Today my IE could not display sites (eg. if I went to msn.com it would just be blank). I scanned using Ad-aware and then AntiVir, and AntiVir quarantined 4 trojans in the end.
Next, I came to Geeks, and I followed the instructions in the "You Must Read this Before Posting a Hijackthis log":
I ran the ATF cleaner, then did Systems Restore. When I tried to scan using Malwarebytes' Anti-Malware, a window popped up saying "overflow" and Malwarebytes automatically closed.
I tried the Panda Activescan, but when I was downloading the file to install, AntiVir popped up saying there was something bad, and so I clicked "Access Deny"
I rebooted the computer, then ran Hijackthis. Here it is:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 下午 08:33:15, on 2008/5/29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\Jennifer\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0
\Apps\apdproxy.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iPod\iTunesHelper.exe
C:\WINNT\Samsung\ComSMMgr\ssmmgr.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Nikon\NkView5\NkvMon.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
D:\Jennifer\AntiVir PersonalEdition Classic\sched.exe
D:\Jennifer\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
C:\WINNT\system32\ntvdm.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Jennifer\Applications\Hijackthis\HijackThis.exe
O2 - BHO: WebThunder Browser Helper - {00000AAA-A363-466E-BEF5-
9BB68697AA7F} - C:\Program Files\Thunder
Network\WebThunder\WebThunderBHO_Now.dll
O2 - BHO: MySearch Search Assistant BHO - {04079851-5845-4dea-848C-
3ECD647AA554} - C:\Program Files\MySearch\SrchAstt\1.bin\MYSRCHAS.DLL
(file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0
\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} -
C:\Program Files\FlashGet Network\Flashget\ComDlls\bhoCATCH.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-
A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet
Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer -
{3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program
Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {3AFEFFEE-3709-5184-2D72-4DB60F3FF1C8} -
C:\WINNT\system32\xakrzil.dll (file missing)
O2 - BHO: MKGHelper Class - {3DEEC4E2-4125-498E-9263-50A221EF1AAB} -
C:\Program Files\MyKazaaGold\MusicBar.dll (file missing)
O2 - BHO: KGSearchAssistant Class - {4538BEFE-5297-4AAE-B466-
C2463D5B927D} - C:\Program Files\MyKazaaGold\MKGSearchAssistant.dll
(file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no
file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-
CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-
CE66B5AD205D} - C:\Program
Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no
file)
O3 - Toolbar: My Kazaa Gold - {2A9316B0-C5F0-4202-ACF7-458D5561AD71} -
C:\Program Files\MyKazaaGold\MusicBar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINNT\IME\imjp8_1\IMJPMIG.EXE"
/Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINNT\System32
\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINNT\System32
\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINNT\System32
\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P23 "EPSON Stylus C84 Series" /O5
"LPT1:" /M "Stylus C84"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Omnipage] C:\Program
Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [avgnt] "D:\Jennifer\AntiVir PersonalEdition
Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program
Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program
Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program
Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [WebThunder] C:\Program Files\Thunder
Network\WebThunder\WebThunder.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program
Files\iPod\iTunesHelper.exe"
O4 - HKLM\..\Run: [Samsung Common SM]
"C:\WINNT\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common
Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD
Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [FlashGet] "C:\Program Files\FlashGet
Network\Flashget\FlashGet.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN
Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program
Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe"
/nosplash /minimized
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -
AutoStart
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0
\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program
Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINNT\System32\CTFMON.EXE
(User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINNT\System32\CTFMON.EXE
(User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINNT\System32\CTFMON.EXE
(User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [] C:\WINNT\system32\ECURIT~1\CRSS~1.EXE
(User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINNT\System32\CTFMON.EXE
(User 'Default user')
O8 - Extra context menu item: UseFlashGet - C:\Program Files\FlashGet
Network\Flashget\ComDlls\Bholink.htm
O8 - Extra context menu item: UseFlashGetDownloadAllLink - C:\Program
Files\FlashGet Network\Flashget\ComDlls\Bhoall.htm
O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: 妏蚚Web捃濘狟婥 - C:\Program
Files\Thunder Network\WebThunder\GetUrl.htm
O8 - Extra context menu item: 妏蚚Web捃濘狟婥窒蟈諉 - C:\Program
Files\Thunder Network\WebThunder\GetAllUrl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-
AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} -
C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: 雄Web捃濘 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6}
- http://my.xunlei.com (file missing)
O9 - Extra 'Tools' menuitem: 雄Web捃濘 - {962EFB8E-2683-42d4-AC74-
AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - Extra button: My Kazaa Gold - {A4A0A07D-3633-4de8-AFB4-
44B917596E12} - C:\Program Files\MyKazaaGold\MusicBar.dll (file
missing)
O9 - Extra 'Tools' menuitem: My Kazaa Gold1 - {A4A0A07D-3633-4de8-AFB4
-44B917596E12} - C:\Program Files\MyKazaaGold\MusicBar.dll (file
missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-
4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-
BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
Advantage Validation Tool) - http://go.microsoft.com/fwlink/?
linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F}
(InstallerBehaviorFactory Class) -
https://signup.msn.c...es/MsnInstC.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags
Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0
Installer Class) -
http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {2FDB8363-FB18-48EC-8E66-E143FAC80A2F} (Eyeball Video
Session Control) - http://www.mytutor.ca/EyeballSDK.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload
Tool) -
http://chippokechuur...ad/MsnPUpld.cab
O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} -
http://download.ppst...powerplayer.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo
Uploader Control) -
http://upload.facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
-
http://update.micros...en/x86/client/w
uweb_site.cab?1158200106640
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
-
http://update.micros...s/en/x86/client
/muweb_site.cab?1158203650218
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo
Upload Control) -
http://chippokechuur...ad/MsnPUpld.cab
O16 - DPF: {85AF9A98-3423-45E4-8BAD-85645F16AC31} (P3 Bugs VoD Loader
Class) - http://player.bugs.c.../mv/p3bvset.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
Class) -
http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) -
http://player.bugs.c..._2006_02_11.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - ms-
its:mhtml:file://c:\nesunew.mht!
http://adgate.info/z...FreeInstall.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: nopdb.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler
(AntiVirScheduler) - Avira GmbH - D:\Jennifer\AntiVir PersonalEdition
Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) -
Avira GmbH - D:\Jennifer\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program
Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
O23 - Service: Contrl Center of Storm Media (ccosm) - 北京暴?网?科技有
限公司 - C:\Program Files\StormII\stormliv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common Files\InstallShield\Driver\11
\Intel 32\IDriverT.exe
O23 - Service: iPod 服務 (iPod Service) - Apple Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner -
C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia
Licensing.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\Security
Center\SymWSC.exe
--
End of file - 12220 bytes
Another window popped up after the scan, with a list to select and fix, but I don't know which files to fix.
Thank you for your time.
Ms. Orange