1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

MSN Virus, Need help getting rid of it

Discussion in 'Virus & Other Malware Removal' started by BlitzKriez, Feb 14, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. BlitzKriez

    BlitzKriez Thread Starter

    Joined:
    Feb 14, 2007
    Messages:
    17
    Hi there, just wondering how to know wat virus infected my MSN? I use AVG and spyware sweeper but cant find the virus so i deleted them, any recommend?

    Some of the problem i face: can’t even open the Windows Live Messenger window for 2 secs before the email address log in drop down button goes crazy. The mouse cursor won’t move too. I tried pressing Ctrl+Alt+Delete, and it does show at the icons section of the tool bar, but the Task Manager won’t appear. and I’ve uninstalled Windows Live Messenger from my computer. Tried downloading and re-installing Windows Live Messenger but the problems are still there.The virus disguise as a sent message saying something like { i saw your retarded picture on this website www *****l.biz} once u click on the link, the file auto download and the windows messenger is infected. then it will spread the same link to the others messenger account which is available online. pleasehelp me to solve this problems. it’s slowing down computer speed ='( i have read some ofthe post regarding this but i cant solve it myself. Below is my Hijack log

    Logfile of HijackThis v1.99.1
    Scan saved at 11:04:05 PM, on 2/14/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    C:\Program Files\Lexmark 5200 series\lxbtbmon.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\tmnet streamyx\streamyx.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
    O2 - BHO: Thunder Browser Helper - {02478D37-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_006.dll (file missing)
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\2.bin\MORPHBAR.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\2.bin\MORPHBAR.DLL
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe"
    O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,[email protected]
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" -startup
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Audio Driver] C:\WINDOWS\system32\audise.exe
    O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Simple Star PhotoShow Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: &妏蚚捃濘狟婥 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
    O8 - Extra context menu item: &妏蚚捃濘狟婥窒蟈諉 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
    O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-my\msntabres.dll.mui/229?899f396e2aba49ff97a32b66f6cd88e1
    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-my\msntabres.dll.mui/230?899f396e2aba49ff97a32b66f6cd88e1
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - (no file)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} - http://zone.msn.com/bingame/pacz/default/pandaonline.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1148126996140
    O16 - DPF: {76CB493D-11F7-4236-BDE4-7A5851B03FA9} (Launcher Class) - http://www.cabalonline.net/Com/CabalWebLauncher.cab
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://188bet.microgaming.com/188bet/FlashAX.cab
    O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{18B0B781-014E-4481-9261-02AFCB9AA744}: NameServer = 202.188.1.5 202.188.0.133
    O17 - HKLM\System\CCS\Services\Tcpip\..\{95E6CA3A-9600-4BD5-B988-7B7029C3FC52}: NameServer = 202.188.0.132,202.188.1.5
    O17 - HKLM\System\CS1\Services\Tcpip\..\{18B0B781-014E-4481-9261-02AFCB9AA744}: NameServer = 202.188.1.5 202.188.0.133
    O17 - HKLM\System\CS2\Services\Tcpip\..\{18B0B781-014E-4481-9261-02AFCB9AA744}: NameServer = 202.188.1.5 202.188.0.133
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe- Nokia. - C:\ProgramFiles\PCConnectivitySolution\ServiceLayer.exe



    May i know wat is my next step i should do? please help asap
     
  2. BlitzKriez

    BlitzKriez Thread Starter

    Joined:
    Feb 14, 2007
    Messages:
    17
    Anyone able to lend a helping hand? cause MSN is my only Leisure =X i cant do anything now beside waiting for it=(
     
  3. BlitzKriez

    BlitzKriez Thread Starter

    Joined:
    Feb 14, 2007
    Messages:
    17
    bumpz =S
     
  4. golferbob

    golferbob

    Joined:
    May 18, 2004
    Messages:
    3,895
  5. BlitzKriez

    BlitzKriez Thread Starter

    Joined:
    Feb 14, 2007
    Messages:
    17
    ahh ok, but com is pretty slow ='( anyway thanks alot
     
  6. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,324
    Hi and welcome to TSG,


    I see you don't have any anti-virus program so first we need to get one on board immediately. Go to the following link and download AVG Free anti-virus and then come back here and post a new HijackThis log please.

    http://free.grisoft.com/freeweb.php/doc/2/
     
  7. BlitzKriez

    BlitzKriez Thread Starter

    Joined:
    Feb 14, 2007
    Messages:
    17
    Thanks^^ i go d/l it now, hopefully it will be done in no time.
     
  8. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,324
  9. BlitzKriez

    BlitzKriez Thread Starter

    Joined:
    Feb 14, 2007
    Messages:
    17
    ahh damm it=( i fall asleep while waiting my d/l to finish.. hopefully ya still here.
    Anyway i just finish my AVG download and run a full scan. and below is the new hijack log

    Logfile of HijackThis v1.99.1
    Scan saved at 8:44:01 AM, on 2/15/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
    C:\Program Files\Lexmark 5200 series\lxbtbmon.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\tmnet streamyx\streamyx.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\lxbtcoms.exe
    C:\Program Files\Azureus\Azureus.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
    O2 - BHO: Thunder Browser Helper - {02478D37-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_006.dll (file missing)
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\2.bin\MORPHBAR.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\2.bin\MORPHBAR.DLL
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe"
    O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,[email protected]
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" -startup
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Audio Driver] C:\WINDOWS\system32\audise.exe
    O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Simple Star PhotoShow Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: &妏蚚捃濘狟婥 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
    O8 - Extra context menu item: &妏蚚捃濘狟婥窒蟈諉 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
    O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-my\msntabres.dll.mui/229?899f396e2aba49ff97a32b66f6cd88e1
    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-my\msntabres.dll.mui/230?899f396e2aba49ff97a32b66f6cd88e1
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - (no file)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} - http://zone.msn.com/bingame/pacz/default/pandaonline.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1148126996140
    O16 - DPF: {76CB493D-11F7-4236-BDE4-7A5851B03FA9} (Launcher Class) - http://www.cabalonline.net/Com/CabalWebLauncher.cab
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://188bet.microgaming.com/188bet/FlashAX.cab
    O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{18B0B781-014E-4481-9261-02AFCB9AA744}: NameServer = 202.188.1.5 202.188.0.133
    O17 - HKLM\System\CCS\Services\Tcpip\..\{95E6CA3A-9600-4BD5-B988-7B7029C3FC52}: NameServer = 202.188.0.132,202.188.1.5
    O17 - HKLM\System\CS1\Services\Tcpip\..\{18B0B781-014E-4481-9261-02AFCB9AA744}: NameServer = 202.188.1.5 202.188.0.133
    O17 - HKLM\System\CS2\Services\Tcpip\..\{18B0B781-014E-4481-9261-02AFCB9AA744}: NameServer = 202.188.1.5 202.188.0.133
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
     
  10. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,324
    Download SDFix and save it to your Desktop.

    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    Please then reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually
    • Instead of Windows loading as normal, the Advanced Options Menu should appear
    • Select the first option, to run Windows in Safe Mode, then press Enter
    • Choose your usual account.
    • Open the extracted SDFix folder and double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
      (Report.txt will also be copied to the clipboard ready for posting back on the forum).
    • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
     
  11. BlitzKriez

    BlitzKriez Thread Starter

    Joined:
    Feb 14, 2007
    Messages:
    17
    tysm of ya time^^ here the hijack log and report:

    Logfile of HijackThis v1.99.1
    Scan saved at 9:41:00 AM, on 2/15/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\conime.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\Lexmark 5200 series\lxbtbmon.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\tmnet streamyx\streamyx.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
    O2 - BHO: Thunder Browser Helper - {02478D37-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_006.dll (file missing)
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\2.bin\MORPHBAR.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\2.bin\MORPHBAR.DLL
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe"
    O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,[email protected]
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" -startup
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Audio Driver] C:\WINDOWS\system32\audise.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Simple Star PhotoShow Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: &妏蚚捃濘狟婥 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
    O8 - Extra context menu item: &妏蚚捃濘狟婥窒蟈諉 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
    O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-my\msntabres.dll.mui/229?899f396e2aba49ff97a32b66f6cd88e1
    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-my\msntabres.dll.mui/230?899f396e2aba49ff97a32b66f6cd88e1
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - (no file)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} - http://zone.msn.com/bingame/pacz/default/pandaonline.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1148126996140
    O16 - DPF: {76CB493D-11F7-4236-BDE4-7A5851B03FA9} (Launcher Class) - http://www.cabalonline.net/Com/CabalWebLauncher.cab
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://188bet.microgaming.com/188bet/FlashAX.cab
    O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{18B0B781-014E-4481-9261-02AFCB9AA744}: NameServer = 202.188.1.5 202.188.0.133
    O17 - HKLM\System\CCS\Services\Tcpip\..\{95E6CA3A-9600-4BD5-B988-7B7029C3FC52}: NameServer = 202.188.0.132,202.188.1.5
    O17 - HKLM\System\CS1\Services\Tcpip\..\{18B0B781-014E-4481-9261-02AFCB9AA744}: NameServer = 202.188.1.5 202.188.0.133
    O17 - HKLM\System\CS2\Services\Tcpip\..\{18B0B781-014E-4481-9261-02AFCB9AA744}: NameServer = 202.188.1.5 202.188.0.133
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe




    SDFix: Version 1.65

    Run by: Yuan - 02/15/2007 Thu @ 9:32:30.00

    Microsoft Windows XP [Version 5.1.2600]

    Running From: C:\Documents and Settings\Yuan\Desktop\SDFix

    Safe Mode:
    Checking Services:

    Name:

    Path:


    Restoring Windows Registry Entries
    Restoring Default Hosts File


    Rebooting...

    Normal Mode:
    Checking Files:

    No Trojan Files Found..




    ADS Check:

    C:\WINDOWS\system32
    No streams found.

    Final Check:


    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
    "C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:猥orrent"
    "C:\\Program Files\\Morpheus\\Morpheus.exe"="C:\\Program Files\\Morpheus\\Morpheus.exe:*:Enabled:M5Shell"
    "C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"="C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
    "C:\\Program Files\\Atari\\Scrabble Online\\scrabbleo.exe"="C:\\Program Files\\Atari\\Scrabble Online\\scrabbleo.exe:*:Disabled:scrabbleo"
    "C:\\Program Files\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
    "C:\\Program Files\\World of Warcraft\\Repair.exe"="C:\\Program Files\\World of Warcraft\\Repair.exe:*:Enabled:Blizzard Repair Utility"
    "C:\\Program Files\\World of Warcraft\\Launcher.exe"="C:\\Program Files\\World of Warcraft\\Launcher.exe:*:Enabled:World of Warcraft"
    "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
    "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
    "C:\\Program Files\\World of Warcraft\\WoW-1.11.2.5464-to-1.12.0.5595-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.11.2.5464-to-1.12.0.5595-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
    "C:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
    "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "C:\\Program Files\\Baidu\\BaiduX\\BaiduX.exe"="C:\\Program Files\\Baidu\\BaiduX\\BaiduX.exe:*:Disabled:BaiduX"
    "C:\\Program Files\\CO Casino\\Start.exe"="C:\\Program Files\\CO Casino\\Start.exe:*:Enabled:MainApp Microsoft ???????"
    "C:\\Documents and Settings\\Yuan\\Desktop\\CabalTemp\\ESTdnheadless.exe"="C:\\Documents and Settings\\Yuan\\Desktop\\CabalTemp\\ESTdnheadless.exe:*:Enabled:EST! download engine"
    "C:\\Documents and Settings\\Yuan\\Local Settings\\Temporary Internet Files\\Content.IE5\\UFPDIDPK\\CabalTemp\\ESTdnheadless.exe"="C:\\Documents and Settings\\Yuan\\Local Settings\\Temporary Internet Files\\Content.IE5\\UFPDIDPK\\CabalTemp\\ESTdnheadless.exe:*:Enabled:EST! download engine"
    "C:\\Program Files\\CabalTemp\\CabalTemp\\ESTdnheadless.exe"="C:\\Program Files\\CabalTemp\\CabalTemp\\ESTdnheadless.exe:*:Enabled:EST! download engine"
    "C:\\Program Files\\GameFlier\\GhostOnline\\Game.exe"="C:\\Program Files\\GameFlier\\GhostOnline\\Game.exe:*:Enabled:Game"
    "C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
    "C:\\Documents and Settings\\Yuan\\Desktop\\utorrent.exe"="C:\\Documents and Settings\\Yuan\\Desktop\\utorrent.exe:*:Enabled:猥orrent"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
    "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
    "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"


    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"


    Remaining Files:
    ---------------

    Backups Folder: - C:\DOCUME~1\Yuan\Desktop\SDFix\backups\backups.zip


    Checking For Files with Hidden Attributes :

    C:\Documents and Settings\Yuan\Local Settings\Application Data\Microsoft\Messenger\[email protected]\Sharing Folders\[email protected]\Thumbs.db
    C:\Documents and Settings\Yuan\Local Settings\Application Data\Microsoft\Messenger\[email protected]\Sharing Folders\[email protected]\Thumbs.db
    C:\Documents and Settings\Yuan\Local Settings\Application Data\Microsoft\Messenger\[email protected]\Sharing Folders\[email protected]\Persis Photos\Thumbs.db
    C:\Documents and Settings\Yuan\Local Settings\Application Data\Microsoft\Messenger\[email protected]\Sharing Folders\[email protected]\Persis Photos\new\Thumbs.db
    C:\Documents and Settings\Yuan\Desktop\bjkiaigciaibh.exe
    C:\Documents and Settings\Yuan\Desktop\dfdcabkbfehiikejg.exe
    C:\Documents and Settings\Yuan\Desktop\fdedjageegachahhd.exe
    C:\Documents and Settings\Yuan\Desktop\gibllikh.exe
    C:\Documents and Settings\Yuan\Desktop\jecidlddagcfibllg.exe
    C:\Documents and Settings\Yuan\Desktop\kbcjidljfbicb.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Simple Star\PhotoShow 4\data\PhotoShow Express.exe
    C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
    C:\Documents and Settings\Yuan\Local Settings\Temp\WAS8D1A.tmp\player\Thumbs.db
    C:\Documents and Settings\Yuan\Local Settings\Temp\WAS8D1A.tmp\player\buttons\Thumbs.db
    C:\Documents and Settings\Yuan\Local Settings\Temp\WAS8D1A.tmp\player\eq\Thumbs.db
    C:\Documents and Settings\Yuan\Local Settings\Temp\WAS8D1A.tmp\player\lcd\Thumbs.db
    C:\Documents and Settings\Yuan\Local Settings\Temp\WAS8D1A.tmp\player\shade\Thumbs.db
    C:\Documents and Settings\Yuan\Local Settings\Temp\WAS8D1A.tmp\player\speakers\Thumbs.db
    C:\Documents and Settings\Yuan\Local Settings\Temp\WAS8D1A.tmp\player\stick\Thumbs.db
    C:\Documents and Settings\Yuan\Local Settings\Temp\WAS8D1A.tmp\player\thinger\Thumbs.db

    Finished
     
  12. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,324
    Download AVG Anti-Spyware from HERE and save that file to your desktop.

    When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner.


    1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double click it to launch the set up program.
    2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
    3. On the main screen select the icon "Update" then select the "Update now" link.
      • Next select the "Start Update" button. The update will start and a progress bar will show the updates being installed.
    4. Once the update has completed, select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
    6. Under "Reports"
      • Select "Automatically generate report after every scan"
      • Un-Select "Only if threats were found"
    Close AVG Anti-Spyware. Do Not run a scan just yet, we will run it in safe mode.
    1. Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

      IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may interfere with the scanning process:
    2. Launch AVG Anti-Spyware by double clicking the icon on your desktop.
    3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    4. AVG will now begin the scanning process. Please be patient as this may take a little time.
      Once the scan is complete, do the following:
    5. If you have any infections you will be prompted. Then select "Apply all actions."
    6. Next select the "Reports" icon at the top.
    7. Select the "Save report as" button in the lower lef- hand of the screen and save it to a text file on your system (make sure to remember where you saved that file. This is important).
    8. Close AVG Anti-Spyware and reboot your system back into Normal Mode.


    Please go HERE to run Panda's ActiveScan
    • You need to use IE to run this scan
    • Once you are on the Panda site click the Scan your PC button
    • A new window will open...click the Check Now button
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • When download is complete, click on My Computer to start the scan
    • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report


    Come back here and post a new HijackThis log along with the logs from the AVG and Panda scans.
     
  13. BlitzKriez

    BlitzKriez Thread Starter

    Joined:
    Feb 14, 2007
    Messages:
    17
    Is this AVG same as
    http://free.grisoft.com/freeweb.php/doc/2/ the one u send me earlier
     
  14. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,324
    No, it's an anti-spyware scanner and the other is an anti-virus program.
     
  15. BlitzKriez

    BlitzKriez Thread Starter

    Joined:
    Feb 14, 2007
    Messages:
    17
    This is the following scan u ask me to do^^ sorry to took so long:

    HijackLog
    Logfile of HijackThis v1.99.1
    Scan saved at 8:13:51 PM, on 2/15/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
    C:\Program Files\Lexmark 5200 series\lxbtbmon.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\tmnet streamyx\streamyx.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
    O2 - BHO: Thunder Browser Helper - {02478D37-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_006.dll (file missing)
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\2.bin\MORPHBAR.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\2.bin\MORPHBAR.DLL
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe"
    O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,[email protected]
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" -startup
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Audio Driver] C:\WINDOWS\system32\audise.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Simple Star PhotoShow Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: &妏蚚捃濘狟婥 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
    O8 - Extra context menu item: &妏蚚捃濘狟婥窒蟈諉 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
    O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-my\msntabres.dll.mui/229?899f396e2aba49ff97a32b66f6cd88e1
    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-my\msntabres.dll.mui/230?899f396e2aba49ff97a32b66f6cd88e1
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - (no file)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} - http://zone.msn.com/bingame/pacz/default/pandaonline.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1148126996140
    O16 - DPF: {76CB493D-11F7-4236-BDE4-7A5851B03FA9} (Launcher Class) - http://www.cabalonline.net/Com/CabalWebLauncher.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://188bet.microgaming.com/188bet/FlashAX.cab
    O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{18B0B781-014E-4481-9261-02AFCB9AA744}: NameServer = 202.188.1.5 202.188.0.133
    O17 - HKLM\System\CCS\Services\Tcpip\..\{95E6CA3A-9600-4BD5-B988-7B7029C3FC52}: NameServer = 202.188.0.132,202.188.1.5
    O17 - HKLM\System\CS1\Services\Tcpip\..\{18B0B781-014E-4481-9261-02AFCB9AA744}: NameServer = 202.188.1.5 202.188.0.133
    O17 - HKLM\System\CS2\Services\Tcpip\..\{18B0B781-014E-4481-9261-02AFCB9AA744}: NameServer = 202.188.1.5 202.188.0.133
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    AVG Scan:
    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 2:28:31 PM 2/15/2007

    + Scan result:



    C:\System Volume Information\_restore{241186D4-6EA3-4466-9FEC-920C2D6BB247}\RP360\A0400564.pif -> Backdoor.Pakes : Cleaned.
    C:\System Volume Information\_restore{241186D4-6EA3-4466-9FEC-920C2D6BB247}\RP362\A0409618.exe -> Backdoor.Pakes : Cleaned.
    C:\Program Files\mIRC\zion\plugins\zion_updater.mrc -> Backdoor.Small.o : Cleaned.
    C:\Program Files\Common Files\Synacast\SynaLive\EvID4226Patch.exe -> Backdoor.Virkel.A : Cleaned.
    C:\WINDOWS\AdultAccess.exe -> Dialer.Small : Cleaned.
    :mozilla.163:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\a0zdf0y1.Jim\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.246:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\jzt1yfy0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.64:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\jzt1yfy0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.65:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\jzt1yfy0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.66:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\jzt1yfy0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.67:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\jzt1yfy0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.159:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\a0zdf0y1.Jim\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.160:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\a0zdf0y1.Jim\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.289:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\jzt1yfy0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.84:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\jzt1yfy0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.85:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\jzt1yfy0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.86:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\jzt1yfy0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.87:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\jzt1yfy0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.88:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\jzt1yfy0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.165:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\a0zdf0y1.Jim\cookies.txt -> TrackingCookie.Adition : Cleaned.
    :mozilla.166:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\a0zdf0y1.Jim\cookies.txt -> TrackingCookie.Adition : Cleaned.
    :mozilla.184:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\jzt1yfy0.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.185:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\jzt1yfy0.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.162:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\jzt1yfy0.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
    :mozilla.87:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\a0zdf0y1.Jim\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
    :mozilla.147:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\a0zdf0y1.Jim\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
    :mozilla.137:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\jzt1yfy0.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
    :mozilla.138:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\jzt1yfy0.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
    :mozilla.139:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\jzt1yfy0.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
    :mozilla.45:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\a0zdf0y1.Jim\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
    :mozilla.46:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\a0zdf0y1.Jim\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
    :mozilla.47:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\a0zdf0y1.Jim\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
    :mozilla.175:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\jzt1yfy0.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.176:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\jzt1yfy0.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.177:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\jzt1yfy0.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.178:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\jzt1yfy0.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.95:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\a0zdf0y1.Jim\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.146:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\jzt1yfy0.default\cookies.txt -> TrackingCookie.Com : Cleaned.
    :mozilla.372:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\jzt1yfy0.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned.
    :mozilla.121:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\jzt1yfy0.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
    :mozilla.26:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\a0zdf0y1.Jim\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
    :mozilla.51:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\a0zdf0y1.Jim\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
    :mozilla.52:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\a0zdf0y1.Jim\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
    :mozilla.53:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\a0zdf0y1.Jim\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
    :mozilla.54:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\a0zdf0y1.Jim\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
    :mozilla.203:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\jzt1yfy0.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.204:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\jzt1yfy0.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.205:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\jzt1yfy0.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.163:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\jzt1yfy0.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.164:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\jzt1yfy0.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.165:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\jzt1yfy0.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.166:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\jzt1yfy0.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.167:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\jzt1yfy0.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.89:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\a0zdf0y1.Jim\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.93:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\a0zdf0y1.Jim\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.94:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\a0zdf0y1.Jim\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.145:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\jzt1yfy0.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.124:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\a0zdf0y1.Jim\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.127:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\a0zdf0y1.Jim\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.128:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\a0zdf0y1.Jim\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.129:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\a0zdf0y1.Jim\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.130:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\a0zdf0y1.Jim\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.206:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\jzt1yfy0.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
    :mozilla.88:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\a0zdf0y1.Jim\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
    :mozilla.36:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\jzt1yfy0.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
    :mozilla.168:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\a0zdf0y1.Jim\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.169:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\a0zdf0y1.Jim\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.89:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\jzt1yfy0.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.90:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\jzt1yfy0.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.91:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\jzt1yfy0.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.92:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\jzt1yfy0.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.93:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\jzt1yfy0.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.94:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\jzt1yfy0.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.132:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\a0zdf0y1.Jim\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.133:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\a0zdf0y1.Jim\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.363:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\jzt1yfy0.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.364:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\jzt1yfy0.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.365:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\jzt1yfy0.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.366:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\jzt1yfy0.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.367:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\jzt1yfy0.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.368:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\jzt1yfy0.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.48:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\a0zdf0y1.Jim\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
    :mozilla.49:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\a0zdf0y1.Jim\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
    :mozilla.50:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\a0zdf0y1.Jim\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
    :mozilla.194:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\a0zdf0y1.Jim\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.195:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\a0zdf0y1.Jim\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.196:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\a0zdf0y1.Jim\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.249:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\jzt1yfy0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.250:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\jzt1yfy0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.251:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\jzt1yfy0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.252:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\jzt1yfy0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.253:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\jzt1yfy0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.254:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\jzt1yfy0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.134:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\jzt1yfy0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.135:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\jzt1yfy0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.136:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\jzt1yfy0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.140:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\jzt1yfy0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.270:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\jzt1yfy0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.376:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\jzt1yfy0.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
    :mozilla.182:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\jzt1yfy0.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.55:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\a0zdf0y1.Jim\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.79:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\a0zdf0y1.Jim\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
    :mozilla.70:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\a0zdf0y1.Jim\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.81:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\jzt1yfy0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.82:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\jzt1yfy0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.83:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\jzt1yfy0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.157:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\jzt1yfy0.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
    :mozilla.158:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\jzt1yfy0.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
    :mozilla.159:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\jzt1yfy0.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
    :mozilla.160:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\jzt1yfy0.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
    :mozilla.161:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\jzt1yfy0.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
    :mozilla.184:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\a0zdf0y1.Jim\cookies.txt -> TrackingCookie.Zedo : Cleaned.
    :mozilla.185:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\a0zdf0y1.Jim\cookies.txt -> TrackingCookie.Zedo : Cleaned.
    :mozilla.186:C:\Documents and Settings\Yuan\Application Data\Mozilla\Firefox\Profiles\a0zdf0y1.Jim\cookies.txt -> TrackingCookie.Zedo : Cleaned.
    C:\Documents and Settings\Yuan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-137366af-67d1f401.class -> Trojan.ClassLoader.Dummy.d : Cleaned.


    ::Report end
     

    Attached Files:

  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/544009

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice