.DLL
2006-11-18 00:59 16,523 --a------ C:\WINDOWS\system32\AdsWin.dll
2006-11-18 00:59 <DIR> d--hs---- C:\FOUND.000
2006-11-17 22:26 <DIR> dr------- C:\WINDOWS\Favorites
2006-11-17 13:30 30,814 --a------ C:\WINDOWS\system32\60A72DC0.EXE
2006-11-15 01:13 <DIR> d-------- C:\Program Files\MSN Messenger
2006-11-13 01:58 <DIR> d-------- C:\Program Files\MSN Apps

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-11-29 23:43 29999 --a------ C:\WINDOWS\system32\PluginENLOG.DLL
2006-11-29 23:43 27790 --a------ C:\WINDOWS\system32\PluginCNLOG.DLL
2006-11-06 23:09 494672 --a------ C:\WINDOWS\system32\alexa.exe
2006-10-19 01:33 -------- d-------- C:\Program Files\eRightSoft
2006-10-19 01:33 -------- d-------- C:\Program Files\AviSynth 2.5
2006-10-13 18:01 -------- d-------- C:\Program Files\WinAVI MP4 Converter
2006-09-28 01:40 908288 -r-hs---- C:\WINDOWS\Hacker.com.cn.exe

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\System32\\ctfmon.exe"
"SUPERAntiSpyware"="D:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"PHIME2002ASync"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"ItMonitor"="C:\\WINDOWS\\WASAY\\MONITOR.EXE"
"IMEKRMIG6.1"="C:\\WINDOWS\\ime\\imkr6_1\\IMEKRMIG.EXE"
"MSPY2002"="C:\\WINDOWS\\System32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb09.exe"
"SoundMan"="SOUNDMAN.EXE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Easy-PrintToolBox"="C:\\Program Files\\Canon\\Easy-PrintToolBox\\BJPSMAIN.EXE /logon"
"PCSuiteTrayApplication"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE -startup"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="目前的首頁"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,12,03,00,00,23,00,00,00,dc,00,00,00,d2,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\System32\\ctfmon.exe"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\System32\\ctfmon.exe"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{F7A67C5F-7C5F-7A60-5F7A-C5FA6C5F7A60}"=""
"{AF7AA607-607C-7C60-5F7A-C5C5FA607C7A}"=""
"{1A404685-7563-4d02-B0F6-58B308A406A9}"=""
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"AdobePDF"="{D92D666A-0F7B-5892-A7E8-29340333F07E}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

Completion time: 06-12-06 0:14:12.95
C:\ComboFix3.txt ... 06-12-05 14:59
C:\ComboFix2.txt ... 06-12-05 15:23
C:\ComboFix.txt ... 06-12-06 00:14

and then I ran hijack this and got this log:

Logfile of HijackThis v1.99.1
Scan saved at 12:56:01 AM, on 12/6/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Com\LSASS.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\System32\conime.exe
D:\Program Files\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\zh-tw\msntb.dll
O3 - Toolbar: |?-μ?÷(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\zh-tw\msntb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ItMonitor] C:\WINDOWS\WASAY\MONITOR.EXE
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O16 - DPF: i.Game MJImpressYHK - http://202.43.223.14...JImpressYHK.cab
O16 - DPF: {3AC7F64E-6154-47B0-82B5-764ED4077F77} (DataStorage Class) - http://txn.hkjc.com/.../HKJCSecKey.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1160929999484
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1160929935031
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.c...ropper1_7us.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://itv.5qzone.ne...82_20060329.cab
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: AdobePDF - {D92D666A-0F7B-5892-A7E8-29340333F07E} - "C:\Program Files\Internet Explorer\PLUGINS\nppdf.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

so what should I do next?

#9
MFDnSC

Posted 05 December 2006 - 11:46 AM

Banned

Banned
1,137 posts

Clean

Turn off restore points, boot, turn them back on – here’s how

http://service1.syma...src=sec_doc_nam

#10
dawni

Posted 06 December 2006 - 01:56 AM

Member

Topic Starter
Member
10 posts

is it? how come after turning off the restore points and reboot. AVG still pops up and alerts me I got two trojan files on my computer as before. It's Trojan horse PSW. Generic 2.OQV. they are exe file. it didn't show the exact location. One is located in some /all users folder and the other is located in some folder on my account.

Edited by dawni, 06 December 2006 - 02:04 AM.

#11
MFDnSC

Posted 06 December 2006 - 09:14 AM

Banned

Banned
1,137 posts

You have to be more specific than "some folder" and what is the file name

Run ActiveScan online virus scan

http://www.pandasoft.../activescan.htm

When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Post a new HiJackThis log along with the results from ActiveScan

#12
dawni

Posted 07 December 2006 - 03:40 AM

Member

Topic Starter
Member
10 posts

I can paste the whole scan report here when I'm editing the post. but when I post it, it just doesn't show the entire report... I checked post length and knew that I didn't exceed the character limits.

here are the scan report and the hijack this log.
I hope you don't mind if I send them as attachments.

Incident Status Location

Virus:Trj/Downloader.KSR Disinfected C:\WINDOWS\SYSTEM32\Com\SERVICES.EXE
Adware:Adware/Alexa Not disinfected C:\WINDOWS\SYSTEM32\Com\LSASS.EXE
Adware:Adware/Alexa Not disinfected C:\WINDOWS\SYSTEM32\60A72DC0.DLL
Virus:Bck/PopWin.L Disinfected C:\WINDOWS\SYSTEM32\E13D94A0.DLL
Adware:Adware/Alexa Not disinfected C:\WINDOWS\SYSTEM32\60A72DC0T.EXE
Adware:Adware/Alexa-Toolbar Not disinfected C:\WINDOWS\SYSTEM32\ALEXA.EXE
Adware:Adware/Alexa Not disinfected C:\WINDOWS\SYSTEM32\60A72DC0.EXE
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Ivy\Cookies\ivy@com[1].txt
Spyware:Cookie/seeqA Not disinfected C:\Documents and Settings\Ivy\Cookies\[email protected][1].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Ivy\Cookies\[email protected][1].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Ivy\Cookies\ivy@rn11[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Ivy\Cookies\[email protected][1].txt
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Ivy\Application Data\Mozilla\Firefox\Profiles\cc1vyof3.default\COOKIES.TXT[stat.onestat.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Ivy\Application Data\Mozilla\Firefox\Profiles\cc1vyof3.default\COOKIES.TXT[.doubleclick.net/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Ivy\Application Data\Mozilla\Firefox\Profiles\cc1vyof3.default\COOKIES.TXT[.com.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Ivy\Application Data\Mozilla\Firefox\Profiles\cc1vyof3.default\COOKIES.TXT[.atdmt.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Ivy\Application Data\Mozilla\Firefox\Profiles\cc1vyof3.default\COOKIES.TXT[.statcounter.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Ivy\Application Data\Mozilla\Firefox\Profiles\cc1vyof3.default\COOKIES.TXT[.revenue.net/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Ivy\Application Data\Mozilla\Firefox\Profiles\cc1vyof3.default\COOKIES.TXT[.searchportal.information.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Ivy\Application Data\Mozilla\Firefox\Profiles\cc1vyof3.default\COOKIES.TXT[.revenue.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Ivy\Application Data\Mozilla\Firefox\Profiles\cc1vyof3.default\COOKIES.TXT[.atwola.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Ivy\Application Data\Mozilla\Firefox\Profiles\cc1vyof3.default\COOKIES.TXT[.yadro.ru/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Ivy\Application Data\Mozilla\Firefox\Profiles\cc1vyof3.default\COOKIES.TXT[.casalemedia.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Ivy\Application Data\Mozilla\Firefox\Profiles\cc1vyof3.default\COOKIES.TXT[.ad.yieldmanager.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Ivy\Application Data\Mozilla\Firefox\Profiles\cc1vyof3.default\COOKIES.TXT[.burstnet.com/]
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Ivy\Application Data\Mozilla\Firefox\Profiles\cc1vyof3.default\COOKIES.TXT[.www48.seeq.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Ivy\Application Data\Mozilla\Firefox\Profiles\cc1vyof3.default\COOKIES.TXT[.server.iad.liveperson.net/hc/24631554]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Ivy\Application Data\Mozilla\Firefox\Profiles\cc1vyof3.default\COOKIES.TXT[.adopt.hbmediapro.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Ivy\Application Data\Mozilla\Firefox\Profiles\cc1vyof3.default\COOKIES.TXT[.dist.belnk.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Ivy\Application Data\Mozilla\Firefox\Profiles\cc1vyof3.default\COOKIES.TXT[.belnk.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Ivy\Application Data\Mozilla\Firefox\Profiles\cc1vyof3.default\COOKIES.TXT[.dist.belnk.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Ivy\Application Data\Mozilla\Firefox\Profiles\rmyjcp2k.default\COOKIES.TXT[.atdmt.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Ivy\Application Data\Mozilla\Firefox\Profiles\rmyjcp2k.default\COOKIES.TXT[.com.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Ivy\Application Data\Mozilla\Firefox\Profiles\rmyjcp2k.default\COOKIES.TXT[.zedo.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Ivy\Application Data\Mozilla\Firefox\Profiles\rmyjcp2k.default\COOKIES.TXT[.doubleclick.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Ivy\Application Data\Mozilla\Firefox\Profiles\rmyjcp2k.default\COOKIES.TXT[.advertising.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Ivy\Application Data\Mozilla\Firefox\Profiles\rmyjcp2k.default\COOKIES.TXT[.tribalfusion.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Ivy\Application Data\Mozilla\Firefox\Profiles\rmyjcp2k.default\COOKIES.TXT[.overture.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Ivy\Application Data\Mozilla\Firefox\Profiles\rmyjcp2k.default\COOKIES.TXT[.ads.pointroll.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Ivy\Application Data\Mozilla\Firefox\Profiles\rmyjcp2k.default\COOKIES.TXT[.questionmarket.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Ivy\Application Data\Mozilla\Firefox\Profiles\rmyjcp2k.default\COOKIES.TXT[.atwola.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Ivy\Application Data\Mozilla\Firefox\Profiles\rmyjcp2k.default\COOKIES.TXT[.belnk.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Ivy\Application Data\Mozilla\Firefox\Profiles\rmyjcp2k.default\COOKIES.TXT[.burstnet.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Ivy\Application Data\Mozilla\Firefox\Profiles\rmyjcp2k.default\COOKIES.TXT[.go.com/]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Ivy\Application Data\Mozilla\Firefox\Profiles\rmyjcp2k.default\COOKIES.TXT[.hotlog.ru/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Ivy\Application Data\Mozilla\Firefox\Profiles\rmyjcp2k.default\COOKIES.TXT[.realmedia.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Ivy\Application Data\Mozilla\Firefox\Profiles\rmyjcp2k.default\COOKIES.TXT[.revenue.net/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Ivy\Application Data\Mozilla\Firefox\Profiles\rmyjcp2k.default\COOKIES.TXT[.searchportal.information.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Ivy\Application Data\Mozilla\Firefox\Profiles\rmyjcp2k.default\COOKIES.TXT[.server.iad.liveperson.net/hc/24631554]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Ivy\Application Data\Mozilla\Firefox\Profiles\rmyjcp2k.default\COOKIES.TXT[.toplist.cz/]
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Ivy\Application Data\Mozilla\Firefox\Profiles\rmyjcp2k.default\COOKIES.TXT[.www48.seeq.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Ivy\Application Data\Mozilla\Firefox\Profiles\rmyjcp2k.default\COOKIES.TXT[.yadro.ru/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Ivy\Application Data\Mozilla\Firefox\Profiles\rmyjcp2k.default\COOKIES.TXT[stat.onestat.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Gary\Local Settings\Temp\Cookies\gary@doubleclick[1].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Gary\Local Settings\Temp\Cookies\gary@revenue[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Gary\Local Settings\Temp\Cookies\[email protected][1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Gary\Cookies\gary@cgi-bin[1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Gary\Cookies\gary@maxserving[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Gary\Cookies\[email protected][2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Gary\Cookies\gary@belnk[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Gary\Cookies\gary@atdmt[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Gary\Cookies\gary@realmedia[1].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Gary\Cookies\gary@yadro[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Gary\Cookies\gary@doubleclick[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Gary\Cookies\[email protected][2].txt
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Gary\Cookies\gary@tucows[2].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Gary\Cookies\[email protected][1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Gary\Cookies\gary@zedo[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Gary\Cookies\gary@com[2].txt
Spyware:Cookie/SpywareStormer Not disinfected C:\Documents and Settings\Gary\Cookies\gary@spywarestormer[2].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Gary\Cookies\[email protected][1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Gary\Cookies\[email protected][1].txt
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Gary\Cookies\[email protected][2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Gary\Cookies\gary@mediaplex[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Gary\Cookies\gary@casalemedia[2].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Gary\Cookies\[email protected][1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Gary\Cookies\[email protected][2].txt
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Gary\Cookies\gary@kinghost[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Gary\Cookies\[email protected][2].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Gary\Cookies\gary@bravenet[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Gary\Cookies\gary@cgi-bin[6].txt
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Gary\Cookies\gary@targetnet[2].txt
Spyware:Cookie/Netster Not disinfected C:\Documents and Settings\Gary\Cookies\[email protected][1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Gary\Cookies\gary@bluestreak[1].txt
Spyware:Cookie/XXXCounter Not disinfected C:\Documents and Settings\Gary\Cookies\gary@xxxcounter[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Gary\Cookies\[email protected][2].txt
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Gary\Cookies\[email protected][1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Gary\Cookies\gary@hitbox[2].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Gary\Cookies\gary@888[1].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Gary\Cookies\gary@cassava[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Gary\Cookies\gary@atwola[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Gary\Cookies\[email protected][2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Gary\Cookies\[email protected][2].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Gary\Cookies\gary@revenue[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Gary\Cookies\gary@questionmarket[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Gary\Cookies\[email protected][2].txt
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Gary\Cookies\[email protected][1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Gary\Cookies\gary@fastclick[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Gary\Cookies\gary@adrevolver[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Gary\Cookies\gary@adrevolver[1].txt
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Gary\Cookies\gary@fortunecity[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Gary\Cookies\gary@advertising[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Gary\Cookies\[email protected][1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Gary\Cookies\gary@tribalfusion[2].txt
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Gary\Cookies\gary@linksynergy[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Gary\Cookies\gary@2o7[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Gary\Cookies\gary@burstnet[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Gary\Cookies\gary@serving-sys[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Gary\Cookies\gary@statcounter[1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Gary\Cookies\[email protected][1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Gary\Cookies\gary@overture[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Gary\Cookies\[email protected][2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\wovz3i1q.default\COOKIES.TXT[ad.yieldmanager.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\wovz3i1q.default\COOKIES.TXT[.ad.yieldmanager.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\wovz3i1q.default\COOKIES.TXT[ad.yieldmanager.com/]
Spyware:Cookie/XXXCounter Not disinfected C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\wovz3i1q.default\COOKIES.TXT[.xxxcounter.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\wovz3i1q.default\COOKIES.TXT[.hitbox.com/]
Spyware:Cookie/XXXCounter Not disinfected C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\wovz3i1q.default\COOKIES.TXT[.xxxcounter.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\wovz3i1q.default\COOKIES.TXT[.statcounter.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\wovz3i1q.default\COOKIES.TXT[.overture.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\wovz3i1q.default\COOKIES.TXT[.citi.bridgetrack.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\wovz3i1q.default\COOKIES.TXT[.bluestreak.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\wovz3i1q.default\COOKIES.TXT[.statcounter.com/]
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\wovz3i1q.default\COOKIES.TXT[.targetnet.com/]
Spyware:Cookie/Netster Not disinfected C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\wovz3i1q.default\COOKIES.TXT[.lb1.netster.com/]
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\wovz3i1q.default\COOKIES.TXT[.targetnet.com/]
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\wovz3i1q.default\COOKIES.TXT[.kinghost.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\wovz3i1q.default\COOKIES.TXT[.fastclick.net/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\wovz3i1q.default\COOKIES.TXT[.bravenet.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\wovz3i1q.default\COOKIES.TXT[.ads.pointroll.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\wovz3i1q.default\COOKIES.TXT[.adultfriendfinder.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\wovz3i1q.default\COOKIES.TXT[.atwola.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\wovz3i1q.default\COOKIES.TXT[.revenue.net/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\wovz3i1q.default\COOKIES.TXT[.ehg-dig.hitbox.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\wovz3i1q.default\COOKIES.TXT[.zedo.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\wovz3i1q.default\COOKIES.TXT[.2o7.net/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\wovz3i1q.default\COOKIES.TXT[.casalemedia.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\wovz3i1q.default\COOKIES.TXT[.mediaplex.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\wovz3i1q.default\COOKIES.TXT[.z1.adserver.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\wovz3i1q.default\COOKIES.TXT[.cs.sexcounter.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\wovz3i1q.default\COOKIES.TXT[.advertising.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\wovz3i1q.default\COOKIES.TXT[.cs.sexcounter.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\wovz3i1q.default\COOKIES.TXT[.searchportal.information.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\wovz3i1q.default\COOKIES.TXT[.com.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\wovz3i1q.default\COOKIES.TXT[.landing.domainsponsor.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\wovz3i1q.default\COOKIES.TXT[.statse.webtrendslive.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\wovz3i1q.default\COOKIES.TXT[.statse.webtrendslive.com/dcs3c1crfqljwp9214t38aj3q_9q3q]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\wovz3i1q.default\COOKIES.TXT[.tribalfusion.com/]
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\wovz3i1q.default\COOKIES.TXT[.tucows.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\wovz3i1q.default\COOKIES.TXT[.doubleclick.net/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\wovz3i1q.default\COOKIES.TXT[.yadro.ru/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\wovz3i1q.default\COOKIES.TXT[.maxserving.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\wovz3i1q.default\COOKIES.TXT[.atdmt.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\wovz3i1q.default\COOKIES.TXT[.statse.webtrendslive.com/dcsqp2wy611e5hibqykurvsnu_2p1b]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\wovz3i1q.default\COOKIES.TXT[.realmedia.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\wovz3i1q.default\COOKIES.TXT[.belnk.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\joiybm5d.default\COOKIES.TXT[.zedo.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\joiybm5d.default\COOKIES.TXT[.2o7.net/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\joiybm5d.default\COOKIES.TXT[.doubleclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\joiybm5d.default\COOKIES.TXT[.atdmt.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Gary\Application Data&

Attached Files

Activescan.txt 80.14KB 306 downloads

Edited by dawni, 07 December 2006 - 03:59 AM.

#13
dawni

Posted 07 December 2006 - 03:42 AM

Member

Topic Starter
Member
10 posts

and the hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 5:40:06 PM, on 12/7/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\Com\LSASS.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\zh-tw\msntb.dll
O3 - Toolbar: |?-μ?÷(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\zh-tw\msntb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ItMonitor] C:\WINDOWS\WASAY\MONITOR.EXE
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O16 - DPF: i.Game MJImpressYHK - http://202.43.223.14...JImpressYHK.cab
O16 - DPF: {3AC7F64E-6154-47B0-82B5-764ED4077F77} (DataStorage Class) - http://txn.hkjc.com/.../HKJCSecKey.cab
O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://www.ppstream....powerplayer.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1160929999484
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1160929935031
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.c...ropper1_7us.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://itv.5qzone.ne...82_20060329.cab
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: AdobePDF - {D92D666A-0F7B-5892-A7E8-29340333F07E} - "C:\Program Files\Internet Explorer\PLUGINS\nppdf.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

Edited by dawni, 07 December 2006 - 03:58 AM.

#14
MFDnSC

Posted 07 December 2006 - 03:17 PM

Banned

Banned
1,137 posts

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\WINDOWS\SYSTEM32\Com\SERVICES.EXE
C:\WINDOWS\SYSTEM32\Com\LSASS.EXE
C:\WINDOWS\SYSTEM32\60A72DC0.DLL
C:\WINDOWS\SYSTEM32\E13D94A0.DLL
C:\WINDOWS\SYSTEM32\60A72DC0T.EXE
C:\WINDOWS\SYSTEM32\ALEXA.EXE
C:\WINDOWS\SYSTEM32\60A72DC0.EXE

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Not all temp files will delete and that is normal
Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system

#15
dawni

Posted 08 December 2006 - 02:09 PM

Member

Topic Starter
Member
10 posts

C:\WINDOWS\SYSTEM32\Com\SERVICES.EXE --> this file does not seem to exist.
C:\WINDOWS\SYSTEM32\Com\LSASS.EXE --> when I tried to delete it, the systems was forced to reboot. but then during the system reboot count down, it said file was deleted.
C:\WINDOWS\SYSTEM32\60A72DC0.DLL --> file was deleted.
C:\WINDOWS\SYSTEM32\E13D94A0.DLL --> this file does not seem to exist.
C:\WINDOWS\SYSTEM32\60A72DC0T.EXE --> this file does not seem to exist.
C:\WINDOWS\SYSTEM32\ALEXA.EXE --> file was deleted.
C:\WINDOWS\SYSTEM32\60A72DC0.EXE --> file was deleted.

this is what I get when I scanned my computer with active scan again

Incident Status Location

Spyware:Cookie/seeqA Not disinfected C:\Documents and Settings\Ivy\Cookies\[email protected][1].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Ivy\Cookies\[email protected][1].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Ivy\Cookies\ivy@rn11[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Ivy\Cookies\[email protected][1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Ivy\Application Data\Mozilla\Firefox\Profiles\cc1vyof3.default\COOKIES.TXT[.adopt.hbmediapro.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Ivy\Application Data\Mozilla\Firefox\Profiles\rmyjcp2k.default\COOKIES.TXT[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Ivy\Application Data\Mozilla\Firefox\Profiles\rmyjcp2k.default\COOKIES.TXT[.doubleclick.net/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Ivy\Application Data\Mozilla\Firefox\Profiles\rmyjcp2k.default\COOKIES.TXT[.com.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Ivy\Application Data\Mozilla\Firefox\Profiles\rmyjcp2k.default\COOKIES.TXT[.zedo.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Ivy\Application Data\Mozilla\Firefox\Profiles\rmyjcp2k.default\COOKIES.TXT[.advertising.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Ivy\Application Data\Mozilla\Firefox\Profiles\rmyjcp2k.default\COOKIES.TXT[.tribalfusion.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Ivy\Application Data\Mozilla\Firefox\Profiles\rmyjcp2k.default\COOKIES.TXT[.overture.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Ivy\Application Data\Mozilla\Firefox\Profiles\rmyjcp2k.default\COOKIES.TXT[.ads.pointroll.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Ivy\Application Data\Mozilla\Firefox\Profiles\rmyjcp2k.default\COOKIES.TXT[.questionmarket.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Ivy\Application Data\Mozilla\Firefox\Profiles\rmyjcp2k.default\COOKIES.TXT[.atwola.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Ivy\Application Data\Mozilla\Firefox\Profiles\rmyjcp2k.default\COOKIES.TXT[.belnk.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Ivy\Application Data\Mozilla\Firefox\Profiles\rmyjcp2k.default\COOKIES.TXT[.burstnet.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Ivy\Application Data\Mozilla\Firefox\Profiles\rmyjcp2k.default\COOKIES.TXT[.go.com/]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Ivy\Application Data\Mozilla\Firefox\Profiles\rmyjcp2k.default\COOKIES.TXT[.hotlog.ru/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Ivy\Application Data\Mozilla\Firefox\Profiles\rmyjcp2k.default\COOKIES.TXT[.realmedia.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Ivy\Application Data\Mozilla\Firefox\Profiles\rmyjcp2k.default\COOKIES.TXT[.revenue.net/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Ivy\Application Data\Mozilla\Firefox\Profiles\rmyjcp2k.default\COOKIES.TXT[.searchportal.information.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Ivy\Application Data\Mozilla\Firefox\Profiles\rmyjcp2k.default\COOKIES.TXT[.server.iad.liveperson.net/hc/24631554]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Ivy\Application Data\Mozilla\Firefox\Profiles\rmyjcp2k.default\COOKIES.TXT[.toplist.cz/]
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Ivy\Application Data\Mozilla\Firefox\Profiles\rmyjcp2k.default\COOKIES.TXT[.www48.seeq.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Ivy\Application Data\Mozilla\Firefox\Profiles\rmyjcp2k.default\COOKIES.TXT[.yadro.ru/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Ivy\Application Data\Mozilla\Firefox\Profiles\rmyjcp2k.default\COOKIES.TXT[stat.onestat.com/]
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Gary\Cookies\gary@cgi-bin[1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Gary\Cookies\gary@maxserving[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Gary\Cookies\[email protected][2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Gary\Cookies\gary@belnk[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Gary\Cookies\gary@realmedia[1].txt
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Gary\Cookies\gary@tucows[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Gary\Cookies\gary@atdmt[2].txt
Spyware:Cookie/SpywareStormer Not disinfected C:\Documents and Settings\Gary\Cookies\gary@spywarestormer[2].txt
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Gary\Cookies\gary@kinghost[1].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Gary\Cookies\gary@bravenet[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Gary\Cookies\gary@cgi-bin[6].txt
Spyware:Cookie/Netster Not disinfected C:\Documents and Settings\Gary\Cookies\[email protected][1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Gary\Cookies\gary@888[1].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Gary\Cookies\gary@cassava[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Gary\Cookies\gary@atwola[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Gary\Cookies\[email protected][2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Gary\Cookies\[email protected][2].txt
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Gary\Cookies\[email protected][1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Gary\Cookies\gary@adrevolver[1].txt
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Gary\Cookies\gary@fortunecity[2].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\wovz3i1q.default\COOKIES.TXT[.bravenet.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\wovz3i1q.default\COOKIES.TXT[.searchportal.information.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Coty\Cookies\coty@realmedia[1].txt
Spyware:Cookie/SpywareStormer Not disinfected C:\Documents and Settings\Coty\Cookies\coty@spywarestormer[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Coty\Cookies\[email protected][1].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Michael\Cookies\michael@webpower[2].txt
Spyware:Cookie/Barelylegal Not disinfected C:\Documents and Settings\Michael\Cookies\[email protected][1].txt
Spyware:Cookie/Qsrch Not disinfected C:\Documents and Settings\Michael\Cookies\michael@qsrch[1].txt
Spyware:Cookie/TeensForCash Not disinfected C:\Documents and Settings\Michael\Cookies\michael@teensforcash[2].txt
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Michael\Cookies\michael@kinghost[1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Michael\Cookies\michael@ccbill[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Michael\Cookies\michael@atwola[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Lan\Cookies\lan@atwola[1].txt
Hacktool:HackTool/EvID Not disinfected C:\Program Files\PPLive TV\SynaLiveSetup.exe[EvID4226Patch.exe]
Possible Virus. Not disinfected C:\Program Files\eRightSoft\SUPER\FFMPEG.EXE
Adware:Adware/Alexa Not disinfected C:\!KillBox\LSASS.EXE
Adware:Adware/Alexa Not disinfected C:\!KillBox\LSASS.EXE ( 1)
Adware:Adware/Alexa Not disinfected C:\!KillBox\60A72DC0.DLL
Adware:Adware/Alexa Not disinfected C:\!KillBox\60A72DC0T.EXE
Adware:Adware/Alexa-Toolbar Not disinfected C:\!KillBox\ALEXA.EXE
Adware:Adware/Alexa Not disinfected C:\!KillBox\60A72DC0.EXE
Adware:Adware/Alexa Not disinfected C:\!KillBox\LSASS.EXE( 2)
Adware:Adware/Alexa Not disinfected C:\!KillBox\60A72DC0.DLL( 3)
Adware:Adware/Alexa Not disinfected C:\!KillBox\LSASS.EXE( 1)
Adware:Adware/Alexa Not disinfected C:\!KillBox\60A72DC0.DLL( 1)

this is my new hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 4:12:32 AM, on 12/9/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\wuauclt.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
D:\Program Files\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\zh-tw\msntb.dll
O3 - Toolbar: |?-μ?÷(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\zh-tw\msntb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ItMonitor] C:\WINDOWS\WASAY\MONITOR.EXE
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O16 - DPF: i.Game MJImpressYHK - http://202.43.223.14...JImpressYHK.cab
O16 - DPF: {3AC7F64E-6154-47B0-82B5-764ED4077F77} (DataStorage Class) - http://txn.hkjc.com/.../HKJCSecKey.cab
O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://www.ppstream....powerplayer.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1160929999484
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1160929935031
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.c...ropper1_7us.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://itv.5qzone.ne...82_20060329.cab
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: AdobePDF - {D92D666A-0F7B-5892-A7E8-29340333F07E} - "C:\Program Files\Internet Explorer\PLUGINS\nppdf.dll (file missing)
O23 - Service: 60A72DC0 - Unknown owner - C:\WINDOWS\System32\60A72DC0.EXE (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

and now, my avg anti-virus pop up to alert me of any trojan horse files anymore

Edited by dawni, 08 December 2006 - 03:11 PM.