View Full Version : W32.MYZOR.FK@YF[SmitFraud]- My logs
speedst3r
2006-07-17, 09:10
hi,
my internet explorer homepage has changed and when i close the window it says i have w32.myzor.fk@yf virus or something. here are my logs for the web scan and hijackthis: (sorry i could only get a chinese scan for the etrust online scan. but it says i have no viruses)
etrust online virus scan:
扫描结果 扫描已完成。 55093 扫描的文件 未发现病毒
文件 感染 状态 路径
- 未感染
hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 19:12:41, on 2006-7-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\Explorer.EXE
G:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
G:\WINDOWS\system32\svchost.exe
G:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
G:\Program Files\HP\hpcoretech\hpcmpmgr.exe
G:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
G:\Program Files\HP\HP Software Update\HPWuSchd2.exe
G:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
G:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe
G:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe
G:\WINDOWS\system32\Rundll32.exe
G:\WINDOWS\system32\ctfmon.exe
G:\program files\steam\steam.exe
G:\Program Files\MSN Messenger\MsnMsgr.Exe
G:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
G:\Program Files\BitTorrent\bittorrent.exe
G:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
G:\WINDOWS\system32\HPZipm12.exe
G:\WINDOWS\system32\svchost.exe
G:\Program Files\LimeWire\LimeWire.exe
G:\WINDOWS\system32\conime.exe
G:\WINDOWS\system32\atmclk.exe
G:\WINDOWS\system32\dcomcfg.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Program Files\Tencent\TT\TTraveler.exe
G:\Program Files\Hijackthis\HijackThis.exe
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - G:\Program Files\ICQToolbar\toolbaru.dll
R3 - URLSearchHook: Tencent SearchHook - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - G:\Program Files\TENCENT\Adplus\SSAddr1.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - G:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: 搜搜地址栏搜索 - {0C7C23EF-A848-485B-873C-0ED954731014} - G:\Program Files\TENCENT\Adplus\SSAddr1.dll
O2 - BHO: QQBrowserHelperObject Class - {54EBD53A-9BC1-480B-966A-843A333CA162} - G:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - G:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {f7d40011-29bb-43eb-9c97-875ce89e9e36} - G:\WINDOWS\system32\hp100.tmp
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program files\google\googletoolbar2.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - G:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - G:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - G:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "G:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] G:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] G:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HP Component Manager] "G:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] G:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] G:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CaISSDT] "G:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [CaAvTray] "G:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "G:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [ExFilter] Rundll32.exe G:\WINDOWS\system32\hookdll.dll,ExecFilter solo
O4 - HKLM\..\Run: [IMSCMig] G:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [stup.exe] G:\PROGRA~1\TENCENT\Adplus\stup.exe
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "g:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "G:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DrvMon.exe] G:\WINDOWS\system32\DrvMon.exe
O4 - HKCU\..\Run: [LimeWire Acceleration Patch] G:\Documents and Settings\All Users\「开始」菜单\程序\LimeWire Acceleration Patch\LimeWire Acceleration Patch.lnk
O4 - Startup: BitTorrent.lnk = G:\Program Files\BitTorrent\bittorrent.exe
O4 - Startup: 腾讯QQ.lnk = G:\Program Files\Tencent\QQ\QQ.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = G:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = G:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone 快速启动 .lnk = G:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://G:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Google 搜索(&G) - res://G:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: 上传到QQ网络硬盘 - G:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用网际快车下载 - G:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - G:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 反向链接 - res://G:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://G:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - G:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - G:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - G:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: 类似网页 - res://G:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: 缓存的网页快照 - res://G:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: 翻译英文字词(&T) - res://G:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - G:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - G:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - G:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - G:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [TBH] 搜搜地址栏搜索
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.1.87.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140216243015
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A91DEB0D-AD0D-453E-9AC8-60178EC24212} (VPlayer Control) - http://www.bigad.com.au/player/vivid_ocx.jpeg
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - G:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - G:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: pushow12.dll
O21 - SSODL: cholecyst - {ee2975b6-e8d5-405e-8448-8fe9590f6cfb} - G:\WINDOWS\system32\mzoeut.dll (file missing)
O23 - Service: CAISafe - Computer Associates International, Inc. - G:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Pml Driver HPZ12 - HP - G:\WINDOWS\system32\HPZipm12.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - G:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
cheers,
Leo
LonnyRJones
2006-07-21, 07:18
Hi Leo
Fallow the instructions here and do post back with the logs mentioned
http://forums.spybot.info/showthread.php?t=4015
Let me know if you have any questions before starting.
speedst3r
2006-07-22, 08:41
hi,
i followed the instructions in the link and here are my logs below:
1. rapport.txt:
SmitFraudFix v2.74
Scan done at 16:52:56.39, 2006-07-22 星期六
Run from G:\Documents and Settings\Leo\桌面\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [版本 5.1.2600] - Windows_NT
Fix ran in safe mode
换换换换换换换换换换换换 Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"cholecyst"="{ee2975b6-e8d5-405e-8448-8fe9590f6cfb}"
换换换换换换换换换换换换 Killing process
换换换换换换换换换换换换 Generic Renos Fix
GenericRenosFix by S!Ri
G:\WINDOWS\system32\mzoeut.dll -> Missing File
换换换换换换换换换换换换 Deleting infected files
G:\WINDOWS\system32\atmclk.exe Deleted
G:\WINDOWS\system32\dcomcfg.exe Deleted
G:\WINDOWS\system32\hp???.tmp Deleted
G:\WINDOWS\system32\ld???.tmp Deleted
G:\WINDOWS\system32\ot.ico Deleted
G:\WINDOWS\system32\regperf.exe Deleted
G:\WINDOWS\system32\simpole.tlb Deleted
G:\WINDOWS\system32\stdole3.tlb Deleted
G:\WINDOWS\system32\ts.ico Deleted
G:\WINDOWS\system32\1024\ Deleted
G:\Documents and Settings\Leo\Application Data\Install.dat Deleted
换换换换换换换换换换换换 Deleting Temp Files
换换换换换换换换换换换换 Registry Cleaning
Registry Cleaning done.
换换换换换换换换换换换换 After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
换换换换换换换换换换换换 End
2. Ewido log:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
e w i d o a n t i - s p y w a r e - S c a n R e p o r t
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+ C r e a t e d a t : 1 8 : 1 3 : 2 2 2 0 0 6 - 7 - 2 2
+ S c a n r e s u l t :
F : \ s h e r r y \ 錧wQ\ b i n d _ 8 3 0 0 . e x e - > A d w a r e . A d H e l p e r : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .
G : \ W I N D O W S \ s y s t e m 3 2 \ p u s h o w 1 2 . d l l - > A d w a r e . A d v e r t M e n : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .
[ 7 6 0 ] G : \ W I N D O W S \ s y s t e m 3 2 \ p u s h o w 1 2 . d l l - > A d w a r e . A d v e r t M e n : E r r o r d u r i n g c l e a n i n g .
G : \ W I N D O W S \ D o w n l o a d e d P r o g r a m F i l e s \ Q h c i i . d l l - > A d w a r e . A g e n t : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .
G : \ W I N D O W S \ s y s t e m 3 2 \ h o o k d l l . d l l - > A d w a r e . C d n : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .
G : \ W I N D O W S \ s y s t e m 3 2 \ n s p . d l l - > A d w a r e . C d n : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .
G : \ W I N D O W S \ s y s t e m 3 2 \ z u n i n s . e x e - > A d w a r e . C d n : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .
H K L M \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ E x p l o r e r \ B r o w s e r H e l p e r O b j e c t a \ { f 7 d 4 0 0 1 1 - 2 9 b b - 4 3 e b - 9 c 9 7 - 8 7 5 c e 8 9 e 9 e 3 6 } - > A d w a r e . G e n e r i c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .
H K U \ S - 1 - 5 - 2 1 - 1 9 9 3 9 6 2 7 6 3 - 3 2 9 0 6 8 1 5 2 - 1 8 0 1 6 7 4 5 3 1 - 1 0 0 4 \ S o f t w a r e \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ E x t \ S t a t s \ { F 7 D 4 0 0 1 1 - 2 9 B B - 4 3 E B - 9 C 9 7 - 8 7 5 C E 8 9 E 9 E 3 6 } - > A d w a r e . G e n e r i c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .
H K U \ S - 1 - 5 - 2 1 - 1 9 9 3 9 6 2 7 6 3 - 3 2 9 0 6 8 1 5 2 - 1 8 0 1 6 7 4 5 3 1 - 1 0 0 4 \ S o f t w a r e \ I S T - > A d w a r e . I S T B a r : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .
C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 8 A F 3 2 F 6 5 - 8 0 C E - 4 9 9 3 - 9 E 2 F - A D 2 8 7 2 B 8 8 6 7 4 } \ R P 1 4 1 \ A 0 0 2 8 1 1 6 . d l l - > A d w a r e . S e a r c h A s s i s t a n t : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .
C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 8 A F 3 2 F 6 5 - 8 0 C E - 4 9 9 3 - 9 E 2 F - A D 2 8 7 2 B 8 8 6 7 4 } \ R P 1 4 1 \ A 0 0 2 8 1 1 8 . d l l - > A d w a r e . S p y s h e r i f f : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .
G : \ D o c u m e n t s a n d S e t t i n g s \ L e o \ M y D o c u m e n t s \ D o w n l o a d s \ I n s t a l l . e x e - > A d w a r e . S p y s h e r i f f : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .
C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 8 A F 3 2 F 6 5 - 8 0 C E - 4 9 9 3 - 9 E 2 F - A D 2 8 7 2 B 8 8 6 7 4 } \ R P 1 0 7 \ A 0 0 1 4 0 8 1 . e x e - > D o w n l o a d e r . I N S e r v i c e . j a : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .
C : \ D o w n l o a d s \ a n g e l 1 7 7 a 2 . e x e - > D o w n l o a d e r . S m a l l . d e v : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .
G : \ D o c u m e n t s a n d S e t t i n g s \ L e o \ I n c o m p l e t e \ T - 7 8 6 4 8 3 - _ n a k e d _ g u n z t h e d u e l i n t e r n a t i o n a l 0 1 \ i n s t a l l . e x e - > H i j a c k e r . A g e n t . h i : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .
G : \ D o c u m e n t s a n d S e t t i n g s \ D u n c a n Z h o u \ C o o k i e s \ d u n c a n z h o u @ 1 1 2 . 2 o 7 [ 1 ] . t x t - > T r a c k i n g C o o k i e . 2 o 7 : C l e a n e d .
G : \ D o c u m e n t s a n d S e t t i n g s \ D u n c a n Z h o u \ C o o k i e s \ d u n c a n z h o u @ 2 o 7 [ 2 ] . t x t - > T r a c k i n g C o o k i e . 2 o 7 : C l e a n e d .
G : \ D o c u m e n t s a n d S e t t i n g s \ D u n c a n Z h o u \ C o o k i e s \ d u n c a n z h o u @ c h i c a g o s u n t i m e s . 1 2 2 . 2 o 7 [ 1 ] . t x t - > T r a c k i n g C o o k i e . 2 o 7 : C l e a n e d .
G : \ D o c u m e n t s a n d S e t t i n g s \ D u n c a n Z h o u \ C o o k i e s \ d u n c a n z h o u @ m s n p o r t a l . 1 1 2 . 2 o 7 [ 1 ] . t x t - > T r a c k i n g C o o k i e . 2 o 7 : C l e a n e d .
G : \ D o c u m e n t s a n d S e t t i n g s \ D u n c a n Z h o u \ C o o k i e s \ d u n c a n z h o u @ a d s . a d d y n a m i x [ 2 ] . t x t - > T r a c k i n g C o o k i e . A d d y n a m i x : C l e a n e d .
G : \ D o c u m e n t s a n d S e t t i n g s \ D u n c a n Z h o u \ C o o k i e s \ d u n c a n z h o u @ z 1 . a d s e r v e r [ 1 ] . t x t - > T r a c k i n g C o o k i e . A d s e r v e r : C l e a n e d .
G : \ D o c u m e n t s a n d S e t t i n g s \ D u n c a n Z h o u \ C o o k i e s \ d u n c a n z h o u @ a t d m t [ 1 ] . t x t - > T r a c k i n g C o o k i e . A t d m t : C l e a n e d .
G : \ D o c u m e n t s a n d S e t t i n g s \ D u n c a n Z h o u \ C o o k i e s \ d u n c a n z h o u @ c a s a l e m e d i a [ 1 ] . t x t - > T r a c k i n g C o o k i e . C a s a l e m e d i a : C l e a n e d .
G : \ D o c u m e n t s a n d S e t t i n g s \ D u n c a n Z h o u \ C o o k i e s \ d u n c a n z h o u @ c o m [ 2 ] . t x t - > T r a c k i n g C o o k i e . C o m : C l e a n e d .
G : \ D o c u m e n t s a n d S e t t i n g s \ D u n c a n Z h o u \ C o o k i e s \ d u n c a n z h o u @ d o u b l e c l i c k [ 2 ] . t x t - > T r a c k i n g C o o k i e . D o u b l e c l i c k : C l e a n e d .
G : \ D o c u m e n t s a n d S e t t i n g s \ D u n c a n Z h o u \ C o o k i e s \ d u n c a n z h o u @ m e d i a p l e x [ 1 ] . t x t - > T r a c k i n g C o o k i e . M e d i a p l e x : C l e a n e d .
G : \ D o c u m e n t s a n d S e t t i n g s \ D u n c a n Z h o u \ C o o k i e s \ d u n c a n z h o u @ a d s . p o i n t r o l l [ 1 ] . t x t - > T r a c k i n g C o o k i e . P o i n t r o l l : C l e a n e d .
G : \ D o c u m e n t s a n d S e t t i n g s \ D u n c a n Z h o u \ C o o k i e s \ d u n c a n z h o u @ q u e s t i o n m a r k e t [ 1 ] . t x t - > T r a c k i n g C o o k i e . Q u e s t i o n m a r k e t : C l e a n e d .
G : \ D o c u m e n t s a n d S e t t i n g s \ D u n c a n Z h o u \ C o o k i e s \ d u n c a n z h o u @ b s . s e r v i n g - s y s [ 2 ] . t x t - > T r a c k i n g C o o k i e . S e r v i n g - s y s : C l e a n e d .
G : \ D o c u m e n t s a n d S e t t i n g s \ D u n c a n Z h o u \ C o o k i e s \ d u n c a n z h o u @ s e r v i n g - s y s [ 1 ] . t x t - > T r a c k i n g C o o k i e . S e r v i n g - s y s : C l e a n e d .
G : \ D o c u m e n t s a n d S e t t i n g s \ D u n c a n Z h o u \ C o o k i e s \ d u n c a n z h o u @ t a c o d a [ 1 ] . t x t - > T r a c k i n g C o o k i e . T a c o d a : C l e a n e d .
G : \ D o c u m e n t s a n d S e t t i n g s \ D u n c a n Z h o u \ C o o k i e s \ d u n c a n z h o u @ t r i b a l f u s i o n [ 2 ] . t x t - > T r a c k i n g C o o k i e . T r i b a l f u s i o n : C l e a n e d .
G : \ D o c u m e n t s a n d S e t t i n g s \ D u n c a n Z h o u \ C o o k i e s \ d u n c a n z h o u @ a d . y i e l d m a n a g e r [ 1 ] . t x t - > T r a c k i n g C o o k i e . Y i e l d m a n a g e r : C l e a n e d .
G : \ W I N D O W S \ D o w n l o a d e d P r o g r a m F i l e s \ U W F X 6 _ 0 0 0 1 _ N 6 9 M 1 5 0 3 N e t I n s t a l l e r . e x e - > T r o j a n . F a k e a l e r t : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .
: : R e p o r t e n d
speedst3r
2006-07-22, 08:42
here is the 2nd part of my reply:
3. HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 18:33:27, on 2006-7-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
G:\Program Files\ewido anti-spyware 4.0\guard.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\system32\svchost.exe
G:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
G:\Program Files\HP\hpcoretech\hpcmpmgr.exe
G:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
G:\Program Files\HP\HP Software Update\HPWuSchd2.exe
G:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
G:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe
G:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe
G:\Program Files\ewido anti-spyware 4.0\ewido.exe
G:\WINDOWS\system32\ctfmon.exe
G:\program files\steam\steam.exe
G:\Program Files\MSN Messenger\MsnMsgr.Exe
G:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
G:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
G:\Program Files\BitTorrent\bittorrent.exe
G:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
G:\WINDOWS\system32\wuauclt.exe
G:\WINDOWS\system32\svchost.exe
G:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
G:\Program Files\Hijackthis\HijackThis.exe
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - G:\Program Files\ICQToolbar\toolbaru.dll
R3 - URLSearchHook: Tencent SearchHook - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - G:\Program Files\TENCENT\Adplus\SSAddr.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - G:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: 搜搜地址栏搜索 - {0C7C23EF-A848-485B-873C-0ED954731014} - G:\Program Files\TENCENT\Adplus\SSAddr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: QQBrowserHelperObject Class - {54EBD53A-9BC1-480B-966A-843A333CA162} - G:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - G:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program files\google\googletoolbar2.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - G:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - G:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - G:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "G:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] G:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] G:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HP Component Manager] "G:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] G:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] G:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CaISSDT] "G:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [CaAvTray] "G:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "G:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [ExFilter] Rundll32.exe G:\WINDOWS\system32\hookdll.dll,ExecFilter solo
O4 - HKLM\..\Run: [IMSCMig] G:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [stup.exe] G:\PROGRA~1\TENCENT\Adplus\stup.exe
O4 - HKLM\..\Run: [!ewido] "G:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "g:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "G:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DrvMon.exe] G:\WINDOWS\system32\DrvMon.exe
O4 - HKCU\..\Run: [LimeWire Acceleration Patch] G:\Documents and Settings\All Users\「开始」菜单\程序\LimeWire Acceleration Patch\LimeWire Acceleration Patch.lnk
O4 - Startup: BitTorrent.lnk = G:\Program Files\BitTorrent\bittorrent.exe
O4 - Startup: 腾讯QQ.lnk = G:\Program Files\Tencent\QQ\QQ.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = G:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = G:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone 快速启动 .lnk = G:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://G:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Google 搜索(&G) - res://G:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: 上传到QQ网络硬盘 - G:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用网际快车下载 - G:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - G:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 反向链接 - res://G:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://G:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - G:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - G:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - G:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: 类似网页 - res://G:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: 缓存的网页快照 - res://G:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: 翻译英文字词(&T) - res://G:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - G:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - G:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - G:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - G:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [TBH] 搜搜地址栏搜索
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.1.87.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140216243015
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A91DEB0D-AD0D-453E-9AC8-60178EC24212} (VPlayer Control) - http://www.bigad.com.au/player/vivid_ocx.jpeg
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - G:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - G:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: pushow12.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - G:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - G:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Pml Driver HPZ12 - HP - G:\WINDOWS\system32\HPZipm12.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - G:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
cheers,
Leo
LonnyRJones
2006-07-22, 14:31
scan with hijackthis and have it fix this item
O20 - AppInit_DLLs: pushow12.dll
===========================
dont worry about a error, restart your pc and delete the pushow12.dll file
In windows control panel addremove programs uninstall all tecent programs
then restart your pc again.
If it was my pc all filesharring programs would also get uninstalled
Post a new Hijackthis log please.
Post a report from this tool if any FILES show
F-Secure Blacklight: https://europe.f-secure.com/blacklight/try.shtml
Click the i accept button near the bottom of that page.
Download and run blacklite click > scan then > next, next again then exit
there will be a new txt near blacklite. post it please.
Important: If any files show Do not rename them YET.....legitimate files can be listed.
speedst3r
2006-07-23, 05:44
hi,
i didnt get what you meant by "Post a report from this tool if any FILES show"
anyways heres the new HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 15:42:32, on 2006-7-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
G:\Program Files\ewido anti-spyware 4.0\guard.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\Explorer.EXE
G:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
G:\Program Files\HP\hpcoretech\hpcmpmgr.exe
G:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
G:\Program Files\HP\HP Software Update\HPWuSchd2.exe
G:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
G:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe
G:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe
G:\Program Files\ewido anti-spyware 4.0\ewido.exe
G:\WINDOWS\system32\ctfmon.exe
G:\program files\steam\steam.exe
G:\Program Files\MSN Messenger\MsnMsgr.Exe
G:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
G:\Program Files\BitTorrent\bittorrent.exe
G:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
G:\WINDOWS\system32\svchost.exe
C:\Utopia\Angel\Angel.exe
G:\WINDOWS\system32\notepad.exe
G:\Program Files\Hijackthis\HijackThis.exe
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - G:\Program Files\ICQToolbar\toolbaru.dll
R3 - URLSearchHook: Tencent SearchHook - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - G:\Program Files\TENCENT\Adplus\SSAddr.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - G:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: 搜搜地址栏搜索 - {0C7C23EF-A848-485B-873C-0ED954731014} - G:\Program Files\TENCENT\Adplus\SSAddr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: QQBrowserHelperObject Class - {54EBD53A-9BC1-480B-966A-843A333CA162} - G:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - G:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program files\google\googletoolbar2.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - G:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - G:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - G:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "G:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] G:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] G:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HP Component Manager] "G:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] G:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] G:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CaISSDT] "G:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [CaAvTray] "G:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "G:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [ExFilter] Rundll32.exe G:\WINDOWS\system32\hookdll.dll,ExecFilter solo
O4 - HKLM\..\Run: [IMSCMig] G:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [stup.exe] G:\PROGRA~1\TENCENT\Adplus\stup.exe
O4 - HKLM\..\Run: [!ewido] "G:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "g:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "G:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DrvMon.exe] G:\WINDOWS\system32\DrvMon.exe
O4 - HKCU\..\Run: [LimeWire Acceleration Patch] G:\Documents and Settings\All Users\「开始」菜单\程序\LimeWire Acceleration Patch\LimeWire Acceleration Patch.lnk
O4 - Startup: BitTorrent.lnk = G:\Program Files\BitTorrent\bittorrent.exe
O4 - Startup: 腾讯QQ.lnk = G:\Program Files\Tencent\QQ\QQ.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = G:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = G:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone 快速启动 .lnk = G:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://G:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Google 搜索(&G) - res://G:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: 上传到QQ网络硬盘 - G:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用网际快车下载 - G:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - G:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 反向链接 - res://G:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://G:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - G:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - G:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - G:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: 类似网页 - res://G:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: 缓存的网页快照 - res://G:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: 翻译英文字词(&T) - res://G:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - G:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - G:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - G:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - G:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [TBH] 搜搜地址栏搜索
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.1.87.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140216243015
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A91DEB0D-AD0D-453E-9AC8-60178EC24212} (VPlayer Control) - http://www.bigad.com.au/player/vivid_ocx.jpeg
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - G:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - G:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: CAISafe - Computer Associates International, Inc. - G:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - G:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Pml Driver HPZ12 - HP - G:\WINDOWS\system32\HPZipm12.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - G:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
cheers,
Leo
LonnyRJones
2006-07-23, 14:58
i didnt get what you meant by "Post a report from this tool if any FILES show" Go ahead and post it.
You dont appear to have uninstalled the TENCENT programs ?
speedst3r
2006-07-24, 09:00
hi,
here is my new HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 18:43:56, on 2006-7-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
G:\Program Files\ewido anti-spyware 4.0\guard.exe
G:\WINDOWS\system32\svchost.exe
G:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
G:\WINDOWS\Explorer.EXE
G:\Program Files\HP\hpcoretech\hpcmpmgr.exe
G:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
G:\Program Files\HP\HP Software Update\HPWuSchd2.exe
G:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
G:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe
G:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe
G:\Program Files\ewido anti-spyware 4.0\ewido.exe
G:\WINDOWS\system32\ctfmon.exe
G:\program files\steam\steam.exe
G:\Program Files\MSN Messenger\MsnMsgr.Exe
G:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
G:\Program Files\BitTorrent\bittorrent.exe
G:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
G:\WINDOWS\system32\svchost.exe
G:\Program Files\Mozilla Firefox\firefox.exe
C:\Utopia\Angel\Angel.exe
G:\DOCUME~1\Leo\LOCALS~1\Temp\A~NSISu_.exe
G:\Program Files\Hijackthis\HijackThis.exe
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - G:\Program Files\ICQToolbar\toolbaru.dll
R3 - URLSearchHook: Tencent SearchHook - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - G:\Program Files\TENCENT\Adplus\SSAddr1.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - G:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: 搜搜地址栏搜索 - {0C7C23EF-A848-485B-873C-0ED954731014} - G:\Program Files\TENCENT\Adplus\SSAddr1.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - G:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program files\google\googletoolbar2.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - G:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - G:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - G:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "G:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] G:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] G:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HP Component Manager] "G:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] G:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] G:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CaISSDT] "G:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [CaAvTray] "G:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "G:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [ExFilter] Rundll32.exe G:\WINDOWS\system32\hookdll.dll,ExecFilter solo
O4 - HKLM\..\Run: [IMSCMig] G:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [stup.exe] G:\PROGRA~1\TENCENT\Adplus\stup.exe
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "g:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "G:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DrvMon.exe] G:\WINDOWS\system32\DrvMon.exe
O4 - HKCU\..\Run: [LimeWire Acceleration Patch] G:\Documents and Settings\All Users\「开始」菜单\程序\LimeWire Acceleration Patch\LimeWire Acceleration Patch.lnk
O4 - Startup: BitTorrent.lnk = G:\Program Files\BitTorrent\bittorrent.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = G:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = G:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone 快速启动 .lnk = G:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://G:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Google 搜索(&G) - res://G:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: 上传到QQ网络硬盘 - G:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用网际快车下载 - G:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - G:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 反向链接 - res://G:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://G:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - G:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - G:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - G:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: 类似网页 - res://G:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: 缓存的网页快照 - res://G:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: 翻译英文字词(&T) - res://G:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - G:\Program Files\Tencent\QQ\QQ.EXE (file missing)
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - G:\Program Files\Tencent\QQ\QQ.EXE (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [TBH] 搜搜地址栏搜索
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.1.87.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140216243015
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A91DEB0D-AD0D-453E-9AC8-60178EC24212} (VPlayer Control) - http://www.bigad.com.au/player/vivid_ocx.jpeg
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - G:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - G:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: CAISafe - Computer Associates International, Inc. - G:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - G:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Pml Driver HPZ12 - HP - G:\WINDOWS\system32\HPZipm12.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - G:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
heres the F-Secure Blacklight log:
07/24/06 18:55:02 [Info]: BlackLight Engine 1.0.42 initialized
07/24/06 18:55:02 [Info]: OS: 5.1 build 2600 (Service Pack 2)
07/24/06 18:55:05 [Note]: 7019 4
07/24/06 18:55:05 [Note]: 7005 0
07/24/06 18:55:09 [Note]: 7006 0
07/24/06 18:55:09 [Note]: 7011 1904
07/24/06 18:55:10 [Note]: 7026 0
07/24/06 18:55:10 [Note]: 7026 0
07/24/06 18:55:28 [Note]: FSRAW library version 1.7.1019
07/24/06 18:59:33 [Note]: 7007 0
cheers,
Leo
LonnyRJones
2006-07-24, 09:40
Looks ok
Are there any current problems ?
speedst3r
2006-07-27, 06:52
everything seems fine now!
thanks so much for the help! i really couldn't have done it without u guys!
cheers,
Leo
LonnyRJones
2006-07-27, 08:49
Think Prevention:
Put in place a good hosts file
http://www.mvps.org/winhelp2002/hosts.htm
How To Download and Extract the HOSTS file:
http://www.mvps.org/winhelp2002/hosts2.htm
Repeat that proccess about once or twice a month
To help avoid reinfection see "So how did I get infected in the first place?"
http://forums.spybot.info/showthread.php?t=279
As the problem appears to be resolved this topic has been archived.
If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread.
Applies only to the original topic starter.